Basic Authentication and Exchange Online – September 2021 Update

Published Sep 23 2021 02:55 PM 389K Views

Update 5/3/2022: for latest information on this subject, please see Basic Authentication Deprecation in Exchange Online – May 2022 Update.

In February 2021, we announced some changes to our plan for turning off Basic Authentication in Exchange Online. In summary, we announced we were postponing disabling Basic Auth for protocols in active use by your tenant until further notice, but that we would continue to disable Basic Auth for all protocols not being used. The overall scope of the program was also extended to include Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB.

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth.

Basic Authentication is an outdated industry standard, and threats posed by Basic Auth have only increased in the time since we originally announced we were making this change. The original announcement was titled ‘Improving Security – Together’ and that’s never been truer than it is now. We need to work together to improve security. We take our role in that statement seriously, and our end goal is turning off Basic Auth for all our customers. But every day Basic Auth remains enabled in your tenant, your data is at risk, and so your role is to get your clients and apps off Basic Auth, move them to stronger and better options, and then secure your tenant, before we do.

Even though we announced we were putting the work on hold, we didn’t stop improving security. Back in June we provided an update that we had already begun to disable Basic Auth for tenants not using it, and we described the process. We also explained how you could re-enable an affected protocol if you really needed to use it. This work has already protected millions of Exchange Online users.

Today, we have more news on how to prepare for this important change.

Proactive Protection Expansion

In 2022, as we roll out the changes necessary to support this effort, we will begin disabling Basic Auth for some customers with usage on a short-term and temporary basis.

IMPORTANT: Sometime in second quarter of 2022 we will selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using our self-service tools.

During this time all clients and apps that use Basic Auth in the selected tenants will be affected, and they will be unable to connect. Any client or app using Modern Auth will not be affected. Users can switch to other clients (for example, use Outlook on the Web instead of an older Outlook client that does not support Modern Auth) while they upgrade or reconfigure their client apps.

Limited Opt Out

If you receive a Message Center post between now and October 2022, informing you that we are going to disable Basic Auth for a protocol in your tenant due to non-usage, or you get one saying we know you are using Basic Auth, but we intend to proactively disable it for a short period of time, and you don’t want us to take that action for protocols in your tenant, you can use a new feature in the Microsoft 365 admin center to request that we not disable specific protocol(s).

We added this feature to the self-service tool to help you minimize disruptions as you transition away from using Basic Auth. But we really want you to use this feature only if you really need Basic Auth. Not just because you think you might, or just in case. Customers are compromised through Basic Auth every day, and the best way to prevent that happening is to disable it and move to Modern Auth.

The exception process was outlined in an earlier blog post but here it is again, with specifics for ‘opt out’ requests.

You can now go directly to the Basic Auth self-help diagnostic by simply clicking on this button: (it’ll bring up the diagnostic in the Microsoft 365 admin center if you’re the tenant admin):

DiagButtonBasicAuth.png

Or you can open the Microsoft 365 admin center and click the green Help and support button in the lower right hand corner of the screen.

 

The_Exchange_Team_0-1632432572284.png

The_Exchange_Team_2-1632432692361.png

When you click the button, you enter our self-help system. Here you can enter the magic phrase “Diag: Enable Basic Auth in EXO”:

The_Exchange_Team_3-1632432716629.png

Whichever path you took to get here, click Run Tests to check your tenant settings to see if we have disabled Basic Auth for any protocols, and then review the results. If we have not disabled Basic Auth for any protocols in your tenant, and you are running the diagnostic before September 1, 2022 (one month before the October 2022 start date), we’ll offer you the option to opt out.

The_Exchange_Team_4-1632432739155.png

Select the protocol to opt out from the dropdown, click the check box, and then click Update Settings. Repeat this process for each protocol to opt out.

 

The_Exchange_Team_5-1632432757422.png

That’s it. Once you submit your opt out request, we won’t disable Basic Auth for the selected protocol(s) in your tenant, whether there is usage or not, until October 2022. Every tenant can request an opt out for each protocol (or set of protocols in the case of Outlook), until the start of September 2022. Starting September 1, 2022, we will remove the opt out option, and starting October 1, 2022, we’ll begin turning off Basic Auth in all tenants, regardless of usage.

Note: Self service re-enablement of Basic Auth does not currently work for GCC tenants. For GCC tenants, please open a ticket with our support team to re-enable Basic Auth.

To reiterate, requesting an opt out for protocols you aren’t sure about, or just in case, puts your tenant data at risk. If you really aren’t sure, let us turn it off and wait to see what happens (or use Security Defaults or Conditional Access to do it today). You can always re-enable it for the time being using the opt out process, and while this might cause some disruption, the upside is it will help you identify the affected clients and apps, and the work you need to do prior to October 2022.

Frequently Asked Questions

How do I know if my tenant is using Basic Auth?

Take a look at the Azure AD Sign-In log, as it can help identify ‘unexpected’ usage. We’re also going to start sending Message Center posts to tenant admins summarizing their usage (or lack of).

How will I know if this change will affect my tenant?

If the Azure AD Sign-In log shows Basic (legacy) Auth usage, this change will affect your tenant.

I thought you said you were not going to completely disable SMTP AUTH?
You’re right, we did, in blog posts here and here. We’re going to continue to disable SMTP AUTH for tenants who don’t use it, but we will not be changing the configuration of any tenant who does. We can’t tell though if the usage we see is valid or not, that’s down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don’t forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

I can’t re-enable SMTP using this feature, but I can request an opt out – huh?

Well spotted! We didn’t build logic into the re-enablement tool for SMTP as you can already do that easily using PowerShell, but we wanted to make sure you could request an opt out for disabling of  SMTP AUTH, so we included it here.

How can I get a longer exception? I still want to use Basic Auth after October 2022

We are not providing the ability to use Basic Auth after October 2022. You should ensure your dependency on Basic Auth in Exchange Online has been removed by that time. Basic authentication (outside of SMTP) will be turned off for everyone in October 2022, including tenants who have previously opted out using our self-service tool.

What if I request an opt out, do the necessary work, and then want you to disable Basic Auth?

First of all, we’ll say well done, we appreciate you doing the work. Then, what we would advise would be to use Security Defaults or Conditional Access to block legacy auth. We might not get to your tenant right away, so better for you to take action and secure your tenant when you are ready, and then we’ll come back and disable it fully in time.

What if you’ve blocked some protocols, but I want to request an exception for others?

You won’t see the opt out dialog unless no protocols in your tenant are blocked. But that’s ok, as all you have to do is ‘re-enable’ that protocol (even though it’s not disabled at the time), and we’ll consider that an opt out request for it.

If I’ve set up Authentication Policies, or Conditional Access to block legacy auth, how will I know it’s safe to remove these and not re-open myself to the risks posed by Basic Auth?

Keep watching the Message Center in your tenant; we’ll send Message Center posts in advance of us making a change to your Basic Auth configuration, and again once we’ve made the change.

What about Office 365 operated by 21Vianet? Is that subject to this change too?
Yes it is, but the timeline is slightly different. We will turn off basic auth for all covered protocols on March 31st 2023. There will be no Proactive Protection Expansion as detailed above, but we will start to turn off basic auth for unused protocols during 2022.

What are you doing with Application Access Policies? We’ve been trying to get our apps to use these to secure them more granularly, but with only 100 policies available, that’s impossible!

We know many of our larger customers are already working on migrating thousands of service principals to our modern APIs, and we’ve heard the feedback that the existing limits with the current Application Access Policies code which allow only 300 service principals (we've increased from 100 to 300) is not enough. We’re announcing today that we plan on supporting 10,000 or more of these assignments per tenant. We’ll have more news on this update soon, so don’t let this issue stop you; it’s time to start planning to migrate your Basic Auth and legacy API applications to Microsoft Graph and Modern Authentication.

While we’re on the subject of Application Access Policies, we also want to say that we are aligning our Application and Administrative access control models to allow the full flexibility of Role-Based Access Control to apply to service principals in Exchange Online. And we’re bringing a unified management experience for scoped application access to the Azure AD Identity portal where admin permission consents are managed today. More details will be announced soon!

Summary

We know many of you will be happy about this announcement, as shutting down Basic Auth access to Exchange Online is a very good thing from a security perspective. And we also know that many of our customers have been focusing on other problems over the past year, and this will mean they might need to do more work in this area to be ready on time. We hope that giving you 12 months’ notice will give you sufficient time to prepare.

