Deprecation of Basic Authentication (Basic Auth) in Exchange Online

Please go here to search for your product's lifecycle.

Beginning October 1, 2022, Exchange Online Basic Auth will begin to be permanently disabled in all tenants.

Basic Authentication is being disabled for Outlook, Exchange Web Services (EWS), Remote PowerShell (RPS), POP, IMAP, and Exchange ActiveSync (EAS) protocols in Exchange Online to improve customer security. Customers must update end user client applications or line of business apps to Modern Auth before October 2022, to allow them to continue to function properly. Disablement notifications will be provided in the Microsoft 365 Message Center.

Basic Authentication will continue to be disabled for newly created tenants by default and in tenants with no recorded usage.

Customers should identify Basic Authentication usage in their tenant and if necessary upgrade client software, reconfigure apps, update scripts, or reach out to third-party app developers to get updated code or apps.

Check the Message Center

It's recommended that the customers first investigate the impact on their tenant and users. Look out for Message Center posts that will summarize usage reports. Note that only tenants using Basic Auth will receive a report.

Check the Azure Active Directory Sign-in report

Use the Azure AD Sign-In report to view Basic Auth usage. To learn more, see: New tools to block legacy authentication in your organization - Microsoft Tech Community.

Customers with an Azure AD premium license can use the following methods to export and analyze usage logs:

For more information contact the customer account team or Microsoft Support.

Resources