Basic Authentication Retirement for legacy protocols in Exchange Online.How This Impacts You?

How This Impacts You

This change might affect some of your users or apps, so we wanted to provide additional information to help you in identifying and deciding upon an action plan.

Remote PowerShell

Firstly, how does this impact your own tenant administration? You probably use Remote PowerShell (RPS) to access Exchange Online, hopefully with the MFA module. If so, you might also consider switching some of your day to day usage to using PowerShell within Azure Cloud Shell. We are also making significant investments in RPS to make the MFA module work better and we’ll be sharing some more information on that in due course.

Finding impacted users

The next action you really need to be thinking about is assessing client impact. The first question you probably have is – so how do I know who’s using Basic Authentication in my tenant? Great question, and soon we’ll make a new tool available to help you easily answer that question for yourself. It’s a tool that provides tenant admins with a simple way to determine who is using Basic Auth so you, the admin, can see how large of a task you have on your hands.

Once you understand what your users use, and know if they are using Basic or Modern Authentication, what can you do about it? Each of the impacted protocols have options. 

POP and IMAP

So let’s talk about POP and IMAP. We know there’s still some usage out there, not much, but some. We’re planning on adding OAuth support to both POP and IMAP in the next few months. If you want to keep using these protocols, you’ll need to update the app to one that supports Modern Auth. Or better yet – get the user to use a more modern client (did you know we’ve added shared mailbox support to the Outlook app for iOS and Android? That’s one reason some people have been using POP and IMAP), or get the application developer to start using OAuth.

Exchange ActiveSync

The client app you might have the most usage with probably uses Exchange ActiveSync. There are many users out there with mobile devices set up with EAS. If they are using Basic Auth (and many of them are), now’s the time to do something about that. What are your choices?

Without doubt, we believe the best mobile device client to use when connecting to Exchange Online is Outlook mobile. Trusted by over 100M users across the world, Outlook mobile fully integrates Microsoft Enterprise Mobility + Security (EMS) enabling conditional access and app protection (MAM) capabilities. Outlook mobile helps you secure your users and your corporate data, and it natively supports Modern Authentication.

There are of course other email apps for mobile devices that support Modern Authentication too, so that’s another option.

For users that don’t want an app, or for users that have a device for which there is no app, they could switch to the browser on their mobile device. Outlook on the Web is used by millions of users every month, it’s feature-rich and we have a version ideal for mobile browsers. You can access it on a mobile device by navigating to https://outlook.office365.com. We’ll know it’s a mobile device you are using so we have a special experience just waiting for you. Go try it.