Exchange Basic Authentication Deprecation - Get Ready for Modern Authentication

Опубликовано: 04 Ноябрь 2024
на канале: WiFiGurukul

482

Exchange Basic Authentication Deprecation - Get Ready for Modern Authentication

Microsoft’s end goal is turning off Basic Auth for all customers.

Microsoft announced that effective October 1, 2022, they will begin disabling Basic authentication in all tenants for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online.

Microsoft is removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.

Microsoft is also disabling SMTP AUTH in all tenants in which it is not being used. SMTP AUTH supports Modern authentication (Modern Auth).

LEGACY AUTHENTICATION – THE RISK

Legacy Authentication, or Basic Authentication, is where an application (or user) sends just a username and password pair to the server or service to which it (the client) is attempting to connect. Setting up an authentication request is very simple, and if the transmission on the wire is not encrypted through TLS or similar, then it is as simple for attackers to capture user credentials.

"On September 1, 2022, we announced there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off early in January 2023, with no possibility of further use."

Subscribe to Our Official YouTube Channel : / @wifigurukul