Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
For many years, ...
Updated Jul 09, 2024
Version 10.0
Blog Post
The selling point for Exchange, and more recently O365, the one thing that made it stand out - it had an incredibly rich feature set and integration with the native tools, yet also worked with anything you threw at it.
You could have a core user set on Windows+Office, with some Mac users, some linux users, some phone users, and some appliances and business applications all talking to the same mailboxes, with pretty darn good feature mapping across protocols.
So many other products had rich feature sets but only worked properly with their proprietary tools, or they had barebones functionality but worked with standard tools, needing so much work to stitch together with other products to make a complete solution.
Once this change kicks in, that's no longer true.
It shouldn't be Microsoft's place to mandate security practices to organizations. Advise, default, persuade, sure - but not mandate. Microsoft's job, in O365 and in Exchange, is to give customers the flexibility and choice to run their own IT the way they need to.
Frankly, the Outlook android app is a bolt-on half-baked solution. It does not suit most users. Being an aftermarket solution - it never will suit most users.
There are dozens of tools out there that demand standards-compliant IMAP, POP3, etc to function. Exchange is abandoning it - offering instead to hack up a proprietary mess of IMAP plus their brand of OATH2. A mess that doesn't even exist yet. Expecting customers to figure out how to change software they don't develop to fit - software that may not even have the option of custom development if the customer can afford it.
This smells suspiciously similar to the early phases of Google's moves to lock down their platform so only their own apps can connect to the system, so they can gatekeep favoured developers to use their platform. Microsoft's moves here look very similar to that and make me doubt the future reliability of MS as an open platform provider.
Removing this support presents a fantastic argument to customers to move to another platform. One that leaves choices (and, admittedly, risks) in the customers' hands, and doesn't dictate from on-high, with inadequate timeframes to adjust (and yes, one year is actually too short for something like this - timeframes for changes like this should be five to ten years, and only implemented after full, open, standardization and implementation is complete)
It's situtations like this that mean I have no choice but to advise my customers that Microsoft O365 features are unreliable, and that they risk significant lock-in and expense should MS decide, on a whim, to dictate new terms to customers.
A quote comes to mind... "I am altering the deal. Pray I don't alter it any further".