Microsoft is deprecating Basic authentication
Basic authentication is an outdated industry standard that’ll be deprecated starting January 2023. Its use makes it easier for attackers to capture user credentials, which increases the risk of those stolen credentials being used to fraudulently gain access to other endpoints or services.
The ability to use Basic authentication in Exchange Online is being removed from the following protocols:
- Exchange Active Sync (EAS)
- Remote PowerShell
- Exchange Web Services (EWS)
- Offline Address Book (OAB)
- Outlook for Windows and Mac
What do I need to do?
You can always use Outlook on the web to access your email. It won’t be affected by the Basic authentication deprecation.
However, in your email clients, you’ll need to switch to modern authentication, or OAuth2.0. Modern authentication is more secure and supports multi-factor authentication, or MFA, that uses modern methods like one-time text messages and authenticator apps. This might include:
- Outlook: Upgrade to Outlook 2013 or later for Windows or Outlook 2016 or later for Mac. If you’re already using Outlook 2013, you can enable modern authentication by configuring specific registry keys.
- Mobile email clients from Apple, Samsung, etc.: Move to Outlook for iOS or Android or another mobile app that supports modern authentication. If you’re using Apple Mail on an iOS, iPadOS, or macOS device, you can enable modern authentication.
- Third-party clients using POP or IMAP: Move to modern authentication when it’s supported by your client.
- Find out more about the deprecation of Basic authentication from Microsoft.