Blog Post

Exchange Team Blog
5 MIN READ

Basic Authentication Deprecation in Exchange Online – September 2022 Update

The_Exchange_Team's avatar
The_Exchange_Team
Icon for Microsoft rankMicrosoft
Sep 01, 2022
One month from today, we’re going to start to turn off basic auth for specific protocols in Exchange Online for customers who use them. Since our first announcement nearly three years ago, we’ve se...
Updated Jan 01, 2023
Version 16.0
announcements
exchange online
security
Chris_vonW's avatar
Chris_vonW
Copper Contributor
Mar 21, 2023

Could you please help customers using onPrem Exchange getting rid of insecure authentication as well?

 

1) Fix your documentation please!

https://learn.microsoft.com/en-US/exchange/client-developer/exchange-web-services/authentication-and-ews-in-exchange

This document lists only Basic and NTLM for Exchange onPrem. Both of them are insecure. Why Kerberos is not listed there? 

 

2) Force application developers to support Kerberos for onPrem EWS access!

Cisco refuses to implement Kerberos for WebEx Hybrid Calendar.... They support only Basic Auth and NTLM.

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/calendarservice/cmgt_b_deploy-spark-hybrid-calendar-service/cmgt_b_deploy-spark-hybrid-calendar-service_chapter_011.html

 

From their documentation:

"For added security, we recommend NTLM for on-premises Exchange servers.

"For Hybrid Exchange (on-premises and Office 365) deployments, check both NTLM and Basic authentication types. If one method fails, then the other method is used."

 

To mention "NTLM" in the same sentence as "security" is a bad joke... 😕