Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

Written by Brad

Categories: Exchange Online

May 23, 2022

Blog Home

(Updated) Basic Authentication Deprecation in Exchange Online – May 2022 Update

Exchange Online, SharePoint Development Services

From Microsoft Corporation

Technical Bulletin MC375736 · Published May 4, 2022 · Last updated May 10, 2022

ACTION REQUIRED by Oct 1, 2022

Message Summary

Updated May 10, 2022: We have updated this post to show as intended. Thank you for your patience.

In about 150 days from today, we’re going to start to turn off Basic Auth for specific protocols in Exchange Online for those customers still using it.

Timeline and Scope

As we communicated last year in blog posts and MC286990, we will start to turn off Basic Authentication in our worldwide multi-tenant service on October 1, 2022. To clarify, we will start on October 1; this is not the date we turn it off for everyone. We will randomly select tenants, send 7-day warning Message Center posts (and post Service Health Dashboard notices), then we will turn off Basic Auth in the tenant. We expect to complete this by the end of this year. You should therefore be ready by October 1.

We’re turning off Basic Auth for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) and Remote PowerShell.

We are not turning off SMTP AUTH. We have turned off SMTP AUTH for millions of tenants not using it, but if SMTP AUTH is enabled in your tenant, it’s because we see usage and so we won’t touch it. We do recommend you disable it at the tenant level and re-enable it only for those user accounts that still need it.

Exceptions and Per-Tenant Timing

There is no way to request an exception after October. Tenant selection is random, and we cannot put your tenant to the back of the queue to give you more time or change your settings on any specific date. If you want Basic Auth to be disabled at a time of your choosing (either now, or as soon as you are ready), use Authentication Policies.

What should I do to prepare for this change?

Any client (user app, script, integration, etc.) using Basic Auth for one of the affected protocols will be unable to connect. The app will receive an HTTP 401 error: bad username or password.

Any app using Modern Auth for these same protocols will be unaffected.

To read more on what can be done to switch apps from Basic to Modern auth please view our main documentation page and our latest blog. Additional information

Blog

TECHNICAL BULLETIN END

QuixTec provides this and other technical bulletins unaltered from Microsoft. As an authorized Microsoft Partner, we ensure that all our solutions we deliver to you include the latest Microsoft updates.

ABOUT US: QuixTec, LLC is a U.S. certified Veteran Owned, modern DevOps organization with experience in a plethora of IT Software Languages.  As a Microsoft Partner, we specialize in Microsoft SharePoint, Microsoft365 & HTML5 technologies for small to enterprise-sized organizations. The founder, Richard, has 30 years of experience working with several notable companies that include World Vision, Expedia, Microsoft, Levi Strauss, NASA, Boeing Aerospace, Los Alamos National Laboratory, and the U.S. Air Force, to name a few.  QuixTec is in the Seattle area. Phone today for a free consultation and project estimate.

(425) 367-9025

LEARN MORE

SharePoint Development ServicesSharePoint DevelopmentCustom Software DevelopmentMicrosoft 365 ExpertsMicrosoft 365IT Staffing ServicesIT StaffingWordPress Development ServicesSEO ServicesForm Email ValidationMicrosoft LicensingMautic Open Source Marketing

You May Also Like…

(Updated) Bookings with me in Outlook

(Updated) Bookings with me in Outlook

Exchange Online, Bookings, Microsoft 365 Experts From Microsoft CorporationTechnical Bulletin MC375740 · Published May 4, 2022 · Last updated May 24, 2022 Message Summary Updated May 24, 2022: We have updated the post for clarity. Thank...