We use cookies to provide the best experience

We use cookies to offer you the best customer experience. With the help of cookies, we can offer you the information you like about our products and services. If you give your consent to the use of cookies, press the "I accept cookies" button. If you want to manage your cookie preferences, click the "Change cookies" button. Your choice of cookies will be stored for 90 days. Learn more about cookies

Please select and confirm the cookie preferences that suit you:

We use cookies on our website to ensure that important operations and certain functionalities work. Without these cookies, the website will not work properly.

We use marketing cookies to deliver personalized advertising to you. Personal ads allow you to take part in many different campaigns. If you do not wish to receive personal advertisements, you can still visit our website, but the advertisements you see may not be relevant to you.

We use analytical cookies because they help collect data about how many customers use the website, what content they browse and other information necessary to improve the functionality of the website. By using statistical cookies that collect anonymous information, we can learn how visitors reach the website and use the website.

Deprecation of Basic Authentication in Exchange Online

Author: Helen Neudorf Time: 03.10.2022

In August, Microsoft announced that, beginning October 1, 2022, they will begin to permanently disable Basic Authentication in all tenants, regardless of usage, except for SMTP Auth. Basic authentication in Exchange Online uses a username and a password for client access requests. Blocking Basic authentication can help protect your Exchange Online organization from brute force or password spray attacks.  

Starting October 1st, Microsoft will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. Microsoft will post a message to the Message Center 7 days prior, and they will post Service Health Dashboard notifications to each tenant on the day of the change. 


Microsoft will not be disabling or changing any settings for SMTP AUTH. As many multifunction devices like printers and scanners can’t use modern authentication, they will remain an exception, unless your organization hasn’t previously used this option consistently or at all.  
If you have removed your dependency on basic auth, this will not affect your tenant or users. If you have not (or are not sure), check the Message Center for the latest data contained in the monthly usage reports Microsoft has been sending monthly since October 2021.  

One-time re-enablement 

On September 1, Microsoft announced an update to their plan to offer customers who are unaware of or are not ready for this change. 
When Basic Authentication will be turned off after October 1, all customers will be able to use the self-service diagnostic to re-enable Basic Authentication for any protocols they need, once per protocol. After this diagnostic is run, Basic Authentication will be re-enabled for those protocols. Selected protocols will stay enabled for Basic Authentication use until end of December 2022. During the first week of calendar year 2023, those protocols will be disabled for Basic Authentication use permanently, and there will be no possibility of using Basic Authentication after that. 
If you need additional information on running the diagnostics, Microsoft have put together a thorough guide here
Source: Microsoft 

Ask for an offer