This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 63%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
I had originally posted this to the Office 365 community but it was suggested I post it here.
Pretty lightweight environment here. Basically just use Office 365 Standard licenses for apps and exchange online. Not really using Azure services for anything and I don't have a lot of interconnected systems. So the basic auth shutdown wasn't really at the forefront of my mind. Everything fits the requirements: All clients are 2016 or newer, all mobile devices are new iPhones or new Pixel phones.
I ran sign in logs from the Azure portal and if I'm interpreting them correctly, everything is still using basic auth. Specifically exchange activesync (phones using native client I bet) and Exchange Web Services (Outlook clients? Useragent is showing up as web browsers for these, so perhaps OWA, but why would that still use basic auth?)
When I switch the sign in log to show only Modern authentications (mobile and desktop clients) there are no results.
Researched this some. iPhones should be able to switch to Modern Auth automatically. I don't have any Outlook clients older than 2016 which should all be using Modern Auth on by default. Checked some user machines' Outlook Connect Status windows. The Authn column reads "Bearer" which is the sign you're on Modern Auth... so why is everything in the sign in logs still showing legacy auth?
Last week I created a report-only conditional access rule in Azure for all users which should block any Basic Auth attempts and checked the results. So far everything comes back as "Not applied". I'm pretty confused.
I'm thinking about signing a few users out in the Office 365 admin portal for a couple people just to see if their fresh login appears in the modern auth log.
@TRF-Azure
I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.
Hello @TRF-Azure ,
Hope you got a chance to review the answer posted by our community expert. Please do share your queries in the comment section of the answer, if you have any or please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Thanks,
Akshay Kaushik
Did yo try to delete profile and configure a new one? Deprecation of Basic authentication in Exchange Online
Here are information about Block legacy authentication with Azure AD with Conditional Access.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi Kyle,
I did not find that article. Thank you for the information. I will try it.
Do you have any thoughts on web browsers using basic auth? This comes from a log: I asked these users if they were connecting to OOTW or using office.com and only the Mac user said yes:
Exchange free/busy information need to use EWS. Whether those users access their calendar from OWA?
I asked the user if they were using OWA and they all said no, except for the one Mac user.
I notice that all of them are using “AppleWebKit”. Does this is an add-in used in your organization?