• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, Network Security, News

Prepare: Microsoft Begins Disabling Basic Auth in Exchange Online Oct. 1

Microsoft and CISA are releasing more details and guides to help organizations move from legacy authentication methods in Exchange Online.

June 30, 2022 Zachary Comeau Leave a Comment

MIcrosoft Entra External ID
stock.adobe.com/Peter

Microsoft and U.S. cybersecurity officials renewing calls for organizations to switch from Basic Authentication (Basic Auth) in Microsoft Exchange Online to Modern Authentication before the company begins to disable Basic Auth in October.

Microsoft on Oct. 1 will begin turning off the ability to use Basic Auth in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.

In addition, Microsoft is disabling SMTP AUTH in all tenants in which it’s not being used.

According to Microsoft, this requires customers to move from apps that use basic authentication to apps that use modern authentication, including OAuth 2.0 token-based authorization. Modern authentication also allows admins to enable and enforce multifactor authentication more easily.

In an advisory, the U.S. Cybersecurity and Infrastructure Security Agency warns that Basic Auth is a legacy authentication method, and does not support multifactor authentication, which has been proven to be effective at preventing identity-based attacks, such as phishing.

The agency requires federal agencies to determine their use of Basic Auth and migrate users and apps to Modern Auth, and then block Basic Auth. CISA has published a guide that will help organizations identify where Basic Auth is being used and help migrate to Modern Auth.

Citing Microsoft, the agency says more than 99% of password spray attacks use legacy authentication protocols, and more than 97% of credential stuffing attacks use legacy authentication.

In addition, password attacks are running rampant, with 921 such attacks every second.

When legacy authentication is disabled, Azure AD accounts experience 67% fewer compromises, per the agency’s guide.

According to Microsoft, Basic Auth is still one of the most common ways customers get compromised, with attacks against those organizations still using the legacy method increasing.

“We’ve disabled Basic Auth in millions of tenants that weren’t using it, and we’re currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Auth enabled, you are at risk from attack,” the company said in a May blog post.

In documentation, Microsoft calls basic authentication an “outdated industry standard” that is a common attack vector for hackers.

The company will begin turning off Basic Auth in its worldwide multi-tenant service on Oct. 1, and will randomly select tenants, send seven-day warning messages and then turn off Basic Auth in the tenant. That process should be completed by the end of the year.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Authentication, MFA, Microsoft, Multi-Factor Authentication

Related Content:

  • LG CreateBoard Core Education LG Debuts CreateBoard Core for Schools with Custom…
  • Yealink MeetingBoard Pro Yealink Launches MeetingBoard Pro to Elevate Meeting Equity…
  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions

Free downloadable guide you may like:

  • Download TechDecisions' Blueprint Series report on Security Awareness now!Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

    Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared to defend against them in this report from TechDecisions' Blueprint Series.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.