The ROPC grant is not affected by the deprecation of Basic Auth from Exchange Online. Only direct connections to Exchange with basic creds are affected. ROPC might not be recommended, but there are still more safeguards (app registration, consent, scope etc) with it, than there are with traditional username/password.
Basic Authentication Deprecation in Microsoft Graph API?
As per Microsoft, Basic Authentication will be deprecated in Exchange Online effective October 1, 2022. This ability will be removed from Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.
I know it is not listed, but I want to double check if anybody knows for certain if the ability to authenticate with username/password to a Microsoft O365 application via the Microsoft Graph API will be removed. It is worth noting that this application will have access to Exchange mailboxes, which is where the confusion comes in if Microsoft's deprecation statement about Exchange Online will affect this flow or not.
There is a note that talks about disabling Basic Authentication in cloud environments that may include this ask, but it is not clear to me. The note in Microsoft's notice is as follows:
In Office 365 Operated by 21Vianet, we will begin disabling Basic authentiction on March 31, 2023. All other cloud environments are subject to the October 1, 2022 date.
-
grtaylor@microsoft.com 86 Reputation points Microsoft Employee
2022-05-06T23:07:58.69+00:00
1 additional answer
Sort by: Most helpful
-
Vasil Michev 105.1K Reputation points MVP
2022-05-06T17:05:50.097+00:00 Do you mean using the ROPC flow?