Microsoft

Microsoft disables Basic Authentication for Exchange Online

Microsoft is now sending notifications to customers that Basic Authentication for Exchange Online will be permanently deactivated on October 1, 2022, to improve security. This was already announced in 2019. Still, Microsoft must now send “final alerts” to customers who have not yet responded and have voluntarily switched to another authentication method.

According to the report of the bleeping computer, Microsoft had diligently issued several reminders and warnings over the past three years. Most recently in May 2022 and September 2021, the company asked its customers to disable Basic Authentication. The group then noticed that many of the customers had not yet migrated their clients and apps to modern authentication.

According to its own statements, Microsoft has already deactivated basic authentication for millions of tenants who no longer use it. However, in the next step, the group is now working on disabling Basic Auth for those still using basic authentication. “Since our first announcement nearly three years ago, we’ve seen millions of users move away from Basic Authentication, and we’ve disabled it on millions of tenants to proactively protect them.

We’re not done yet, and unfortunately “not zero yet.” However, we will begin disabling basic multi-protocol authentication for tenants that were not previously disabled,” the Exchange team now wrote. “From October 1, we will begin randomly selecting tenants and enabling basic authentication for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell.” Those affected will then find a corresponding notification in the Windows Message Center seven days before the start of the rollout.

Why is Basic Authentication turned off?

Basic authentication (also known as legacy authentication or proxy authentication) is an HTTP-based authentication method that applications use to send clear-text credentials to servers, endpoints, or various online services.

This makes data theft, for example via a man-in-the-middle attack, relatively easy to carry out. Microsoft has long relied on more secure systems than Basic Auth, such as two-way authentication with tokens that can only be used once.

Share
Published by
RS News

Recent Posts

Crash in the smartphone market: lowest sales figures in 13 years

The global smartphone market is experiencing a severe downturn, recording its worst quarter in 13…

14 hours ago

Pixel 11: Mega leak shows images and data from the new Google smartphones

Amazon made a big mistake and revealed the entire lineup of the Google Pixel 11…

14 hours ago

Top 10 Payment Card Tools for Everyday Digital Finance

A payment card is easiest to understand when users see how it fits into real…

19 hours ago

OnePlus is ‘dead’: Oppo wants to soon announce its withdrawal from the EU & USA

OnePlus will soon be history. At least in Europe and the USA. What has been…

20 hours ago

Switch 2 OLED: Nintendo is apparently planning a display upgrade after all

Nintendo is reportedly still internally planning an OLED version of the Switch 2 for the…

20 hours ago

Maps: Google launches major visual update with immersive navigation

Google appears to be starting to distribute the new immersive navigation for Google Maps. The…

20 hours ago