Microsoft is Disabling Basic Authentication and Requiring Use of Modern Authentication under OAuth 2.0 starting October 1, 2022*
Why is basic authentication being disabled?
Microsoft announced that Basic Authentication under OAuth 1.0 will be turned off for all protocols in all tenants starting October 1st, 2022 to protect millions of Exchange Online users. Basic Authentication under OAuth 1.0 is inherently highly insecure and thus needs to be deprecated.
Basic Authentication (also known as proxy authentication) is an HTTP-based authentication scheme through which apps send credentials with every connection request made to servers, endpoints, or online services, with the username/password pairs often stored locally on the device. While it dramatically simplifies the authentication process, basic auth also makes it easier for attackers to steal the credentials when the connections are not secured using the Transport Layer Security (TLS) cryptographic protocol.
Modern Authentication (Active Directory Authentication Library (ADAL) and OAuth 2.0 token-based authentication) allows apps to use OAuth access tokens with a limited lifetime and can’t be re-used to authenticate on other resources besides those that they were issued for.
What does this mean and how does this impact me?
Please see the following resource link from Microsoft to determine if any actions are needed for your Microsoft 365 Tenant account: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
If you are an i-Tech Managed Services (TTS) customer, we are on top of these changes, but please reach out if you have any questions.
* On September 1, 2022, Microsoft announced there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off early in January 2023, with no possibility of further use.
