Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
Last year we announced changes to make Exchange Online more secure, and earlier this year we provided some updates on progress.
In response to the COVID-19 crisis and knowing that priorities have changed for many of our customers we have decided to postpone disabling Basic Authentication in Exchange Online for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.
We will continue to disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage starting October 2020. And of course you can start blocking legacy authentication today, you don’t need us to do anything if you want to get started (and you should).
We will also continue to complete the roll-out of OAuth support for POP, IMAP, SMTP AUTH and Remote PowerShell and continue to improve our reporting capabilities. We will publish more details on these as we make progress.
Update: For more news on OAUTH support for IMAP and SMTP go here and for POP, go here.
We still intend to move our customers away from Basic Authentication as we still very strongly believe improving security in Exchange Online benefits all of us, and so we’ll announce more accurate timelines for disabling Basic Authentication for tenants with usage at a later date.
The Exchange Team