The Exchange Online Team

148 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2780140%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780140%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20guys%20for%20going%20back%20to%20the%20hardline%20stance.%26nbsp%3BThis%20is%20fantastic%20news%20and%20gets%20my%20full%20support%2C%20keep%20it%20up%20Microsoft!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2780187%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780187%22%20slang%3D%22en-US%22%3E%3CP%3EPeel%20this%20band-aid%20off%20already!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781151%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781151%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20does%20this%20affect%20scanners%20and%20MFC%20devices%20using%20SMTP%20AUTH%20for%20scan%20to%20email%3F%26nbsp%3B%20Will%20they%20all%20fail%20come%20when%20this%20change%20goes%20live%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781665%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781665%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20question%20is%20also%20about%20MFC%20%2F%20MFP%20devices%20using%20SMTP%20for%20scan%20to%20email%20and%20how%20those%20should%20be%20managed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781704%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781704%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20goto%20be%20kidding%3F%202FA%20is%20the%20biggest%20flop%20known%20to%20Microsoft.%20The%20Microsoft%20team%20has%20no%20clue%20how%20to%20fix%20this%2C%20we%20have%20hundred%20of%20clients%20which%20we%20cannot%20implant%202FA%20as%20even%20with%20Microsoft%20tickets%20they%20have%20agreed%20too%20many%20bugs%E2%80%A6%20time%20to%20move%20to%20Google%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781824%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781824%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3E%26nbsp%3B%202FA%2FMFA%20is%20unrelated%20to%20disabling%20basic%20auth%2C%20disabling%20basic%20auth%20and%20moving%20to%20modern%20auth%20does%20not%20require%20you%20to%20use%20Microsoft's%20MFA.%20You%20can%20always%20use%20solutions%20like%20Duo%2C%20Okta%20and%20many%20others%20for%20alternative%20MFA%20solutions.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BCan%20you%20guys%20clarify%20your%20stance%20on%20SMTP%20AUTH%3F%20will%20you%20guys%20be%20disabling%20it%20effective%20October%201%2C%202022%20as%20well%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%22%3CSPAN%3EThe%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20MAPI%2C%20RPC%2C%20%3CSTRONG%3ESMTP%20AUTH%3C%2FSTRONG%3E%20and%20OAB.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781935%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781935%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Dylan%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20the%20reply%2C%20so%20what%20is%20the%20difference%20between%20basic%20with%20and%20just%20a%20username%20and%20password%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20when%20I%20am%20in%20the%20SW%20of%20Western%20Australia%20and%2070%25%20of%20the%20time%20have%20no%20internet%20or%20mobile%20connection%20how%20am%20I%20meant%20to%20support%20my%20clients%3F%202FA%20yet%20alone%20trying%20to%20get%20a%20text%20code%20to%20login%20could%20take%20hours%20yet%20alone%20days%20before%20you%20get%20a%20text%20code%20from%20Microsoft%20and%20then%20it%E2%80%99s%20expired%E2%80%A6.so%20how%20are%20we%20meant%20to%20provide%20services.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShared%20mailboxes%20etc%202FA%20is%20a%20fail.%20Shared%20mailboxes%20don%E2%80%99t%20work%20in%20all%20situations.%20So%20when%20you%20have%20a%20mailbox%20and%20all%20the%20dramas%20that%20don%E2%80%99t%20work%20with%20Microsoft%20how%20are%20we%20meant%20to%20manage%20hundreds%20of%20companies%20in%20rural%20areas%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781991%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781991%22%20slang%3D%22en-US%22%3E%3CP%3EOnly%20if%20those%20copiers%20are%20sending%20to%20recipients%20outside%20of%20your%20tenant%20do%20they%20need*%20to%20use%20SMTP%20Auth.%20Most%20of%20the%20time%2C%20a%20user%20walks%20up%2C%20scans%20something%20to%20themselves%20and%20then%20uses%20Outlook%2C%20etc%20to%20send%20along%20elsewhere%20if%20necessary.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIf%20your%20MFC%20doesn't%20support%20modern%20auth%2C%202%20of%203%20scenarios%20in%20the%20article%20still%20apply%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Ee.%20*%20not%20%22need%22%2C%20but%20easier.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782074%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782074%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Mike%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20I%20think%20something%20like%20that%20can%20be%20done%20as%20long%20as%20you%20dont%20mind%20being%20forced%20further%20in%20to%20Azure%20but%20even%20that%20currently%20has%20lots%20of%20confusion%20surrounding%20it.%20I%20am%20more%20bringing%20that%20up%20as%20another%20example%2C%20I%20am%20sure%20there%20are%20a%20lot%20more....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fupdate-your-applications-to-use-microsoft-authentication-library%2Fba-p%2F1257363%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fupdate-your-applications-to-use-microsoft-authentication-library%2Fba-p%2F1257363%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20point%20is%20its%20always%20done%20in%20an%20inconsistent%20way%20not%20matter%20what%20the%20roll%20out%20is.%20How%20can%20you%20have%20this%20many%20resources%20at%20your%20disposal%20and%20still%20have%20things%20this%20whacked%20out%3F%20Is%20it%20really%20necessary%20to%20have%20a%20major%20change%20notification%2010%20times%20a%20week.%20Can%20anyone%20really%20keep%20up%20with%2030k%20users%20things%20are%20just%20endlessly%20changing%20for%20no%20good%20reason%20other%20than%20to%20move%20things%20around%20and%20charge%20more%3F%20Why%20not%20just%20charge%20more%20for%20E3%20if%20you%20are%20so%20worried%20about%20security%20rather%20than%20saying%20hey%20if%20you%20want%20security%20you%20need%20P2%20blah%20blah%20blah.%26nbsp%3B%3CBR%20%2F%3EIt%20been%20abundantly%20clear%20for%20a%20long%20time%20those%20making%20the%20decisions%20have%20no%20idea%20what%20it%20means%20to%20this%20in%20the%20trenches.%20Its%20just%20endless%20non%20sense.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782106%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782106%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22%22%3EHSI%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CSPAN%3EThere%20are%20many%20small%20firms%20that%20don't%20have%20those%20resources%20at%20their%20disposal.%20There%20are%20lots%20of%20use%20cases%20that%20are%20outside%20each%20of%20our%20point%20of%20view.%20That%20is%20also%20a%20work%20around%20that%20should%20not%20be%20needed.%3C%2FSPAN%3E%3C%2FDIV%3E%3CP%3E%3CSPAN%3EAnyway%20its%20Friday%20have%20a%20good%20day!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782230%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782230%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3E%26nbsp%3B-%20you%20can%20move%20to%20Modern%20Auth%20without%20requiring%2Fenforcing%20MFA.%20Your%20creds%20in%20the%20first%20instance%20are%20used%20to%20get%20tokens%2C%20from%20them%20on%2C%20it's%20just%20about%20refreshing%20tokens%20for%20continued%20access.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781983%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781983%22%20slang%3D%22en-US%22%3E%3CP%3ECameron%2C%20Kdaylenhayes%20and%20groupsupport%20are%20correct%20we%20need%20to%20be%20crystal%20clear%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20tell%20us%20you%20understand%20by%20doing%20this%20procedure%20you%20will%20disabling%20scan%20to%20email%20for%20every%20printer%20on%20the%20planet.%20That%20has%20nothing%20to%20do%20with%20security%2C%20it's%20an%20absolute%20requirement%20even%20for%20a%20lot%20of%20military%20based%20devices.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThis%20seems%20insanely%20obvious%20but%20so%20does%20not%20asking%20admins%20to%20enter%20secret%20questions%20that%20we%20will%20have%20no%20idea%20of%20the%20answers%20in%20Windows%2010%20Pro%20setup%20so%20it%20must%20be%20specifically%20asked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2780728%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780728%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome.%20Keep%20it%20up%20and%20don't%20back%20down!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782018%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782018%22%20slang%3D%22en-US%22%3E%3CP%3ENone%20taken!%20I'm%20commenting%20so%20that%20at%20least%20some%20percentage%20of%20the%20readers%20can%20go%20away%20with%20alternate%20solutions.%20I%20get%20that%20some%20are%20going%20to%20have%20heartburn%20over%20this%20-%20but%20TBF%2C%20this%20is%20like%2010%20years%20in%20the%20making...%3C%2FP%3E%3CP%3EA%20website%20contact%20form%20could%20just%20use%20a%20shared%20secret%20or%20cert%20with%20application%20permissions%2C%20no%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783472%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783472%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165985%22%20target%3D%22_blank%22%3E%40JPogue%3C%2FA%3E%26nbsp%3BYes.%20After%20Oct%202022%2C%20Basic%20Auth%20will%20be%20disabled%20service-side.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783557%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783557%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20an%20Exchange%20admin%20by%20trade%20(so%20I%20apologize%20if%20I'm%20way%20off%20base)%2C%20but%20we%20have%20several%20PowerShell%20scripts%20that%20require%20connecting%20to%20Exchange%20Online%20for%20tasks%20other%20than%20managing%20mailboxes%20(M365%20Group%20management%2C%20audit%20searches%2C%20legal%20holds%2C%20etc...).%26nbsp%3B%20Will%20the%20Exchange%20Online%20V2%20PowerShell%20module%20be%20affected%20by%20this%20change%3F%26nbsp%3B%20It%20currently%20%3CEM%3Erequires%3C%2FEM%3E%20Basic%20Authentication%20to%20be%20useful.%26nbsp%3B%20When%20connecting%20from%20a%20client%20where%20Basic%20Auth%20is%20disabled%20I%20get%20this%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EWARNING%3A%20Please%20note%20that%20you%20can%20only%20use%20above%209%20new%20EXO%20cmdlets%20(the%20one%20with%20*-EXO*%20naming%20pattern).You%20can't%20use%20other%20cmdlets%20as%20we%20couldn't%20establish%20a%20Remote%20PowerShell%20session%20as%20basic%20auth%20is%26nbsp%3Bdisabled%20in%20your%20client%20machine.%20To%20enable%20Basic%20Auth%2C%20please%20check%20instruction%20here%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online-powershell-v2%3Fview%3Dexchange-ps%23prerequisites-for-the-exo-v2-module%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online-powershell-v2%3Fview%3Dexchange-ps%23prerequisites-for-the-exo-v2-module%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENew-ExoPSSession%20%3A%20Create%20Powershell%20Session%20is%20failed%20using%20OAuth%3CBR%20%2F%3EAt%20C%3A%5CProgram%20Files%5CWindowsPowerShell%5CModules%5CExchangeOnlineManagement%5C2.0.4%5CnetFramework%5CExchangeOnlineManagement.psm1%3A475%20char%3A30%3CBR%20%2F%3E%2B%20...%20PSSession%20%3D%20New-ExoPSSession%20-ExchangeEnvironmentName%20%24ExchangeEnviro%20...%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BNew-ExoPSSession%5D%2C%20Exception%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20System.Exception%2CMicrosoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783564%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783564%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1166051%22%20target%3D%22_blank%22%3E%40RyanWalker%3C%2FA%3Eare%20you%20referring%20to%20the%20client-side%20basic%20auth%20as%20discussed%20here%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.stigviewer.com%2Fstig%2Fwindows_10%2F2020-06-15%2Ffinding%2FV-63335%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.stigviewer.com%2Fstig%2Fwindows_10%2F2020-06-15%2Ffinding%2FV-63335%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20so%2C%20this%20is%20not%20what%20this%20article%20is%20about.