Hi @John Morris ,
According to the official documentation below, by default, all Microsoft 365 plans can at least use "Security Defaults" to enable MFA for Microsoft 365 and Office 365.
Multifactor authentication for Microsoft 365
Security defaults needs to be enabled from the Properties pane for Azure Active Directory (Azure AD) in the Azure portal, so this indeed involves Azure, but as long as you have a paid subscription to Microsoft 365, you also have a free Azure AD subscription which can use security defaults, thus this won't lead to additional purchase. More details about setting up multifactor authentication in an organization can be found in: Set up multifactor authentication.
a) How can we tell if we are still using Exchange "Basic Authentication" for desktop Outlook clients?
This can be told by checking the “Authn” column of the Outlook Connection Status :
- Hold down CTRL and right-click the Outlook icon in your system tray.
- Choose "Connection Status", check the “Authn” column.
- If it shows “Bearer*”, it means Modern Authentication is being used. (When using Basic Auth, the Outlook Connection Status “Authn” column shows “Clear*”)
b) Are our Desktop Outlook Exchange clients at risk of being disconnected if we don't move to "Modern Authentication"?
Yes. Effective October 1, 2022, Basic Auth will begin to be permanently disabled in all tenants, regardless of usage, and if by that time all clients and apps that still use Basic Auth will be affected, and they will be unable to connect.
c) So -- do we even need to do anything, at least from Microsoft's perspective?
Modern authentication is enabled by default in Exchange Online for new Microsoft 365 tenants. To verify this, you can run the command below:
When it comes to the Outlook desktop clients, if you are using Outlook 2016 or newer versions(Outlook 2016, 2019, 2021, 365), modern authentication is enabled by default so no additional configuration is needed. Outlook 2013 will need a registry key change to use Modern Auth.
d) Should this question be reworded in a different way?
Should I have misunderstood anything in my reply earlier or if you have further questions or concerns about this thread, feel free to post back.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.