![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 14.000000000000002%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
. I check azure ad sign in logs and i dont have any users using basic protocols. Is it something else i have to check and do?
Exchange Online
A Microsoft email and calendaring hosted service.
6,173 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hello @ChristineM
I would like to share my response as below:
What is Basic Auth:
Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. Traditionally, Basic authentication is enabled by default on most servers or services, and is simple to set up. Simplicity isn't at all bad, but Basic authentication makes it easier for attackers to capture user credentials (particularly if the credentials are not protected by TLS), which increases the risk of those stolen credentials being reused against other endpoints or services.
For more information you can review following video link: Identity Architecture: Legacy authentication | Azure Active Directory
What is Modern Auth
Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes:
- Authentication methods: Multifactor authentication (MFA); smart card authentication; client certificate-based authentication
- Authorization methods: Microsoft's implementation of Open Authorization (OAuth)
- Conditional access policies: Mobile Application Management (MAM) and Azure Active Directory (Azure AD) Conditional Access
For more information you can review following video link: The basics of modern authentication - Microsoft identity platform
What are we changing and what do you need to be aware of?
We will be disabling Basic Auth access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. If your user use any of these protocols, they might not be able to login. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change.
We will not be disabling or changing any settings for SMTP AUTH.
If you have removed your dependency on basic auth or if you do not find any basic auth sign-in in your tenant, then this will not affect your tenant or users. If you have not (or are not sure), check the Message Center for the latest data contained in the monthly usage reports we have been sending monthly since October 2021. The data for August 2022 will be sent within the first few days of September.
What you need to do prior to 1st October to make sure there is no impact?
I reviewed the screenshot uploaded and we can confirm that Modern Auth is enabled on your tenant. Enabling Modern Auth means your user would be able to perform MFA when using Office Applications if the client supports the same. This change does not mean that you need to enable Security Defaults. Even if you use Per-User MFA it would be fine and supported.
Microsoft has been posting content on deprecation of Basic Auth since 2018. I would like to share following few blogs posts by Exchange team which would give you better insights and understanding about the change:
- Jul 2018: https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055
- April 2019: https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892
- Feb 2020: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-auth-and-exchange-online-february-2020-update/ba-p/1191282
- April 2020: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
- July 2020: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163
- Sept 2022: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
I hope this helps and answers your query.
----------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