%20The%20ExchangeOnlineManagement%20powershell%20module%20works%20with%20modern%20authentication%20%2F%20%22legacy%20authentication%22%20disabled%20on%20the%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783567%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783567%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20we%20go%20again.%20We're%20a%204%20fte%20company%20and%20I'm%20the%20Office%20365%20admin.%20The%20product%20is%20supposed%20to%20be%20ideal%20for%20small%20companies%20that%20do%20not%20have%20the%20resources%20to%20run%20their%20own%20server.%20No%20IT%20management%20knowledge%20required.%3C%2FP%3E%3CP%3EAlmost%20every%20day%20I%20get%20at%20least%20one%20%22major%20change%20update%20notification%22%20from%20the%20message%20center%20pointing%20me%20to%20pages%20like%20this%20one.%20I%20have%20NO%20IDEA%20what%20this%20is%20about%20but%20it%20scares%20the%20hell%20out%20of%20me.%20Every%20month%20something%20changes%20on%20our%20desktop%20keeping%20us%20from%20our%20own%20core%20business.%20Please%2C%20please%2C%20Microsoft%2C%20make%20something%20like%20Office%20365%20Small%20Business%20Basic%20LTS.%20We%20do%20appreciate%20to%20have%20our%20documents%20synchronized%20across%20all%20our%20devices%20but%20for%20the%20rest....%20The%20Office%202003%20apps%20would%20do%20the%20job%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783597%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783597%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%2C%26nbsp%3Byes%20that's%20the%20client-side%20setup%20I'm%20referring%20to.%26nbsp%3B%20I%20just%20saw%20that%20Basic%20Auth%20was%20being%20disabled%20and%20remember%20seeing%20the%20warning%20message%20that%20I%20referenced%20above%20almost%20every%20day%20when%20I%20run%20my%20scripts%20from%20the%20wrong%20client.%26nbsp%3B%20Wanted%20to%20make%20sure%20that%20Microsoft%20wasn't%20requiring%20mutually%20exclusive%20settings%20(the%20support%20documentation%20referenced%20in%20the%20warning%20message%20that%20I%20provided%20shows%2Frequires%20the%20exact%20opposite%20of%20the%20article%20that%20you%20referenced).%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783635%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783635%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5185%22%20target%3D%22_blank%22%3E%40DoveFromAbove%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EAll%20these%20clients%20support%20modern%20authentication%3A%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3EOutlook%202013%20or%20later%20(Outlook%202013%20requires%20a%20registry%20key%20change.%20See%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fsecurity-and-compliance%2Fenable-modern-authentication%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20Modern%20Authentication%20for%20Office%202013%20on%20Windows%20devices%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20more%20information.)%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%202016%20for%20Mac%20or%20later%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%20for%20iOS%20and%20Android%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EMail%20for%20iOS%2011.3.1%20or%20later%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EGoogle%20is%20also%20headed%20down%20this%20path%2C%20but%20they%20have%20frozen%20their%20timeline%20temporarily.%26nbsp%3B%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fworkspaceupdates.googleblog.com%2F2020%2F03%2Fless-secure-app-turn-off-suspended.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EGoogle%20Workspace%20Updates%3A%20Less%20secure%20app%20turn-off%20suspended%20until%20further%20notice%20(googleblog.com)%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIt's%20just%20matter%20of%20time.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783773%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783773%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3Bjust%20in%20time%2C%20have%20you%20heard%20about%20this%20publication%20on%20Autodiscover%20and%20how%20easy%20it%20was%20to%20use%20autodiscover.com.anyTLD%20to%20phish%20for%20BASIC%20authentication%3F%3CBR%20%2F%3EI%20am%20not%20a%20sec%20expert%20but%20I%20hope%20that%20this%20measure%20will%20at%20least%20be%20one%20part%20of%20the%20puzzle.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785412%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785412%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F285725%22%20target%3D%22_blank%22%3E%40ajc196%3C%2FA%3E%26nbsp%3BAll%20the%20protocols%20that%20use%20Basic%20Auth%20and%20that%20we%20are%20shutting%20off%20already%20support%20OAuth%20already%20-%20so%20keep%20the%20protocol%2C%20just%20fix%20up%20the%20auth%20if%20you%20can.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785418%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785418%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BYep%2C%20we%20are%20aware%20but%20we%20have%20a%20web%20of%20CA%20policies%20still%20allowing%20basic%20auth%20for%20various%20sets%20of%20conditions%2Fscenarios%20that%20are%20still%20being%20addressed%20across%20several%20services%2C%20so%20we're%20not%20%22untangling%22%20said%20mess%20just%20yet.%26nbsp%3BBasic%20auth%20being%20disabled%20%26amp%3B%20legacy%20protocols%20on%20by%20default%20is%20our%20ultimate%20goal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785672%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785672%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BWe%20fully%20support%20turning%20off%20basic%20authentication!%3C%2FP%3E%3CDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EBut%20please%20let%20the%20Outlook%20team%20add%20support%20for%20modern%20authentication%20in%20Outlook%20with%20POP%2FIMAP.%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3ENow%20this%20is%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-connect-mailbox-pop-imap-outlook%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Enot%20available%3C%2FA%3E%2C%20but%20this%20functionality%20is%20very%20much%20needed!%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785698%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785698%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955896%22%20target%3D%22_blank%22%3E%40ExchangeOnline%3C%2FA%3E%26nbsp%3BIf%20you%20have%20Outlook%2C%20why%20use%20POP%2FIMAP%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20no%20plans%20to%20add%20support%20for%20Modern%20Auth%20to%20Outlook.%20If%20you%20have%20Outlook%2C%20use%20MAPI%2FHTTP.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785822%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785822%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BFor%20some%20mailboxes%20there%20is%20a%20security%20requirement%20to%20immediately%20dowload%20the%20messages%20using%20POP.%3C%2FP%3E%3CDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EModern%20Auth%20in%20Exchange%20Online%20is%20available%20for%20POP%2C%20why%20not%20allowing%20it%20to%20use%20with%20Outlook%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2786423%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2786423%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955896%22%20target%3D%22_blank%22%3E%40ExchangeOnline%3C%2FA%3E%26nbsp%3BWhy%20does%20a%20'security%20requirement'%20determine%20the%20protocol%20that%20has%20to%20be%20used%3F%20Why%20POP%3F%20Why%20not%20IMAP%3F%20or%20EWS%3F%20or%20MAPI%3F%20If%20this%20is%20an%20app%2C%20use%20EWS%2C%20or%20even%20better%2C%20REST%2FGraph.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2786837%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2786837%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3Bwe%20are%20familiar%20with%20the%20alternatives%2C%20but%20as%20you%20know%20POP%2C%20by%20default%2C%20removes%20the%20downloaded%20messages%20from%20the%20server.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20consequence%20of%20forcing%20Modern%20Auth%20means%20that%20POP%2FIMAP%20on%20Exchange%20Online%20with%20Outlook%20cannot%20be%20used%20anymore%2C%20that%20would%20be%20very%20dissapointing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2787107%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2787107%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20FAQs%20state%20that%20%22the%26nbsp%3B%3CSPAN%3EAzure%20AD%20Sign-In%20log%22%20can%20inform%20an%20administrator%20if%20there%20are%20existing%20uses%20of%20Basic%20Auth%20in%20the%20tenant.%26nbsp%3B%20However%2C%20it%20does%20not%20indicate%20how%20you%20do%20that.%26nbsp%3B%20How%20do%20I%20do%20that%3F%26nbsp%3B%20Looking%20at%20the%20Azure%20AD%20Sign-in%20log%2C%20I%20don't%20see%20any%20obvious%20fields%20being%20reported%20that%20indicate%20if%20Basic%20Auth%20was%20used%20for%20the%20sign-in.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2787349%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2787349%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167203%22%20target%3D%22_blank%22%3E%40Kevin_Hamilton%3C%2FA%3E%26nbsp%3BCheck%20the%20%E2%80%9DClient%20apps%E2%80%9D%20kolumn%20in%20Sign-in%20logs%20and%20you%20can%20filter%20on%20Modern%20Authentication%20apps%20and%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782058%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782058%22%20slang%3D%22en-US%22%3E%3CP%3ESMTP%20AUTH%20-%20As%20mentioned%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-july-update%2Fba-p%2F1530163%22%20target%3D%22_blank%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20July%20Update%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_blank%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20February%202021%20Update%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%20we%20will%20%3CSTRONG%3Enot%3C%2FSTRONG%3E%20be%20completely%20disabling%20SMTP%20AUTH%20for%20those%20customers%20that%20still%20want%20to%20use%20it.%20We%20will%20only%20be%20disabling%20it%20for%20tenants%20we%20don't%20see%20using%20it.%20We'll%20clarify%20that%20in%20the%20blog%20above%20shortly.%20Sorry%20for%20any%20confusion.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788210%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788210%22%20slang%3D%22en-US%22%3E%3CP%3EI%20run%20the%20office365%20logins%20for%20a%20school.%20I'm%20not%20up%20with%20the%20lingo%2C%20so%20an%20idiots%20guide%20to%20this%20change%20would%20be%20good%2C%20to%20enable%20me%20to%20understand%20if%20I%20need%20to%20do%20anything%20to%20my%20school%20setup%20or%20if%20this%20will%20effect%20us%20in%20any%20way%20or%20not%20-%20will%20we%20notice%20any%20change%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788310%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788310%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%20Will%20this%20change%20affect%20also%20SharePoint%20online%3F%20I%20see%20in%20Azure%26nbsp%3BSign-in%20logs%3A%3C%2FP%3E%3CP%3EApplication%3A%20Office%20365%20SharePoint%20Online%3C%2FP%3E%3CP%3E%3CSPAN%3EClient%20app%3A%26nbsp%3BOther%20clients%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20understood%26nbsp%3Bcorrectly%20%22other%20clients%22%20is%20Legacy%20authentication%26nbsp%3Bclient.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788389%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788389%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165630%22%20target%3D%22_blank%22%3E%40Fenner42%3C%2FA%3E%26nbsp%3B%20-%20You%20are%20able%20to%20use%20Direct%20Send%2C%20or%20any%20other%20number%20of%20options.%20Microsoft%20is%20not%20holding%20security%20efforts%20because%20you%20are%20unable%20to%20learn%20technology.