Planned deactivation of basic authentication in Exchange Online

conzept 16: Aus für Basic Auth in Exchange Online

Introduction

Microsoft plans to discontinue the so-called “basic authentication” for Exchange Online, which is part of the Microsoft 365 and Office 365 product suite.

Basic Authentication

Applications use this type of authentication to connect to servers or services on the Internet. The user name and password are transmitted unencrypted. Especially a connection without encryption represents a security risk. According to Microsoft, the following services and protocols are affected by the deactivation:

  • Exchange ActiveSync (EAS)
  • POP
  • IMAP
  • Remote PowerShell
  • Exchange Web Services (EWS)
  • Offline Address Book (OAB)
  • Outlook for Windows und Mac
  • SMTP AUTH

 

Modern Authentication

Instead of Basic Authentication on Exchange Online, an OAuth 2.0-based procedure is used. Clients need an access token to establish the connection, which is created by an authentication server (at Microsoft). The token has a limited validity period and is specific to the application. The token cannot therefore be reused, which increases security.

POP, IMAP und SMTP AUTH

The POP, IMAP and SMTP protocols are used by email clients and applications to receive (POP and IMAP) and send (SMTP) email messages. In order for this to continue to work in the future, these applications must support the new authentication procedure (Modern Authentication).

Since conzept 16 offers commands for sending e-mails via SMTP on the one hand and alert mails of the database server also run via this protocol on the other hand, vectorsoft is currently working on support for this new procedure.

Date of the planned changeover

Originally, Microsoft announced th e 1st of October 2022 for the transition of its cloud services. In the meantime, however, there is a postponement until the 31st of December of this year. During this period, Microsoft will continue to allow access via basic authentication. The process will then be discontinued completely at the beginning of 2023.

Sources

Deprecation of Basic authentication in Exchange Online

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Leave a Reply

Your email address will not be published. Required fields are marked *

Leave the field below empty!

IHRE EVALUIERUNGSLIZENZ - JETZT ANFORDERN!

TESTEN SIE DIE CONZEPT 16 VOLLVERSION - UNVERBINDLICH und KOSTENFREI

Subscribe to our newsletter

[cleverreach_signup]
WordPress Cookie Notice by Real Cookie Banner