Home » Technology » Microsoft » Microsoft To End Basic Auth In Exchange Online From October 2022

Microsoft To End Basic Auth In Exchange Online From October 2022

Microsoft Exchange Server

Microsoft will turn off basic authentication in Exchange Online in October 2022 to provide users with improved security. Experts also believe that it is a direct consequence of a recently revealed security issue.

The online magazine Bleeping Computer now reports on the end of basic authentication (Basic Auth). Microsoft has been torturing itself for months with the back and forth – sometimes the impending deactivation was announced, and sometimes the postponement for the change. Now it is currently again saying that the group wants to implement the change in October next year.

In the last announcement, the group had divided the deactivation into different steps. It said:

“Microsoft has postponed disabling basic authentication for protocols that are actively used by tenants until further notice, but will continue to disable basic authentication for protocols that are not used. The overall scope of this change now includes EWS, EAS, POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP, AUTH and OAB. “

An end date is now set. Basic Authentication will be switched off from October 1, 2022 to protect millions of Exchange Online users: “Today we announce that we will start permanently deactivating basic authentication in all tenants, effective October 1, 2022 of usage (with the exception of SMTP authentication, which can still be reactivated afterwards), “explained the Exchange Online team. “To be clear: This change only affects Exchange Online, we are not changing anything on the Exchange Server products on site.”

Why is Basic Authentication disabled?

The first deactivations have already been made for Exchange users who have not used them. Microsoft didn’t provide the exact reason for this announcement, but experts think it had to do with a report that uncovered hundreds of thousands of Windows domain credentials in the clear through misconfigured email clients that use Basic Auth use, leaked. Microsoft has also been relying on more secure systems for a long time, such as two-way authentication with tokens that can only be used once.