• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
Compliance, Network Security, News

Prepare: Microsoft Begins Disabling Basic Auth in Exchange Online Oct. 1

Microsoft and CISA are releasing more details and guides to help organizations move from legacy authentication methods in Exchange Online.

June 30, 2022 Zachary Comeau Leave a Comment

Microsoft August 2022 Patch Tuesday
stock.adobe.com/Peter

Microsoft and U.S. cybersecurity officials renewing calls for organizations to switch from Basic Authentication (Basic Auth) in Microsoft Exchange Online to Modern Authentication before the company begins to disable Basic Auth in October.

Microsoft on Oct. 1 will begin turning off the ability to use Basic Auth in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.

In addition, Microsoft is disabling SMTP AUTH in all tenants in which it’s not being used.

According to Microsoft, this requires customers to move from apps that use basic authentication to apps that use modern authentication, including OAuth 2.0 token-based authorization. Modern authentication also allows admins to enable and enforce multifactor authentication more easily.

In an advisory, the U.S. Cybersecurity and Infrastructure Security Agency warns that Basic Auth is a legacy authentication method, and does not support multifactor authentication, which has been proven to be effective at preventing identity-based attacks, such as phishing.

The agency requires federal agencies to determine their use of Basic Auth and migrate users and apps to Modern Auth, and then block Basic Auth. CISA has published a guide that will help organizations identify where Basic Auth is being used and help migrate to Modern Auth.

Citing Microsoft, the agency says more than 99% of password spray attacks use legacy authentication protocols, and more than 97% of credential stuffing attacks use legacy authentication.

In addition, password attacks are running rampant, with 921 such attacks every second.

When legacy authentication is disabled, Azure AD accounts experience 67% fewer compromises, per the agency’s guide.

According to Microsoft, Basic Auth is still one of the most common ways customers get compromised, with attacks against those organizations still using the legacy method increasing.

“We’ve disabled Basic Auth in millions of tenants that weren’t using it, and we’re currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Auth enabled, you are at risk from attack,” the company said in a May blog post.

In documentation, Microsoft calls basic authentication an “outdated industry standard” that is a common attack vector for hackers.

The company will begin turning off Basic Auth in its worldwide multi-tenant service on Oct. 1, and will randomly select tenants, send seven-day warning messages and then turn off Basic Auth in the tenant. That process should be completed by the end of the year.

Tagged With: Authentication, MFA, Microsoft, Multi-Factor Authentication

Related Content:

  • Avocor W Series 8 All-in-One Videoconferencing Displays That Make Meetings Easier
  • DTEN ONboard DTEN Launches ONboard for Zoom Whiteboard
  • GoTo Connect, GoTo Resolve GoTo Brings IT Helpdesk Support to GoTo Connect
  • Zoom macOS Update Zoom on macOS Devices Now

Free downloadable guide you may like:

  • Shadow ITBlueprint Series: How to Reduce Shadow IT

    The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Research finds that this distributed work environment is leading to IT management blind spots and shadow IT.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Shadow IT
Blueprint Series: How to Reduce Shadow IT

The distributed work model gives employees the flexibility they demand, but it can lead to shadow IT and introduce unnecessary security risk. Resea...

Hybrid Work webinar
Featured Webcast: Collaboration 2.0 — Where Are We Now?

In this webinar, subject matter experts discuss the transformation of the workplace, the rise of hybrid workers, the importance of open connectivit...

guide to end user training cover
Pro Tips for Conducting End User Training

Effective trainings are the glue that can make the difference following a new technology implementation that your team has spent so much time, effo...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.