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788448%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788448%22%20slang%3D%22en-US%22%3E%3CP%3E%26gt%3BIf%20MAPI%20is%20going%20away%20how%20will%20the%20Outlook%20client%20connect%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78995%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20IMAP%20is%20not%20MAPI%3C%2FP%3E%3CP%3E2)%20They%20aren't%20turning%20off%20MAPI%20or%20IMAP%3C%2FP%3E%3CP%3E3)%20They%20are%20turning%20off%20Basic%20%2F%20%22Legacy%22%20Authentication%2C%20but%20Exchange%20Online%20supports%20Modern%20Authentication%20for%20both%20IMAP%20and%20MAPI.%3CBR%20%2F%3E4)%20Most%20IMAP%20clients%20don't%20support%20Modern%20Auth.%20For%20example%2C%20Thunderbird%20does%2C%20but%20Outlook%20doesn't.%20However%20Outlook%20has%20no%20need%20to%2C%20since%20it%20it%20also%20supports%20(MAPI%20%2B%20Modern%20Authentication)%2C%20which%20is%20a%20much%20more%20capable%20protocol.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788586%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788586%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20article%20it%20states%20that%20MAPI%20is%20included%20in%20the%20list%20of%20protocols%20to%20be%20disabled.%20If%20this%20is%20the%20case%20than%20wouldn't%20full%20Outlook%20clients%20be%20effected%20by%20this%3F%20Should%20the%20Outlook%20client%20be%20using%20MapiHttp%20instead%20of%20just%20Mapi%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20%3CSTRONG%3EMAPI%3C%2FSTRONG%3E%2C%20RPC%2C%20SMTP%20AUTH%20and%20OAB.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788620%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788620%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20basic%20auth%20being%20disabled%20in%202022%2C%20will%20we%20still%20be%20able%20to%20use%20SMTP%20relay%20as%20mentioned%20in%20this%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%3C%2FA%3E%26nbsp%3B.%20We%20use%20this%20method%20with%20IIS%206%20(couldn't%20find%20the%20MS%20article%20anymore%20so%20this%20one%20is%20the%20same)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.datasharp.uk.com%2Fportal%2Fen-gb%2Fkb%2Farticles%2Fhow-to-configure-iis-for-relay-with-office-365%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.datasharp.uk.com%2Fportal%2Fen-gb%2Fkb%2Farticles%2Fhow-to-configure-iis-for-relay-with-office-365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20now%20not%20work%20with%20IIS%206%20method%20once%20Basic%20Auth%20is%20turned%20off%3F%20What%20are%20our%20alternatives%20when%20the%20deadline%20hits%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788622%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78995%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3B%26nbsp%3BNo%2C%20this%20article%20does%20not%20discuss%20disabling%20any%20protocols.%20This%20article%20discusses%20disabling%20legacy%20authentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20concept%20has%20been%20the%20discussion%20of%20various%20Ehlo%20blog%20posts%20for%20nearly%20a%20decade.%20Checkout%20some%20of%20these%20other%20articles%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fduckduckgo.com%2F%3Fq%3D%2522modern%2Bauthentication%2522%2Bsite%253Atechcommunity.microsoft.com%252Ft5%252Fexchange-team-blog%26amp%3Bt%3Dffab%26amp%3Bia%3Dweb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fduckduckgo.com%2F%3Fq%3D%2522modern%2Bauthentication%2522%2Bsite%253Atechcommunity.microsoft.com%252Ft5%252Fexchange-team-blog%26amp%3Bt%3Dffab%26amp%3Bia%3Dweb%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788798%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788798%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20about%20unattended%20Powershell%20scripts%20(or%20other%20system%20services)%20that%20need%20authentication%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788813%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788813%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3B%20Certificate-based%20authentication%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788838%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3BIf%20you%20previously%20used%20Send-MailMessage%2C%20you%20can%20move%20to%20Send-MgUserMessage.%20Shameless%20plug%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fmikecrowley.us%2F2021%2F09%2F25%2Fsend-mgusermessage%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmikecrowley.us%2F2021%2F09%2F25%2Fsend-mgusermessage%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20want%20to%20see%20how%20modern%20auth%20works%20with%20Thunderbird%2C%20check%20out%20Michel%20de%20Rooij's%20post%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Feightwone.com%2F2020%2F07%2F01%2Fconfiguring-exchange-account-with-imap-oauth2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Feightwone.com%2F2020%2F07%2F01%2Fconfiguring-exchange-account-with-imap-oauth2%2F%3C%2FA%3E%3CBR%20%2F%3EIf%20you%20have%20more%20complex%20needs%2C%20check%20out%20Glen%20Scales'%20numerous%2C%20high-quality%20articles%3A%20%3CA%20href%3D%22https%3A%2F%2Fgsexdev.blogspot.com%2Fsearch%3Fq%3D%2522modern%2Bauth%2522%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgsexdev.blogspot.com%2Fsearch%3Fq%3D%2522modern%2Bauth%2522%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788877%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788877%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F926045%22%20target%3D%22_blank%22%3E%40QuiltersICT%3C%2FA%3E%26nbsp%3B-%20as%20the%20first%20FAQ%20says%2C%20start%20here%2C%20or%20you%20wait%20for%20our%20MC%20posts%20to%20arrive.%20Start%20with%20the%20report%20would%20be%20my%20advice.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EHow%20do%20I%20know%20if%20my%20tenant%20is%20using%20Basic%20Auth%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3ETake%20a%20look%20at%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Freports-monitoring%2Fconcept-sign-ins%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Sign-In%20log%3C%2FA%3E%2C%20as%20it%20can%20help%20identify%20%E2%80%98unexpected%E2%80%99%20usage.%20We%E2%80%99re%20also%20going%20to%20start%20sending%20Message%20Center%20posts%20to%20tenant%20admins%20summarizing%20their%20usage%20(or%20lack%20of).%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167848%22%20target%3D%22_blank%22%3E%40Lyle_Epstein%3C%2FA%3E%26nbsp%3BSMTP%20is%20not%20being%20turned%20off%20if%20it's%20being%20used%20in%20your%20tenant.%20Please%20read%20the%20blog%20and%20FAQ's%20again.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F99899%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3BAs%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%26nbsp%3Bsaid%2C%20we're%20not%20disabling%20any%20protocols%2C%20only%20specific%20auth%20types.%20They%20are%20not%20the%20same%20thing.%20MAPI(http%2C%20you%20are%20right%2C%20it's%20MAPI%20over%20HTTP%2C%20but%20we're%20just%20calling%20it%20MAPI%20in%20this%20case%2C%20but%20they%20are%20one%20and%20the%20same)%20is%20not%20being%20disabled.%20Basic%20Auth%20with%20MAPI%20is%2C%20but%20not%20OAuth.%26nbsp%3BBut%20yes%2C%20this%20change%20affects%20Outlook%20-%20but%20only%20if%20it%20is%20using%20Basic%20Auth%20with%20MAPI.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788969%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788969%22%20slang%3D%22en-US%22%3E%3CP%3EQuestion%20related%20to%20moving%20some%20mail%20connectivity%20over%20to%20Modern%20Auth%2C%20but%20it's%20technically%20more%20of%20an%20Azure%20AD%20question%20than%20an%20Exchange%20Online%20question%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20creating%20an%20Azure%20AD%20app%20registration%20for%20delegation%2Fapplication-based%20permissions%20over%20Graph%2C%20I%20noticed%20that%20client%20secrets%20now%20have%20a%20max%20expiration%20of%202%20years%2C%20which%20is%20good%20in%20my%20mind.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOther%20than%20tossing%20an%20event%20on%20my%20IT%20unit's%20shared%20calendar%20and%20hoping%20someone%20takes%20note%20of%20it%20if%20I%20happen%20to%20be%20out%20of%20office%2C%20are%20there%20any%20built-in%20mechanisms%20for%20sending%20expiration%20alerts%20to%20admins%2Fregistration%20owners%20for%20these%20client%20secrets%2C%20as%20to%20avoid%20outages%20when%20they%20expire%3F%20(Similar%20to%20certificate%20expiration%20alerts%20for%20SAML%2Fenterprise%20applications...%20they'll%20nag%20you%203%20times%20in%20the%20final%202%20months%20prior%20to%20expiration)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2789455%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2789455%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20%22Improving%20Security%20-%20Together%22%20article%20from%20September%202019%20had%20a%20section%20titled%2C%20%22Finding%20impacted%20users%22.%26nbsp%3B%20It%20said%3A%3C%2FP%3E%3CBLOCKQUOTE%3EThe%20first%20question%20you%20probably%20have%20is%20%E2%80%93%20so%20how%20do%20I%20know%20who%E2%80%99s%20using%20Basic%20Authentication%20in%20my%20tenant%3F%20Great%20question%2C%20and%20soon%20we%E2%80%99ll%20make%20a%20report%20available%20to%20help%20you%20easily%20answer%20that%20question%20for%20yourself.%20It%E2%80%99s%20a%20report%20that%20provides%20tenant%20admins%20with%20a%20simple%20way%20to%20determine%20who%20is%20using%20Basic%20Auth%20so%20you%2C%20the%20admin%2C%20can%20see%20how%20large%20of%20a%20task%20you%20have%20on%20your%20hands.%3C%2FBLOCKQUOTE%3E%3CP%3EIs%20the%20Azure%20AD%20Sign-in%20Log%20supposed%20to%20be%20that%20report%3F%26nbsp%3B%20If%20so%2C%20I%20think%20I%20need%20further%20guidance%20on%20how%20to%20interpret%20it.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20at%20the%20Azure%20AD%20Sign-in%20Log%20for%20the%20last%207%20days%2C%20I%20see%20successful%20logins%20with%20%22Client%20App%22%20values%20at%20the%20following%20rates%3A%3C%2FP%3E%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EBrowser%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E73.64%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EPOP%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E12.42%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EExchange%20ActiveSync%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E8.46%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EIMAP%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E3.14%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EUnknown%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E1.06%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EMobile%20Apps%20and%20Desktop%20clients%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E0.76%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EExchange%20Web%20Services%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E0.51%25%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20my%20understanding%20that%20Exchange%20ActiveSync%2C%20POP%20and%20IMAP%20can%20all%20be%20used%20with%20or%20without%20Modern%20Authentication.%26nbsp%3B%20How%20do%20I%20know%20which%20one%20is%20being%20used%3F%26nbsp%3B%20And%20what%20should%20I%20assume%20about%20%22Unknown%22%2C%20%22Mobile%20Apps%20and%20Desktop%20clients%22%2C%20and%20%22Exchange%20Web%20Services%22%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E99%25%20of%20the%20%22Unknown%22%20entries%20list%20%22Office%20365%20SharePoint%20Online%22%20as%20the%20Application.%26nbsp%3B%20The%20remaining%201%25%20lists%20%22Microsoft%20Teams%22%20with%20%22Cross%20tenant%20access%20type%22%20set%20to%20%22b2bCollaboration%22.%3C%2FLI%3E%3CLI%3EThe%20Application%20listed%20for%20%22Mobile%20Apps%20and%20Desktop%20clients%22%20is%20a%20mix%20of%20%22Windows%20Sign%20in%22%2C%20%22Microsoft%20Teams%22%2C%20%22Microsoft%20Office%22%2C%20and%20%22%26nbsp%3BApple%20Internet%20Accounts%22%3C%2FLI%3E%3CLI%3EThe%20Application%20listed%20for%20%22Exchange%20Web%20Services%22%20is%20%22Office%20365%20Exchange%20Online%22%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790291%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167203%22%20target%3D%22_blank%22%3E%40Kevin_Hamilton%3C%2FA%3E%26nbsp%3Bin%20the%20Client%20App%20filter%2C%20deselect%20Web%20and%20Mobile%20Apps%20and%20Desktop%20clients.