Blog Post

Exchange Team Blog

5 MIN READ

Basic Authentication Deprecation in Exchange Online – September 2022 Update

Platinum Contributor

Sep 01, 2022

One month from today, we’re going to start to turn off basic auth for specific protocols in Exchange Online for customers who use them. Since our first announcement nearly three years ago, we’ve se...

Updated Jan 01, 2023

Version 16.0

Platinum Contributor

Joined April 19, 2019

View Profile

Exchange Team Blog

You Had Me at EHLO.

SonofFritz

Copper Contributor

Oct 05, 2022

According to published documentation:

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

We should use the Azure Active Directory Sign-in report to determine who is still using Basic Authentication

The link provided in the above document is this:

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302

Following that procedure, in addition to the Exchange Online protocols, we also get entries that read "Reporting Web Services" and "Other clients"

This article provides guidance for "Reporting Web Services" using Basic Auth.

Is there any guidance on entries that are listed as "Other Clients" and when they may be affected.

I have two critical service accounts that may be affected.