Did you know Basic Authentication Retirement in Exchange Online will happen on October 13, 2020? Read on to learn how that may affect your organization and what you can do today!
Beginning October 13, 2020, Microsoft will retire Basic Authentication for Exchange Web Services (EWS), Exchange ActiveSync (EAS), IMAP, POP, and RPS to access Exchange Online. This retirement of Basic Authentication increases security against attacks and phishing schemes. Organizations should check today to see if they will be impacted – it is more than just old versions of Outlook! This may impact:
This change may affect your users or apps. Administrators and users must act proactively to avoid service disruptions. If no action is taken, any client application using Basic Authentication for EWS may be unable to connect as of October 13, 2020. If you currently use Remote PowerShell (RPS) to access Exchange Online, you should consider switching to PowerShell within Azure Cloud Shell.
If your organization has written any code or has a 3rd party app developer, be sure to reach out to them and update it to support this OAuth 2.0 authentication. Some applications have been connecting to Exchange for a very long time! Those processes may need to update the old app that was written years ago. Often, organizations have many items sending emails in their environment, and it is crucial to go through and inventory/catalog to discover what methods you are using. Even your voicemail may be using email. The change that Microsoft brings makes your environment more secure, but for some organizations, this transition can be a real pain. Organizations also need to inventory applications that connect to Exchange.
We recommend organizations start updating any client applications that your users are utilizing to versions that support OAuth 2.0 today! Even though many mobile devices are using a variety of email applications that support Modern Authentication – we recommend switching to the Outlook app. Outlook provides the best-integrated experience for Microsoft 365 users for both desktop and mobile devices. The Outlook mobile application is available for iOS and Android.
Furthermore, this change may cause disruptions in many different areas of an organization. We recommend disabling Basic Authentication and requiring Modern Authentication with MFA. This will improve organizational security, help protect data, and it’s the smart thing to do. To learn more read our blog about MFA here!
Microsoft has also announced various changes:
Interlink’s expert technicians can check for you, and we can then make recommendations for remediation. We can either do a legacy connection quick engagement to check for just this change or a larger tenant security health check. Contact us here today!