%20Only%20the%20stuff%20below%20that%20line%20is%20interesting%20for%20this%20exercise.%20Those%20are%20the%20clients%20using%20basic.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3Cspan%20class%3D%22lia-inline-image-display-wrapper%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3Cimg%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F313234iA862773C38A55C31%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22legacy.png%22%20alt%3D%22legacy.png%22%20%2F%3E%3C%2Fspan%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPic%20courtesy%20of%20Andy%20David%20who%20put%20this%20on%20Twitter%20just%20the%20other%20day.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790858%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790858%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20EWS%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20mean%20Impersonation%20for%20a%20service%20application%20would%20be%20affected%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790918%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790918%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BSo%20just%20to%20be%20clear%2C%20if%20you%20would%20have%20users%20using%20IMAP%20or%20EWS%20%3CSTRONG%3Ebut%20using%20Modern%20Authentication%3C%2FSTRONG%3E%2C%20are%20they%20shown%20as%20something%20else%20in%20the%20Sign-in%20logs%2C%20like%26nbsp%3B%3CSTRONG%3EMobile%20Apps%20and%20Desktop%20clients%3C%2FSTRONG%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790964%22%20slang%3D%22fr-FR%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790964%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20imap%2Fsmtp%20for%20our%20scanners%20to%20send%20email.%20I%20configure%20SMTP%20Auth%20for%20sending%20mail%2C%20it's%20work.%20But%20with%20this%20update%20if%20i%20corectly%20understand%20IMAP%20gonna%20be%20disssapear%20%3F%20What%20is%20the%20solution%20please%20%3F%20I%20need%20to%20use%20IMAP.%20I%20found%20a%20software%20nammed%20%22Davmail%22%20but%20it%20look%20like%20an%20old%20product.%26nbsp%3B%3C%2FP%3E%3CP%3EHelp%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791717%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791717%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1168589%22%20target%3D%22_blank%22%3E%40oaydogan%3C%2FA%3E%26nbsp%3BYour%20scanner%20checks%20for%20mail%20too%3F%20It%20reads%20mail%3F%20If%20it%20really%20does%2C%20and%20it%20can%20only%20use%20Basic%2C%20then%20I'm%20sorry%20to%20say%20it%20won't%20be%20able%20to%20use%20Exchange%20Online%20once%20we%20turn%20off%20Basic%20for%20IMAP.%20But%20most%20devices%20like%20that%20only%20send%20mail%2C%20which%20uses%20SMTP%2C%20so%20if%20it%20really%20only%20does%20send%2C%20you%20should%20be%20good.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3BCorrect.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32261%22%20target%3D%22_blank%22%3E%40Skeg%3C%2FA%3E%26nbsp%3BCorrect%20there%20too%2C%20assuming%20it's%20using%20a%20username%2Fpassword%20(i.e.%20Basic).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791747%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791747%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20%22...uses%20SMTP%2C%20so%20if%20it%20really%20only%20does%20send%2C%20you%20should%20be%20good.%22%26nbsp%3B%20Okay%2C%20now%20I'm%20confused%20--%20I%20thought%20authenticated%20SMTP%20was%20going%20away%20since%20it%20falls%20under%20Basic%20Auth%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791782%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791782%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%3CSPAN%3E%26nbsp%3BThe%20blog%20mentions%20SMTP%20several%20times.%20We're%20not%20turning%20it%20off%20for%20those%20that%20still%20need%20to%20use%20it%2C%20and%20even%20if%20we%20do%2C%20you%20can%20turn%20it%20back%20on.%20SMTP%20is%20the%20exception%20(there's%20always%20one%20isn't%20there).%20Read%20the%20blog%20and%20FAQs%20again...%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIt%20also%20says%20at%20the%20end%20of%202022%20basic%20auth%20will%20be%20disabled%20which%20is%20obviously%20causing%20confusion.%20Why%20not%20explain%20the%20proper%20way%20of%20doing%20this%20securely%20instead%20of%20just%20ripping%20everyone%20that%20has%20a%20question%3F%20In%20the%20end%20it%20seems%20everyone%20wants%20the%20platform%20to%20be%20secure%20but%20there%20is%20clearly%20concern%20by%20lots%20of%20people%20regarding%20the%20best%20practices%20to%20get%20this%20wrapped%20up%20proactively%20before%20any%20deadlines.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791759%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3BThe%20blog%20mentions%20SMTP%20several%20times.%20We're%20not%20turning%20it%20off%20for%20those%20that%20still%20need%20to%20use%20it%2C%20and%20even%20if%20we%20do%2C%20you%20can%20turn%20it%20back%20on.%20SMTP%20is%20the%20exception%20(there's%20always%20one%20isn't%20there).%20Read%20the%20blog%20and%20FAQs%20again...%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64%22%20target%3D%22_blank%22%3E%40Tony%20Redmond%3C%2FA%3E%26nbsp%3Bdid%20a%20nice%20blog%20on%20the%20SMTP%20aspects%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Foffice365itpros.com%2F2021%2F09%2F27%2Fbasic-authentication-disappears-exchange-online%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ESMTP%20AUTH%20Exception%20Smoothens%20Path%20to%20Removal%20of%20Basic%20Auth%20in%20Exchange%20Online%20-%20Office%20365%20for%20IT%20Pros%20(office365itpros.com)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781773%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781773%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20needs%20to%20keep%20this%20around%20to%20support%20legacy%20equipment%20like%20MFC%2C%20MFP%20and%20other%20such%20devices%20not%20designed%20for%20modern%20authentication.%3C%2FP%3E%3CP%3ETelling%20us%20to%20upgrade%20or%20buy%20new%20is%20not%20very%20eco%20friendly.%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20not%20going%20to%20get%20rid%20of%20a%20piece%20of%20well%20working%20equipment%20just%20because%20Microsoft%20wants%20to%20be%20communist%20by%20dictating%20to%20what%20they%20think%20everyone%20should%20have%20or%20use.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2794092%22%20slang%3D%22fr-FR%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2794092%22%20slang%3D%22fr-FR%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%20not%20the%20scanner%20but%20me%20sometime%20i%20need%20to%20check%20sended%20emails.%20We%20have%20a%20lot%20of%20software%20using%20IMAP%20too...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795641%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795641%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20several%20headless%20back-end%20services%20that%20read%20various%20mailboxes%20through%20POP%20or%20IMAP.%20The%20Modern%20Auth%20flow%20requires%20a%20user%20to%20interact%20with%20the%20login%20screen%2C%20but%20these%20services%20do%20not%20have%20a%20user.%20Is%20there%20a%20way%20for%20back-end%20services%20to%20connect%20to%20POP%20or%20IMAP%20without%20Basic%20Auth%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795915%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795915%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1168589%22%20target%3D%22_blank%22%3E%40oaydogan%3C%2FA%3E%26nbsp%3BThe%20scanner%20can%20keep%20using%20SMTP%20AUTH%2FBasic%20to%20send%20mails.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECould%20you%20use%20a%20transport%20rule%20to%20copy%20messages%20it%20sends%20to%20you%2Fsome%20mailbox%3F%20As%20you%20won't%20be%20able%20to%20have%20it%20place%20messages%20in%20the%20Sent%20Items%20folder%20using%20IMAP%2FBasic.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThose%20other%20apps%20using%20IMAP%20need%20to%20be%20updated%20to%20use%20OAuth%2C%20or%20they%20need%20to%20stop%20using%20IMAP%20and%20switch%20to%20something%20else.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795962%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795962%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20be%20clear%2C%20will%20SMTP%20with%20basic%20authentication%20continue%20to%20work%20after%20October%201%2C%202022%3F%3C%2FP%3E%3CP%3EAccording%20to%20this%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSTRONG%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20%3CU%3Ewith%20the%20exception%20of%20SMTP%20Auth%3C%2FU%3E.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3Eit%20sounds%20like%20it%20should.%20But%20other%20places%20it%20sounds%20like%20it%20will%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20this%20for%20a%20few%20PaaS%20and%20third%20party%20hosted%20apps%2C%20that%20need%20to%20send%20mails%20from%20our%20domain%2C%20and%20we%20do%20not%20authorize%20them%20with%20SPF%20or%20DKIM%20as%20they%20should%20not%20be%20able%20to%20impersonate%20any%20user.%3C%2FP%3E%3CP%3ECurrently%20we%20use%20SMTP%20with%20basic%20auth%20%2B%20requirement%20for%20membership%20of%20a%20certain%20group%20and%20coming%20from%20a%20known%20IP.%3C%2FP%3E%3CP%3ESwitching%20to%20OAuth2.0%20would%20be%20great%2C%20but%20I%20doubt%20all%20the%20apps%20can%20support%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecond%2C%20which%20flows%20are%20supported%20for%20SMTP%20OAuth2.0%3F%3C%2FP%3E%3CP%3EI%20have%20tested%20it%20with%26nbsp%3BAuthorization%20Code%2C%26nbsp%3BResource%20Owner%20Password%20Credentials%20(not%20great%20either)%20and%26nbsp%3BClient%20Credentials%20(app%20only).%3C%2FP%3E%3CP%3EThe%20first%20two%20work%20fine%2C%20but%20I%20cannot%20get%26nbsp%3BClient%20Credentials%20flow%20working.%20And%20for%20a%20deamon%20that%20would%20be%20the%20obvious%20choice%2C%20I%20think.%3C%2FP%3E%3CP%3EI%20believe%20I%20sent%20mail%20previously%20with%20Client%20Credentials%20and%20the%20Graph%20API.%20But%20it%20is%20not%20a%20common%20standard%20like%20SMTP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795665%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795665%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1170238%22%20target%3D%22_blank%22%3E%40joshyeager%3C%2FA%3E%26nbsp%3B%20This%20could%20be%20a%20job%20for%20the%20Graph%20API%20and%20Azure%20AD%20app%20registrations.%20They%20can%20use%20certificates%20or%20client%20secrets%20to%20authenticate.%20(For%20an%20example%20of%20what%20this%20looks%20like%2C%20Lansweeper%20has%20users%20implementing%20Modern%20Authentication%20in%20this%20manner%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.lansweeper.com%2Fknowledgebase%2Fmicrosoft-graph-email-configuration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.lansweeper.com%2Fknowledgebase%2Fmicrosoft-graph-email-configuration%3C%2FA%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20these%20services%20are%20developed%20and%20maintained%20by%20a%20vendor%20or%20another%203rd%20party%2C%20the%20onus%20is%20on%20them%20to%20provide%20some%20type%20of%20Modern%20Authentication%20support.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795989%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795989%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1101242%22%20target%3D%22_blank%22%3E%40Jan11185%3C%2FA%3E%26nbsp%3Byes%2C%20SMTP%20AUTH%20with%20Basic%20will%20continue%20to%20work%20after%20October%201st%202022.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20will%20continue%20with%20the%20plan%20to%20turn%20it%20off%20for%20tenants%20not%20using%20(as%20many%20have%20it%20enabled%2C%20but%20don't%20use%20it).%20But%20even%20if%20we%20turn%20it%20off%2C%20they%20can%20turn%20it%20back%20on%20again%2C%20even%20after%20October%201st%202022.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAll%20other%20protocols%20will%20starting%20turning%20off%20from%20October%201st%202022.%20Regardless%20of%20usage.