Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In about 150 day...
Updated Sep 01, 2022
Version 5.0
Blog Post
Yay... was glad I found the Blog via Bleeping....
Myself, I'm fine with Basic going the way of the ark, as it makes perfect sense from Security angle.
The problem we have, in New Zealand (NZ), for a vast majority of our Small Business Customers (1 - 10 user sites) is that they rely on 3rd Party device & task alerting eMail software eg: UPS, Backups etc & 3rd Party Line of Business eg: Medical systems, that still use simple SMTP (user/password/DNS Server name/port & SSL/TLS), or have a software with inbuilt mail clients (not Exchange aware).
I've run into rather a brick wall trying to get a clear MS document outlining how to have my Clients using Modern Auth & 2FA for those Apps that do support them (for Medical, Legal etc - they love it), and also being able to use that mailbox, or another mailbox (within the same Tenant) for those alert apps that won't ever get Modern Auth built into them (which I know, as I've spoken to some of the vendors, and they keep saying oh, just use App Password), which doesn't work.
With this disable of basic, it reads that App Passwords will be of no operational use i.e. can't just create one for the User, to use in the 3rd Party app under the more secure 365 Exch system..... this is a real pity as the sheer magnitude of this usage in NZ Small Business will mean the customers will be forced to opt to remain ISP POP/IMAP & traditional SMTP based. They're not going to be able to demand the UPS or Backup suppliers etc make changes to their software for 365, then they're not going to want IT (us) to roll it out & pay for it...... is a fact here .....
I realise SMTP Auth not going, but haven't managed to get Mail to go for a UPS software package, under a newly created 365 Tenant (security set to Basic Off) & MFA on the user... Must be missing something, & setting MFA on in one place, then another place seems odd..... Not sure if can get these mailers (which work fine via ISPs, but customers won't want to/can't pay for special mail a/cs elsewhere) to work 365, or where the setup failure is in our config for the customer, & I've tried MS Support & so far nothing functional .....
At least this blog confirms what I'd gleaned out of one, seemingly off the cuff mention in a MS article somewhere, re BASIC impacting POP & IMAP...... which creates problems for 3rd Parties where they've integrated a mailer into their system & represent the mailbox within their app...... I know of a core business Application in NZ, a medical industry app (widely used), that works this way.....
Unless we can figure out how, with 365, it sounds like we won't be able to make that work - which will ultimately torpedo the customer's adoption of 365, which isn't ideal given it has taken me a few years to convince them to move away from ISP based system.....
Example of this: for One of our Clients, their new 365 Tenant setup is Basic Disabled & MFA on, and is mostly fine for their Outlook 2016.
But we can't figure out how to configure the UPS or Backup software to be able to send using any Mailbox in the Tenant. Ditto, they have another Mailbox that the App only understands either POP/IMAP integration, and uses that for the mail within their application i.e. Sending & seeing the mail in their inbox. Can such an app still work with Basic disabled ????
Even for most Multi-Functions, in the end, we've had to Setup a Connector & Static IP to send out, but we really do not want to allow the site to be able to do that, yes, good router & allow only approved devices, but still messy....
Can we please have a simple document (preferably one that doesn't jump to multiple articles to cover the steps - am fine with other articles linked for supporting reference, but not to have to go here, there & everywhere to figure out what usually is a simple concept in the end) that covers this off please, & include 3rd party apps, including MS server names/settings thanks.
Again, appreciate the need for greater security, so keep that fight up, however please also, how do we cater for those essential mailers that can't do the Modern stuff within the same Tenant please....
Hope it all makes sense.
Cheers
G