Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In February 2021...
Updated Sep 01, 2022
Version 19.0
Blog Post
The "Improving Security - Together" article from September 2019 had a section titled, "Finding impacted users". It said:
The first question you probably have is – so how do I know who’s using Basic Authentication in my tenant? Great question, and soon we’ll make a report available to help you easily answer that question for yourself. It’s a report that provides tenant admins with a simple way to determine who is using Basic Auth so you, the admin, can see how large of a task you have on your hands.
Is the Azure AD Sign-in Log supposed to be that report? If so, I think I need further guidance on how to interpret it.
Looking at the Azure AD Sign-in Log for the last 7 days, I see successful logins with "Client App" values at the following rates:
| Browser | 73.64% |
| POP | 12.42% |
| Exchange ActiveSync | 8.46% |
| IMAP | 3.14% |
| Unknown | 1.06% |
| Mobile Apps and Desktop clients | 0.76% |
| Exchange Web Services | 0.51% |
It is my understanding that Exchange ActiveSync, POP and IMAP can all be used with or without Modern Authentication. How do I know which one is being used? And what should I assume about "Unknown", "Mobile Apps and Desktop clients", and "Exchange Web Services"?
- 99% of the "Unknown" entries list "Office 365 SharePoint Online" as the Application. The remaining 1% lists "Microsoft Teams" with "Cross tenant access type" set to "b2bCollaboration".
- The Application listed for "Mobile Apps and Desktop clients" is a mix of "Windows Sign in", "Microsoft Teams", "Microsoft Office", and " Apple Internet Accounts"
- The Application listed for "Exchange Web Services" is "Office 365 Exchange Online"