New resources for moving to Modern Authentication
Originally published: March 2, 2020
Updated: April 3, 2020
Please go here to search for your product's lifecycle.
NOTE: The disablement date for Basic Authentication in Exchange Online has been postponed until the second half of 2021. Please go here for the latest.
In September of 2019, Exchange Online announced its deprecation of Basic Authentication, prior to removal on October 13, 2020. Basic Authentication relies on sending usernames and passwords -- often stored on or saved to the device -- with every request, increasing the risk of attackers capturing users' credentials, particularly if not TLS protected.
Users are encouraged to move to Modern Authentication (Modern Auth). To help with this, Microsoft has released new resources and reports:
- Azure AD Sign-In Report: This improved report helps tenant admins identify which users or applications are at risk. The report is part of the Azure Active Directory admin center, called Sign-ins. This report will be available to all customers very so on and provides a 7-day rolling report of client login activity.
- POP, IMAP, and SMTP: Modern Authentication support for POP and IMAP in Exchange Online will be available soon. Go here to learn more.
- Outlook for Windows and Mac: Outlook for Windows and Mac will be impacted by the removal of Basic Authentication. However, newer versions of these products have Modern Authentication enabled by default. Go here to see if your version of Outlook is already using Modern Auth.
Go here to learn more about these updates, or see Message Center posts 191153 and 204828.