for Microsoft 365
On April 6, 2020, Microsoft has announced that the Depreciation of Exchange Online Basic Authentication will be delayed until the second half of 2021 from October 13, 2020. (MC208814)
Microsoft will begin the deprecation of "Exchange Online deprecating Basic Authentication" from the second half of 2021. And this information has been published in the following articles.
Exchange Online deprecating Basic Authentication (Published September 20, 2019)
Improving Security - Together (Published September 20, 2019)
Basic Auth and Exchange Online – February 2020 Update
Following the article "Exchange Online deprecating Basic Authentication", the access of the Exchange Online service with the following conditions or software will be disabled.
[Deprecated Access Method, Application, Service]
・Application and Service that uses Exchange Web Service Basic Authentication
・Application and Service that uses Exchange Active Sync Basic Authentication
・Email Client that uses POP/IMAP via Basic Authentication
・Power Shell Tools that use Basic Authentication
・Windows Outlook Client that uses Basic Authentication
The Exchange Online will block any access via the Basic Authentication protocol, which is one of an older method way of how HENNGE One access the Exchange Online. If Basic Authentication is being blocked, HENNGE One will not be able to process authentication information using the older protocol.
As a result, HENNGE One will not be able to support the Basic Authentication protocol connection to Exchange Online.
Microsoft has recommended customers that currently use the Basic Authentication to migrate to the OAuth 2.0 Modern Authentication before the second half of 2021.
There may be some effects and changes needed to be made on the HENNGE One Access Policy side accompanying this the Authentication migration of Services and Applications.
We have organized the generalized scenario for average HENNGE One Access Control customers. Unless you are using specific advanced features of HENNGE One, please refer to the following table for information.
Moreover, if you are using the Global IP Access Restriction feature of the HENNGE One Access Control service, the following table will be relevant information to you.
|
Targeted Service |
Comments |
Migration Method |
The Impact on HENNGE Access Control |
|
Exchange Web Service |
Calendar Service that connects using EWS Address Book that connects using EWS |
Please confirm with the Microsoft 365 Vendor company about the deprecation of Basic Authentication. |
Will need to add the IP Address restriction to the Access Policy. |
|
Exchange Active Sync |
iPhone Default/Native Email App before iOS 11.3.1, selecting [Setup Manually] |
Recommended to Migrate to newer iOS; or Migrated to iOS Outlook App |
Since the Authentication Protocol has been changed, IP restriction is recommended. HENNGE Device Certificate is recommended for external usage. |
|
Android Default/Native Email App |
Recommended to Migrate to Android Outlook App |
||
|
iPhone Default/Native Email App after iOS 11.3.1, selecting [Signin] |
No Migration Needed |
No Impacts |
|
|
iOS/Android Outlook App |
|||
|
POP/IMAP |
Mail Clients that use POP/IMAP protocols |
Migrate to Outlook on the Web or Outlook 2016 that supports OAuth 2.0 from older Mail Clients |
Will need to add the IP Address restriction to the Access Policy. POP/IMAP cannot use other Access Restriction than IP Address, so migration should be no problem. If there are unforeseeable conditions, HENNGE Device Certificate is recommended for external usage. |
|
Remote PowerShell |
PowerShell authentication with Basic Authentication |
Exchange Online PowerShell Module to connect to Exchange Online |
If utilized only within the Company office network, there are no impacts. |
|
Outlook (Windows) |
Outlook 2010 |
Change to Outlook on the Web (OWA) or Outlook 2016 or later |
Will need to add the IP Address restriction to the Access Policy. HENNGE Device Certificate is recommended for external usage. |
|
Outlook 2013 |
Change to Outlook on the Web (OWA) or Outlook 2016 or later; Change the registry: https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide |
||
|
Outlook 2016, 2019 |
No Migration Needed |
If the Policies have already been revised for Modern Authentication, there is no need to make any changes. |
If the user wishes to continue to use the Outlook Client on Windows after the Basic Authentication has been deprecated, the Modern Authentication on Microsoft 365 tenant needs to be activated.
The article below describes how to check Modern Authentication from the Microsoft 365 server.
Checking Exchange Online Modern Authentication Status
If your company decided to activate the Modern Authentication, please announce to the users before the changes are made because the login screen will be changed.
If you have questions regarding the Modern Authentication, please contact Microsoft Support because Modern Authentication is a product of Microsoft.
As for the Email delivery protocol, Microsoft has announced that the SMTP protocol will not be affected by the Deprecation of Basic Authentication this time. However, the SMTP protocol will be affected by the next update.
The actual impact of "Exchange Online deprecating Basic Authentication" to specific Applications and specific Services will need to be confirmed with Microsoft 365 Technical Support or your software vendor.
If you have any questions regarding the topic of Basic Authentication Deprecation or you are thinking to implement HENNGE Device Certificate for your company, you can contact us with the following Support Email Address:
ask-ms-basicauth-en@hennge.com
※This article's information is written based on the article(MC191153)in the Microsoft Microsoft 365 Support Center.
※This article will be updated accordingly if any new information or updates has been announced or released from the Microsoft Support.