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESMTP%20OAuth%202.0%20does%20not%20support%20the%20client%20credential%20flow%20yet.%20We're%20looking%20to%20add%20that%2C%20but%20no%20timeline%20I%20can%20share%20at%20this%20time.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782011%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782011%22%20slang%3D%22en-US%22%3E%3CP%3EMike%2C%3C%2FP%3E%3CP%3ENo%20offense%20but%20thats%20not%20a%20good%20answer%2C%20there%20are%20so%20many%20legitimate%20use%20cases%20for%20these%20types%20of%20services.%20I%20have%20no%20doubt%20they%20will%20force%20this%20because%20they%20dont%20understand%20what%20daily%20use%20cases%20are%20but%20that%20doesn't%20make%20it%20smart%20or%20the%20correct%20choice.%20When%20you%20have%20suits%20making%20these%20decisions%20with%20no%20understanding%20of%20what%20they%20actual%20mean%20in%20the%20field%20its%20always%20going%20to%20be%20this%20way.%3C%2FP%3E%3CP%3EWhat%20about%20website%20contact%20forms%3F%20Are%20you%20going%20to%20use%20the%20auth%20app%20to%20approve%20that%20account%20every%20time%20the%20token%20gets%20renewed%3F%3C%2FP%3E%3CP%3EI%20am%20sure%20there%20are%20many%20many%20more%20things%20I%20am%20not%20thinking%20of%20at%20the%20moment%20that%20will%20be%20affected.%3C%2FP%3E%3CP%3EIn%20the%20end%20it%20probably%20wont%20matter%2C%20shills%20will%20shill%20and%20MS%20will%20just%20pull%20the%20trigger%20and%20after%20it%20shells%20everyone%20they%20will%20recant%2C%20re-enable%2C%20provide%20hack%20work%20arounds%20and%20on%20and%20on.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2801815%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2801815%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20I'd%20appreciate%20clarification%20on%20the%20scope%20of%20what%20will%20be%20permanently%20disabled%20on%201st%20October%202022%20please.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167714%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167714%22%20target%3D%22_blank%22%3E%40JanisZ595%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehas%20also%20asked%20this%20same%20question.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20following%20the%20MS%20guidance%20on%20filtering%20the%20Azure%20AD%20Sign-In%20Reports%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-auth-and-exchange-online-february-2020-update%2Fba-p%2F1191282%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-auth-and-exchange-online-february-2020-update%2Fba-p%2F1191282%3C%2FA%3E%26nbsp%3B)%20for%20basic%20auth%20which%20includes%2013%20line%20items%26nbsp%3B%3CSTRONG%3EOther%20Clients%3C%2FSTRONG%3E%20we%20get%20the%20following%20records.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EClient%20App%3A%20Other%20Clients%3C%2FP%3E%3CP%3EApplication%3A%20%3CSTRONG%3EOffice%20635%20SharePoint%20Online%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20and%20any%20other%20non%20Exchange%2FEmail%20related%20basic%20auth%20protocols%20also%20be%20disabled%3F%26nbsp%3B%20The%20article%20is%20very%20Exchange%20Online%20focused%2C%20but%20also%20states%20%22%3C%2FP%3E%3CP%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20%3CSTRONG%3Edisable%20Basic%20Auth%3C%2FSTRONG%3E%20in%20all%20tenants%2C%20%3CSTRONG%3Eregardless%20of%20usage%3C%2FSTRONG%3E%2C%20with%20the%20exception%20of%20SMTP%20Auth.%22%20which%20I%20assume%20includes%20the%20SharePoint%20Online%20scenario.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782066%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782066%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%26nbsp%3B100%25%20agree.%26nbsp%3B%20When%20we%20migrate%20new%20customers%20to%20Office%20365%20that%20have%20MFD%2C%20legacy%20applications%2Fservices%2C%20etc..%20we%20have%20them%20route%2Frelay%20through%20a%20connector%20on%20their%20Hybrid%20Exchange%20Server%20or%20other%20on-premises%20SMTP%20Relay%20service%2Fappliance%20to%20Office%20365.%26nbsp%3B%20It's%20a%20simple%20solution%20for%20those%20devices%20and%20apps%20that%20need%20to%20relay%20to%20users%20outside%20the%20org%20via%20Office%20365%2C%20but%20can't%20or%20don't%20need%20to%20login%20into%20a%20mailbox%20or%20do%20SMTP%20Auth%20and%20I%20have%20yet%20to%20see%20a%20customer%20where%20this%20solution%20doesn't%20work.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2809116%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2809116%22%20slang%3D%22en-US%22%3E%3CP%3EI%20love%20this.%20%26nbsp%3BHOWEVER%20-%20nowhere%20do%20you%20mention%20that%20for%20new%20tenants%2C%20Basic%20Auth%20is%20disabled%20automatically.%20%26nbsp%3B1%20support%20ticket%2C%2010%20days%20of%20back%20and%20forth%2C%20and%20a%20critical%20service%20for%20our%20company%20being%20down%2C%20I%20finally%20went%20through%20and%20checked%20this%20and%20opted%20out%20anyway%20and%20Basic%20Auth%20for%20POP3%20is%20working%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHorrific%20support%20and%20missing%20information.%20%26nbsp%3BMicrosoft%20Support%20is%20always%20disappointing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2809136%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2809136%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3BThat%20traffic%20appears%20to%20be%20against%20SharePoint%20Online%2C%20so%20the%20answer%20is%20no%2C%20it%20won't%20be%20disabled.%20I%20don't%20know%20what%20that%20connection%20could%20be%20for%2C%20keep%20looking%2C%20but%20%3CSTRONG%3Ewe're%20only%20blocking%20Basic%20for%20auth%20against%20Exchange%20Online%20with%20the%20changes%20covered%20by%20this%20article%20and%20related%20content%3C%2FSTRONG%3E.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1174437%22%20target%3D%22_blank%22%3E%40mdiorio%3C%2FA%3E%26nbsp%3BSecurity%20Defaults%20is%20used%20to%20block%20Legacy%2FBasic%20for%20new%20tenants.%20Are%20you%20sure%20it%20wasn't%20that%20which%20resulted%20in%20blocking%20POP3%3F%20Did%20you%20get%20a%20MC%20post%20saying%20we%20were%2Fhad%20blocked%20Basic%20Auth%3F%20Sorry%20it%20took%20so%20long%20to%20resolve%2C%20we're%20working%20hard%20to%20give%20support%20the%20tools%20they%20need%2C%20but%20we'll%20take%20that%20as%20a%20sign%20we're%20not%20there%20yet.%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2813344%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813344%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EOffice%20365%20reporting%20services%20are%20still%20using%20Basic%20auth%2C%20any%20ETA%20to%20replace%20this%20with%20MS%20Graph%20API%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2813412%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813412%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1084178%22%20target%3D%22_blank%22%3E%40dmbuk%3C%2FA%3E%26nbsp%3BWe'll%20have%20news%20soon%20on%20this.%20As%20they%20say%20(still%2C%20despite%20no-one%20having%20tuned%20a%20radio%20in%20for%20years)%20-%20stay%20tuned!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2815233%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2815233%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20basic%20auth%20is%20being%20retired%20and%20we%20can%20only%20use%20service%20principals%20with%20app-based%20authentication%20in%20Exchange%20Online%2C%20are%20there%20plans%20to%20support%20more%20than%20the%20roles%20listed%20here%3F%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EApp-only%20authentication%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EGlobal%20administrator%3C%2FLI%3E%3CLI%3ECompliance%20administrator%3C%2FLI%3E%3CLI%3ESecurity%20reader%3C%2FLI%3E%3CLI%3ESecurity%20administrator%3C%2FLI%3E%3CLI%3EHelpdesk%20administrator%3C%2FLI%3E%3CLI%3EExchange%20administrator%3C%2FLI%3E%3CLI%3EGlobal%20Reader%3C%2FLI%3E%3C%2FUL%3E%3CP%3EUse%20case%3A%20I%20have%20an%20app%2C%20OpenText%2C%20that%20runs%20powershell%20commands%20to%20set%20Legal%20Hold.%20Currently%2C%20Legal%20Hold%20is%20only%20supported%20in%20the%20Global%20Admin%20and%20Exchange%20Admin%20roles%20above%2C%20so%20I%20have%20to%20give%20them%20the%20%E2%80%9Ckeys%20to%20the%20castle%E2%80%9D%20and%20that%20is%20unacceptable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20a%20user%20with%20basic%20auth%2C%20I%20simply%20grant%20them%20app%20role%20access%20to%20Legal%20Hold%20and%20have%20the%20app%20run%20with%20a%20long%20randomized%20username%20and%20password%20that%20is%20no%20different%20than%20using%20a%20service%20principal%20client%20secret%2C%20and%20now%20and%20I%20have%20a%20best%20practices%20config.%20Switching%20to%20modern%20auth%20and%20CBA%2C%20I%20can%20now%20no%20longer%20do%20that%20with%20a%20service%20principal%20and%20my%20only%20option%20is%20a%20wildly%20insecure%20alternative.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20the%20plans%20within%20this%20module%20to%20address%20this%20gap%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2818956%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2818956%22%20slang%3D%22en-US%22%3E%3CP%3EPost%20October%202022%2C%20will%20using%20app%20passwords%20to%20authenticate%20for%20example%2C%20via%20IMAP%2C%20still%20work%3F%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%26nbsp%3B%20Thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2824377%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824377%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20was%20an%20August%2027th%202021%20article%20titled%20%22%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-blog%2Fnew-minimum-outlook-for-windows-version-requirements-for%2Fba-p%2F2684142%22%20target%3D%22_self%22%3E%3CSPAN%3ENew%20minimum%20Outlook%20for%20Windows%20version%20requirements%20for%20Microsoft%20365%3C%2FSPAN%3E%3C%2FA%3E%22%20mentioning%20November%201st%202021%20as%20the%20date%20that%20services%20in%20Outlook%202010%20will%20no%20longer%20be%20able%20to%20connect%20to%20Exchange.%20This%20was%20a%20follow%20up%20to%20the%20February%204th%202021%20article%20titled%20%22%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_self%22%3E%3CSPAN%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20February%202021%20Update%3C%2FSPAN%3E%3C%2FA%3E%22%20that%20mentioned%20a%20year%20deadline%20from%20the%20time%20the%20program%20continues%20which%20was%20still%20TBD%20as%20of%20August.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20newer%20article%20seems%20to%20contradict%20the%20August%20article%20and%20reinforce%20the%20Oct%201%202022%20date.%20Is%20this%20article%20saying%20that%20the%20date%20set%20in%20August%20for%20November%201st%202021%20has%20been%20pushed%20back%20to%20October%201st%202022%3F%20This%20would%20be%20a%20massive%20sigh%20of%20relief.%20If%20not%2C%20what%20is%20this%20article%20stating%20that%20i%20don't%20understand%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJackson%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2824934%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824934%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%2C%26nbsp%3Bfollowing%20up%20on%20my%20query.%20This%20is%20a%20legitimate%20use%20case%20and%20loss%20of%20functionality.%20Is%20it%20possible%20to%20request%20an%20Opt-Out%20ONLY%20for%20exchange%20powershell%2C%20and%20perhaps%20limit%20it%20to%20an%20individual%20user(s)%20while%20still%20shutting%20down%20basic%20auth%20across%20all%20other%20services%3F%20Unless%20the%20app-based%20authentication%20is%20going%20to%20be%20updated%20to%20allow%20service%20principals%20to%20be%20assigned%20permissions%20with%20the%20same%20granularity%20as%20a%20user%2C%20this%20is%20an%20unacceptable%20loss%20of%20functionality%20that%20we%20cannot%20tolerate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2837165%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2837165%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAt%20some%20point%2C%20Pop3%20OAuth%20access%20stopped%20working%20for%20outlook.com%2Flive.com%20accounts.%20Any%20attempt%20to%20login%20using%20OAuth%20fails%20with%20%22unknown%20user%20name%20or%20bad%20password%22.%26nbsp%3BPOP%20is%20enabled%20in%20the%20mailbox%20settings%20and%20IMAP%20still%20works%20perfectly.