Deprecation of Basic Authentication in M365

By Adam Findlay|21st October 2022

What is basic authentication?

For many years applications have used basic authentication to connect to servers and services. Basic authentication means the application sends a username and password with every request and those credentials are also often stored or saved on the device.

Simplicity isn’t necessarily bad, but basic authentication makes it easier for attackers to capture user credentials, particularly if those credentials aren’t encrypted, increasing the risk of them being used to compromise other services.

In addition, the enforcement of multifactor authentication is sometimes not possible when basic authentication remains enabled.

Basic authentication is now an outdated industry standard and has been replaced by more secure modern authentication, and Microsoft has now taken the decision to disable it completely in M365.

When will it be disabled?

Microsoft has already begun to disable basic authentication for Outlook, POP and IMAP protocols in Exchange Online. They are doing this in stages, so there is no easy way of knowing in advance when it will be disabled in your tenant, however, they envisage by January 1^st 2023, all tenants will have had basic authentication access disabled.

How does this affect me?

Basic authentication is generally used by older email clients and devices so if your device is over 3 years old or you have transferred data to a new device by restoring a backup from an old one you may be affected. If mail stops working on your device and it won’t accept your password, this could be a sign that basic authentication has been disabled on your tenant. Both desktop email clients such as Microsoft Outlook and mobile devices e.g iPhones / iPads etc can be affected.

What action do I need to take?

If your device is using basic authentication, then the mail client or settings it uses are now outdated. In order to rectify this simply removing and re-adding your email account on some devices will cause it to switch to modern authentication.

If you are unable to re-add your email account, the likelihood is your email client is outdated and does not support modern authentication. In the case of windows desktop computers upgrading Outlook to the latest version should resolve this. On mobile devices, ensure they are running the latest operating system and email client. Some devices over 3 years old may not be able to be upgraded to a supported version and would therefore need to be replaced.

Deprecation of Basic Authentication in M365

DCS 40^th Anniversary Easter Competition Terms & Conditions

· As the competition runs up to the 14th of April the prize will be sent out asap, however, the winner will most likely receive the prize after the Easter weekend.

· The Promotors competitions with entry via Twitter and/or LinkedIn are open only to residents of Great Britain (excluding Northern Ireland). One (1) winner will be chosen at random from all entrants and across all platforms.

· No purchase is necessary. Winners will not be required to pay to enter the competition.

· Entrants must be over 18 years old on the date of their entry.

· Employees of The Promoter are not eligible to enter.

· Twitter or LinkedIn are not in any way affiliated or involved in the competition.

· Only one entry per social platform per person will be accepted.

· The Prize will be awarded to a randomly selected winner who has entered on Twitter or LinkedIn, using a random number generator. The Promoter will not be held liable if the named prize becomes unavailable or cannot be fulfilled.

· The Promoter will not be held liable for any failure of receipt of entries. The Promoter takes no responsibility for any entries which are lost, delayed, illegible, corrupted, damaged, incomplete or otherwise invalid.

· To the extent permitted by applicable law, The Promoter’s liability under or in connection with the competition or these terms and conditions shall be limited to the cost price of the Prize in question.

· Prizes are non-negotiable, non-transferable and non-refundable. No cash alternative is available. Where a Prize becomes unavailable for any reason, the promoter reserves the right to substitute that prize for a prize of equal or higher value.

· The name, address, email address and phone number of the winner must be provided to The Promoter if requested and will be shared to enable the fulfilment of the Prize.

· In the event of unforeseen circumstances beyond The Promoter’s reasonable control, the promoter reserves the right to cancel, terminate, modify or suspend the competition or these terms and conditions, either in whole or in part, with or without notice.

· The Promoter’s decision is final. No correspondence will be entered into.

· The winner’s name and social media username may be posted on the social media profiles of The Promotor after the winner has been selected.