Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
It’s been a few ...
Updated Sep 01, 2022
Version 7.0
Blog Post
Thanks for the blog - it explains a lot of the changes I've seen in our tenant. However you might need to give a heads up to technical support, as I've raised a few tickets in the last couple of weeks and support don't seem to know about the changes.
We block access to IMAP for the majority of users 18 months ago, however, in the last few weeks, IMAP4 connections have appeared for these users. Is this OAuth IMAP? Of the handful a looked at yesterday, the user doesn't know what app is accessing their data. Googling suggests the client agent that we see, CBAinPROD, is malicious.
Please can we have a better way of flagging this up issue to users. Downloading the sign-in reports and asking a customer to remember which machine they were using at 2pm last Tuesday isn't a speedy way of identifying the issue.
In the Identity Protection | Legacy Authentication report, only 5 client apps are selected (I used to able to click on these to see which 5, but that doesn't work now). This report also includes applications that are not Office 365 Exchange Online - I assume these applications are not affected by your changes? Why not list the 13 client apps, mentioned above, in this report?
Can we have a tick box for "Basic Auth" in the sign-in report? Clicking 13 boxes multiple times a day when the browser times out is a pain!
We have had Modern Auth enabled for quite some time, however new Macs are still connecting with Basic Auth. I'm still investigating, however it looks like you need to disable Legacy Auth to force Macs to use Modern Auth and also we've needed to delete their profile and recreate. We have 500 users in this predicament.
Having greater visibility of the user agent in the exports will be a great help. Identifying as "Microsoft Office 16.0" when this identifier is used for Office 16, 19 and Office 365 is a pain. I now know to look at each person individually. Please turn the strings like "Microsoft Outlook 16.0.11929" into the human readable version without us having to resort to Google. With over 600 different user agents, it's still a bit of a headache!
As t-rev mentioned, I get the following error when the JSON download fails: Given data uri is not formatted correctly with data uri syntax. It's worked once today and does import into Excel OK. Note: if you "...select any item in that list you’ll see the details in the window below.", then the Transform tab disappears. Skip to the next step instead of selecting any item.
The JSON download doesn't include the status of the sign-in. It's quite important to know if it's successful or not.
There seems to be an expectation that any OAuth connection is OK. We would like to retain email, as far as possible, within outlook. Is there a simple way to stop OAuth connections to email from other clients, for a subset of our users, eg Legal?