%26nbsp%3B%20Also%2C%20it's%20not%20an%20issue%20for%20O365%20accounts%2C%20only%20for%20personal%20outlook%2Flive%20accounts.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAre%20there%20any%20known%20issues%20related%20to%20that%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2838139%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2838139%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F522206%22%20target%3D%22_blank%22%3E%40EugeneY%3C%2FA%3E%26nbsp%3B-%20Sorry%2C%20no%20idea%20what%20that%20is.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2842553%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2842553%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3Bno%20follow%20up%20was%20provided%20from%20you%20after%20a%20week.%20I%20opened%20a%20support%20ticket%20and%20this%20is%20what%20I%20was%20informed%20(the%20query%20went%20to%20the%20backend%20team%20I%20was%20told)%3A%3C%2FP%3E%3CP%3E%22such%20granular%20level%20of%20filtering%20cannot%20be%20provided%2C%20until%20the%20compatibility%20is%20covered%20for%20Modern%20authentication%20under%20the%20same%20by%20next%20year.%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20it%20appears%20my%20forward%20guidance%20is%20to%20continue%20to%20use%20a%20basic%20authentication%20user%20to%20gain%20the%20granularity%20I%20require%20until%20this%20is%20made%20available%20for%20the%20app-based%20authentication%20flow%2C%20and%20that%20it%20is%20planned%20prior%20to%20disablement%20of%20basic%20auth.%20Fingers%20crossed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2842576%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2842576%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F461253%22%20target%3D%22_blank%22%3E%40JGrote%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20currently%20working%20on%20allowing%20Service%20Principals%20to%20support%20granular%20roles%20as%20it%20is%20currently%20allowed%20for%20users.%20This%20is%20an%20active%20work%20in%20progress%20and%20we%20hope%20to%20preview%20this%20feature%20some%20time%20early%20next%20year.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECC%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2872830%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2872830%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20improvement.%20And%20I%20have%20the%20same%20question%20too%3A%20Should%20Microsoft%20provide%20guide%20to%20devices%20provider%20to%20make%20devices%20like%20MFC%2FMFP%2C%20Meeting%20room%20devices%20to%20support%20modern%20authentication%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874169%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874169%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20Avaya%E2%80%99s%20contact%20center%2C%20which%20pulls%20emails%20using%20IMAP%20and%20can%20only%20connect%20to%20our%20tenant%20via%20basic%20auth%20at%20this%20time.%20As%20our%20vendor%20has%20no%20plans%20to%20update%20their%20software%2C%20and%20this%20process%20is%20critical%20to%20our%20company%2C%20what%20are%20we%20supposed%20to%20do%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874354%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874354%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1193198%22%20target%3D%22_blank%22%3E%40Shaafdiesel%3C%2FA%3E%26nbsp%3B-%20Did%20Avaya%20say%20they%20weren't%20going%20to%20do%20anything%3F%20Did%20you%20actually%20contact%20them%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874369%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874369%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BWe've%20been%20asking%20them%20about%20this%20for%20a%20few%20years%20now.%20We%20opened%20a%20new%20case%20with%20them%20recently%20in%20this%20regard%2C%20and%20are%20still%20waiting%20to%20see%20if%20they%20can%20push%20it%20up%20their%20management%20chain%20to%20get%20some%20traction%20on%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874372%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874372%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1193198%22%20target%3D%22_blank%22%3E%40Shaafdiesel%3C%2FA%3E%26nbsp%3Bok%2C%20thanks.%20I'll%20add%20them%20to%20my%20list%20of%20partners%20to%20chase%20down.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2881064%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2881064%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Ewhat%20do%20we%20do%20with%20the%20PublicFolder%20Sync%20in%20hybrid%20environments%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcollaboration%2Fpublic-folders%2Fconfigure-legacy-public-folders-for-hybrid%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcollaboration%2Fpublic-folders%2Fconfigure-legacy-public-folders-for-hybrid%3Fview%3Dexchserver-2019%3C%2FA%3E%3C%2FP%3E%3CP%3EThese%20scripts%20still%20only%20support%20basic%20auth.%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2883686%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2883686%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20reviewing%20our%20Intune%20MDM%20settings.%20For%20fully%20enrolled%20devices%2C%20iOS%20uses%20Exchange%20Active%20Sync%20(EAS).%20EAS%20and%20EWS%20are%20also%20used%20for%20native%20Apple%20mail%20and%20calendar%2C%20even%20if%20Modern%20Auth%20is%20enabled.%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3E1.%20If%20EAS%20and%20EWS%20will%20be%20retired%2C%20how%20will%20Intune%20Admins%20create%20a%20management%20iOS%20profile%20for%20fully%20enrolled%20devices%3F%3C%2FP%3E%3CP%3E2.%20How%20will%20iOS%20devices%20be%20fully%20enrolled%20when%20EAS%20and%20EWS%20will%20be%20retired%3F%3C%2FP%3E%3CP%3E2.%20The%20setting%20to%20make%20Outlook%20for%20iOS%20as%20the%20default%20mail%20app%20is%20enabled%20at%20the%20user%20level%20-%20I%20can't%20find%20a%20way%20to%20make%20the%20Outlook%20mobile%20app%20as%20the%20default%20email%20app%20in%20fully%20enrolled%20devices.%20Any%20references%20on%20how%20to%20do%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2887381%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2887381%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1195057%22%20target%3D%22_blank%22%3E%40apexxx%3C%2FA%3E%26nbsp%3B-%20that%20script%20is%20being%20worked%20on%20and%20will%20support%20Modern%20Auth%20in%20due%20course.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6110%22%20target%3D%22_blank%22%3E%40Emy%20Loanzon%3C%2FA%3E%26nbsp%3B-%20EWS%20and%20EAS%20are%20not%20being%20retired.%20Only%20Basic%20Auth%20for%20those%20protocols%20is%20being%20retired.%20They%20will%20continue%20to%20be%20available%20with%20OAuth.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENot%20sure%20on%20the%20Intune%2FMDM%20questions%20myself%2C%20you%20might%20wany%20to%20try%20there%20if%20no-one%20can%20answer%20here.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2887818%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2887818%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6110%22%20target%3D%22_blank%22%3E%40Emy%20Loanzon%3C%2FA%3E%26nbsp%3B-%20You%20can%20use%20Intune%20to%20push%20Outlook%20for%20iOS%20to%20the%20device%20and%20use%20Conditional%20Access%20to%20block%20the%20native%20EAS%20client.%20This%20will%20essentially%20force%20the%20end%20user%20to%20use%20Outlook%20mobile%20to%20access%20corporate%20email.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAFAIK%20you%20cannot%20change%20the%20default%20mail%20client%20using%20Intune.%20Doing%20so%20may%20prevent%20end-users%20from%20using%20the%20native%20email%20app%20to%20access%20other%20mail%20platforms%20from%20their%20device%20that%20are%20not%20supported%20by%20Outlook%20mobile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2924910%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2924910%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI%20have%20Exchange%202013%20CU23%20running%20in%20on-premises%20in%20a%20hybrid%20scenario%20with%20Exchange%20online%2C%20and%20AAD%20connect%20setup%20for%20Pass-through%20authentication%20(Autodiscover%2C%20MX%20records%20pointing%20to%20on-prem).%20All%20active%20users%20have%20been%20migrated%20to%20Exchange%20Online%20and%20using%20a%20mix%20of%20clients%2C%20but%20majority%20running%20Outlook%202016%2B.%20Due%20to%20auth%20being%20handled%20by%20our%20on-prem%20AD%20because%20of%20the%20pass-through%20config%2C%20will%20the%20conditional%20access%20policies%20I%20apply%20to%20users%20in%20Azure%20AD%20to%20block%20basic%20authentication%20work%3F%20if%20not%2C%20will%20configuring%20a%20New-authenticationpolicy%20and%20assigning%20to%20users%20work%20as%20described%20in%20this%20article%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%3C%2FA%3E%3C%2FP%3E%3CP%3EThe%20above%20article%20does%20not%20provide%20much%20information%20for%20hybrid%20scenarios%20like%20my%20case.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2926980%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2926980%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1185792%22%20target%3D%22_blank%22%3E%40mohsan466%3C%2FA%3E%26nbsp%3BFor%20connectivity%20to%20mailboxes%20--%20Passthrough%20authentication%20isn't%20making%20authentication%20go%20to%20your%20on-prem%20Exchange%20servers.%26nbsp%3B%20Authentication%20to%20a%20mailbox%20homed%20in%20Exchange%20Online%20is%20happening%20between%20Outlook%20and%20Azure%20AD.%26nbsp%3B%20(Passthrough%20authentication%20is%20only%20making%20Azure%20AD%20talk%20to%20on-prem%20agents%20to%20validate%20your%20password%20against%20AD%20DS.)%20You'll%20just%20follow%20all%20the%20normal%20guidance%20in%20documentation%20regarding%20the%20disabling%20of%20basic%20authentication%2C%20i.e.%20your%20blocking%20of%20basic%20auth%20via%20Conditional%20Access%20will%20work%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785444%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785444%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F285725%22%20target%3D%22_blank%22%3E%40ajc196%3C%2FA%3E%26nbsp%3Bok%2C%20not%20sure%20I%20entirely%20follow%2C%20but%20it%20sounds%20like%20you%20know%20what%20you%20need%20to%20do.%20So%20good%20luck.%20Make%20sure%20you%20follow%20the%20opt%20out%20steps%20above%20so%20we%20don't%20touch%20your%20tenant%20inadvertently%20between%20now%20and%20October%202022.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957176%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957176%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%3EI'm%20not%20sure%20if%20the%20pop%20protocol%20you%20mentioned%20includes%20pop3%2C%20and%20what%20new%20protocol%20should%20I%20use%20instead%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957232%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957232%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%3EThank%20you%20very%20much%20for%20your%20answer%2C%20but%20I%20want%20to%20know%20what%20alternative%20protocols%20I%20can%20use%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957443%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1216012%22%20target%3D%22_blank%22%3E%40Xiaowei999%3C%2FA%3E%26nbsp%3BIt%20depends%20on%20what%20you%20are%20trying%20to%20do%2Fuse.%20You%20can%20use%20all%20the%20other%20protocols%20we%20support%20with%20OAuth%20-%20Graph%2FEWS%20for%20scripts%2Fapps%2C%20POP%2C%20IMAP%2C%20EAS%2C%20MAPI%2FHTTP%20for%20client%20apps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2964276%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2964276%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20difference%20between%20the%20use%20of%20Modern%20authentication%20in%20sending%20and%20receiving%20emails%20and%20Basic%20Authentication%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2974821%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2974821%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20a%20great%20resource%20for%20those%20looking%20to%20eliminate%20basic%20auth%20from%20their%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELike%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1084178%22%20target%3D%22_blank%22%3E%40dmbuk%3C%2FA%3E%26nbsp%3Bwe%20also%20have%20a%20number%20of%20use%20cases%20for%20Office%20365%20web%20services%20in%20our%20in%20environment.