Home » Technology » Microsoft » Microsoft Deprecates Exchange Online Authentication Exception

Microsoft Deprecates Exchange Online Authentication Exception

Microsoft Exchange

Microsoft already announced in 2021 that it would deactivate the so-called Exchange Online basic authentication. The background is security concerns. Now follows the second measure for secure standard authentication in Exchange Online.

Microsoft will finally disable protocol exceptions or protocols that have been activated again at the turn of the year. Years ago, Microsoft began informing companies about the risk of simple basic authentication. Attempts were made to steer users toward using modern authentication such as OAuth 2.0 token-based authorizations.

Therefore, in 2020, OAuth 2.0 support for POP, IMAP, and SMTP AUTH was released. In 2021, Microsoft then explained that the security-related threats at the time made it necessary to take further steps to improve data security in Exchange Online. There were long transition periods for these plans and most recently the option for companies to choose simple standard authentication. At the turn of the year, these exceptions will no longer apply.

In the Microsoft 365 documentation, the group now wrote:

Notice of upcoming changes

On September 1st, 2022, we announced that there would be one final opportunity to postpone this change. Tenants could re-enable a log once between October 1, 2022, and December 31, 2022. Protocol exceptions or re-enabled protocols will be disabled in early January 2023 without further use. For the full announcement, see Basic Authentication Retirement in Exchange Online – September 2022 Update. In Office 365, operated by 21Vianet, we will begin disabling Basic Authentication on March 31, 2023. All other cloud environments are subject to the October 1, 2022 date.