Basic authentication block Exchange Online

GoodResource 381 Reputation points
2022-09-08T16:01:43.53+00:00

Hi,

We are blocking the legacy authentication for Exchange online via azure ad conditional access policy. The accounts we could find who were leveraging legacy authentication after applying the conditional access policy see no impact. Will it take time to implement? If yes how long? We have tried re-creating outlook profile and still see no changes.

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,492 questions
Microsoft Exchange Hybrid Management
Microsoft Exchange Hybrid Management
Microsoft Exchange: Microsoft messaging and collaboration software.Hybrid Management: Organizing, handling, directing or controlling hybrid deployments.
2,076 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Andy David - MVP 147.6K Reputation points MVP
    2022-09-08T16:09:44.433+00:00

    Basic Auth should ( and will) be blocked in Exchange Online:
    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

    Using a conditional access policy works for all accounts even those not in Exchange, so use both

    Not sure I understand how you are verifying its not working however.
    Why are you recreating the Outlook profile? Are you trying to block it ? its an old client?


  2. Andy David - MVP 147.6K Reputation points MVP
    2022-09-09T11:47:46.057+00:00

    You can enable Modern Auth in Outlook 2013:
    https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide

    Ensure you have enabled in Exchange Online as well:

    https://learn.microsoft.com/en-us/microsoft-365/enterprise/modern-auth-for-office-2013-and-2016?view=o365-worldwide

    As to why it wasnt blocked, I couldnt tell you other than check the logs and see if that CA policy was applied to those users.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.