Update: 18 May 2022. Yes it is still happening, not been pushed by Microsoft as yet.
Well they have finally done it, given us a date. We know it has been pending for a long time and they even made a half-hearted attempt at this before allowing us to carry on. It is now time for Basic Auth to be retired in favor of the more security compliant. Modern Auth is the new default.
There you go, at time of writing we have a whole year to go. Sounds like a long time but it will go by fast. Even unnoticed in fact until we get to that point in time where everybody has the ‘Oh S&*t’ moment and realizes that some of their day to day business activities are just going to stop working.
What will stop working?
Before we go into what will fail then let’s talk about what is going to fail ‘before’ that date. Microsoft also announced that as of 1 November 2021, yes that is 2021, that older Outlook clients that don’t support Modern Auth will not be able to connect to Exchange Online. If you are using anything older than Outlook 2013 SP1 then you need to upgrade it before that date. There are no special extensions on this, it will simply not connect. Here is the Microsoft article detailing this
Lets have a peek at the Microsoft announcement regarding Basic Auth.
“Disabling Basic Authentication and requiring Modern Authentication with MFA is one of the best things you can do to improve the security of data in your tenant, and that has to be a good thing,” Microsoft said over two years ago when they first announced that Modern Auth will be enforced across Exchange Online tenants.
“The last thing to make clear – this change only affects Exchange Online, we are not changing anything in the Exchange Server on-premises products.”
Some key items to mention here are the Remote PowerShell and Exchange Web Services. Third party tools and scripts use these to perform all manner of tasks in the environment.
A new module is required to use Modern Auth to connect to Microsoft 365 and Exchange Online. I document this here in an article from a while ago.
Basic Auth turned off by default
All Microsoft 365 tenants have Basic Auth protocols disabled by default. They have ‘Security Defaults’ automatically applied. If you want to go in and change this setting so that you can use Basic Auth for any connections, then this article will explain how to enable them. The article is primarily about MFA but a few paragraphs in you will find the Security Defaults section.
Enable/Disable Modern Auth in a Microsoft 365 Tenant
Here we take a look at where the settings are for enabling and disabling the use of Basic Auth in a Microsoft 365 tenant.
Firstly you login with your normal Admin credentials and get to the Microsoft 365 Admin Center. Select ‘Org Settings’ and then “Modern Authentication’ as shown below.
The screen below shows the options on the right that you can then turn off/on.
Up until 1 October 2022 you will have the opportunity to play with these settings, even disable them altogether to confirm that your users/business will not be affected after the Basic Auth shutdown.
Remember that after you change those settings, it can take a couple of hours for them to take full effect on the environment.
What about SMTP AUTH?
Yes, good question. There are plenty of devices out there, like printers and third party services that use SMTP AUTH to send mail. Using QuickBooks to send mail is a good example of this. The SMTP AUTH will NOT be disabled on 1 October 2022. It will go away but no date has been given for this. These third party vendors are working to allow the use of Modern Auth in their connections to continue the business process.
SMTP AUTH is not automatically enabled on all mailboxes anymore. You need to go in to the settings for that mailboxes and specifically enable that. Here is where the setting is. Firstly navigate to the ‘Manage Email Apps’ section as shown below.
Then you an check/uncheck the Authenticated SMTP option as shown below.
Save those changes, but like the other settings they can take a short while to take effect. Go have a cup of tea then test it out. Then it saves you the frustration of thinking it isn’t working and you get to have a cup of tea as well. Win win basically!
Have a look on my YouTube channel and Instagram with these links for more articles, videos and cloud related items.