%26nbsp%3B%20You%20mentioned%20at%20the%20beginning%20of%20October%20that%20%22%3CSPAN%3E%3CSTRONG%3EWe'll%20have%20news%20soon%20on%20this%3C%2FSTRONG%3E.%20As%20they%20say%20(still%2C%20despite%20no-one%20having%20tuned%20a%20radio%20in%20for%20years)%20-%20stay%20tuned!%20%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EPlease%20can%20you%20provide%20an%20update.%26nbsp%3B%20Has%20anything%20been%20announced%20as%20yet.%26nbsp%3B%20I've%20not%20seen%20anything%20but%20may%20have%20missed%20it%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2973038%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2973038%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20several%20custom%20SaaS%20scripts%20and%20PHP%20applications%20we%20depend%20on%20for%20day%20to%20day%20business%20operations%20that%20use%20our%20Microsoft%20365%20Exchange%20service%20to%20send%20and%20fetch%20email%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esmtp.office365.com%3C%2FP%3E%3CP%3Eport%3A587%3C%2FP%3E%3CP%3Ewith%20an%20application%20password%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eas%20well%20as%20IMAP%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eoutlook.office365.com%3C%2FP%3E%3CP%3Eport%3A%20993%3C%2FP%3E%3CP%3Ewith%20an%20application%20password%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20proper%20way%20to%20replace%20these%20methods%20with%20the%20supported%20modern%20authentications%20after%20basic%20auth%20has%20been%20retired%3F%26nbsp%3B%20Will%20scripts%20that%20call%20IMAP%20servers%20with%20login%20info%20even%20work%20anymore%20after%20basic%20auth%20retirement%3F%26nbsp%3B%20Is%20there%20a%20KB%20explaining%20the%20proper%20way%20to%20replace%20SMTP%20and%20IMAP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20anyone%20can%20provide%20some%20guidance%20so%20we%20have%20time%20to%20prepare%2C%20that%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2975648%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2975648%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1216012%22%20target%3D%22_blank%22%3E%40Xiaowei999%3C%2FA%3E%26nbsp%3B-%20If%20you%20can%20use%20the%20same%20app%2Fcode%20and%20just%20change%20the%20auth%20being%20used%20-%20none.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94389%22%20target%3D%22_blank%22%3E%40SuperAJ%3C%2FA%3E%26nbsp%3B-%20take%20a%20look%20at%20these%20pages%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Flegacy-protocols%2Fhow-to-authenticate-an-imap-pop-smtp-application-by-using-oauth%23%3A~%3Atext%3DAuthenticate%2520an%2520IMAP%252C%2520POP%2520or%2520SMTP%2520connection%2520using%2Caccess%2520token.%2520...%25204%2520Authenticate%2520connection%2520requests.%2520%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAuthenticate%20an%20IMAP%2C%20POP%20or%20SMTP%20connection%20using%20OAuth%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fuser-sendmail%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESend%20mail%20-%20Microsoft%20Graph%20v1.0%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3B-%20The%20team%20that%20own%20that%20said%20they%20had%20news%20coming.%20Maybe%20they%20are%20busy%20transmitting%20on%20some%20old-fashioned%20radio%20frequency%20and%20we're%20not%20listening.....%3F%20I'll%20check%20with%20them.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2997120%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2997120%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20anyone%20recommend%20a%20good%20alternative%20mail%20app%20to%20the%20Outlook%20app%20for%20Android%20that%20supports%20modern%20authentication%20and%20is%20compatible%20with%20Office%20365%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.microsoft.office.outlook%26amp%3Bhl%3Den_US%26amp%3Bgl%3DUS%26amp%3BshowAllReviews%3Dtrue%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EMicrosoft%20Outlook%20-%20Apps%20on%20Google%20Play%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20noted%20that%20the%20Outlook%20app%20for%20Android%20from%20the%20Google%20Play%20Store%20has%20lots%20of%20users%20reporting%20issues%20with%26nbsp%3Bmessages%20not%20loading%20and%20the%20ice%20cream%20cone%2C%20and%20it%20would%20be%20good%20to%20offer%20users%20some%20alternatives.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3028472%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3028472%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94389%22%20target%3D%22_blank%22%3E%40SuperAJ%3C%2FA%3E%26nbsp%3B-%20yes%2C%20app%20passwords%20will%20still%20work%20for%20SMTP.%20But%20not%20for%20any%20of%20the%20protocols%20we%20are%20completely%20disabling.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3028861%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3028861%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1177498%22%20target%3D%22_blank%22%3E%40langersit%3C%2FA%3E%26nbsp%3B-%20I%20clarified%20my%20comment%2C%20I%20have%20a%20cold%2C%20brain%20a%20bit%20slow%20today.%20For%20apps%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fauthentication-vs-authorization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAuthentication%20vs.%20authorization%20-%20Microsoft%20identity%20platform%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Band%20I%20would%20suggest%20getting%20away%20from%20all%20those%20protocols%20you%20listed%20and%20switching%20to%20EWS%2C%20or%20preferably%2C%20Graph.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3031427%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3031427%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20scenario%20where%20applications%20that%20run%20infrequently%20but%20regularly%20needs%20to%20be%20able%20to%20send%2Freceive%20emails%20(thus%20authenticate%20without%20user%20interaction).%3CBR%20%2F%3EIt%20can%20be%20anything%20from%20minutes%20up%20to%20several%20months%20between%20each%20run%20of%20these%20applications.%3C%2FP%3E%3CP%3EFrom%20what%20I%20understand%20reading%20this%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Flegacy-protocols%2Fhow-to-authenticate-an-imap-pop-smtp-application-by-using-oauth%23get-an-access-token%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Flegacy-protocols%2Fhow-to-authenticate-an-imap-pop-smtp-application-by-using-oauth%23get-an-access-token%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%2C%20an%20AccessToken%20issued%20by%20the%20Client%20credentials%20grant%20flow%20is%20not%20an%20option%20when%20you%20authenticate%20with%20XOAUTH2%20mechanism.%20Just%20to%20be%20clear%3B%20are%20we%20forced%20to%20use%20Microsoft%20GraphAPI%20then%2C%20in%20order%20to%20send%2Freceive%20emails%20when%20we%20use%20Exchange%20online%20and%20have%20no%20possibility%20to%20have%20user%20interaction%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3051114%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3051114%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BAt%20this%20moment%20MS%20Teams%20is%20dependent%20on%20EWS%20for%20showing%20the%20Calendar%20in%20the%20app.%20Will%20that%20change%20before%20October%202022%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3051460%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3051460%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F37938%22%20target%3D%22_blank%22%3E%40A%20D%3C%2FA%3E%26nbsp%3BIf%20I%20disable%20EWS%20for%20an%20user%20(even%20myself)%2C%20the%20Calendar%20app%20disappears%20or%20cannot%20sync%20anymore%20within%20Teams.%3C%2FP%3E%3CP%3EI%20even%20notice%20that%20the%20OOF%20within%20Outlook%20uses%20EWS.%20With%20EWS%20enabled%20I%20can%20edit%20my%20OOF%20settings.%20But%20if%20I%20have%20EWS%20disabled%2C%20when%20I%20click%20on%20the%20OOF%20settings%20button%20it%20cannot%20contact%20the%20server.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3052276%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3052276%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F285725%22%20target%3D%22_blank%22%3E%40ajc196%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20info%2C%20it%20seems%20I%20have%20seen%20this%20a%20little%20too%20%22black%20and%20white%22.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3056111%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3056111%22%20slang%3D%22en-US%22%3E%3CP%3EHappy%20New%20Year%20to%20you%20too%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3BThe%20team%20who%20own%20that%20had%20a%20slight%20delay%20but%20tell%20me%20end%20of%20January%20we'll%20have%20the%20update.%20Sorry%20for%20the%20continued%20delay.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3064255%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3064255%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20was%20a%20caught%20a%20bit%20off%20guard%20and%20would%20appreciate%20some%20clarification%20from%20MS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20a%20small%20company%20providing%20a%20ticketing%2Fhelpdesk%20product%20which%20connects%20to%20IMAP%2FPOP%20mailboxes%20to%20create%20tickets%20from%20incoming%20emails%20to%20a%20central%20address.%20So%20our%20app%20is%20the%20user%20here%20and%20we%20cannot%20authenticate%20with%20the%20regular%20user%20bound%20OAuth%20mechanisms.%20We%20are%20connecting%20to%20many%20different%20backend%20servers%20via%20IMAP%2C%20so%20implementing%20Graph%20solely%20for%20one%20vendor%20(MS)%20would%20be%20a%20huge%20burden%20for%20us%20since%20we'd%20need%20to%20maintain%20both%20protocols%20for%20sending%2Freceiving%20emails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20far%20my%20understanding%20was%20that%20Oauth%20Client%20Credential%20Flow%20for%20IMAP%2FPOP%20was%20the%20feature%20we%20are%20waiting%20for%20to%20support%20our%20setup%20with%20Oauth%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D70577%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D70577%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20was%20announced%20to%20be%20GA%20for%20December%202021%20but%20just%20recently%20was%20changed%20to%20be%20GA%20in%20June%202022.%20With%20the%20announced%20shutdown%20of%20basic%20auth%20in%20October%20this%20leaves%20less%20than%203%20months%20for%20vendors%20like%20us%20as%20timeframe%20to%20adapt%2C%20implement%20and%20test%20this%20new%20flow.%26nbsp%3BThis%20must%20be%20some%20misunderstanding%20on%20my%20side%2C%20what%20am%20I%20missing%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3065309%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3065309%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1278841%22%20target%3D%22_blank%22%3E%40Jan089%3C%2FA%3E%26nbsp%3B-%20we%20still%20intend%20shipping%20that%20feature%2C%20but%20hit%20some%20roadblocks.%20We%20are%20actively%20working%20on%20it%20now.%20I%20do%20hope%20it%20will%20come%20sooner%20than%20end%20of%20June%2C%20but%20I%20didn't%20want%20to%20push%20the%20date%20again.%20So%20consider%20June%20worst%20case%20scenario.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3065431%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3065431%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%2C%20really%20appreciate%20your%20time%20to%20clarify%20things%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20you%20understand%20I%20cannot%20base%20the%20response%20plan%20to%20this%20whole%20change%20for%20our%20product%20on%20hope.%20I%20am%20not%20sure%20whether%20I%20still%20miss%20something%2C%20can%20you%20please%20confirm%20or%20clarify%20and%20comment%20my%20understanding%20below%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMS%20will%20shutdown%20basic%20authentication%20for%20Exchange%20online%20from%201st%20of%20October.%20Basically%20any%20vendor%20or%20provider%20of%20software%20and%20systems%20which%20poll%20a%20central%20mailbox%20like%20service%40%20or%20sales%40%26nbsp%3Bto%20create%20cases%20from%20emails%20is%20affected.%20This%20is%20helpdesk%2C%20ticketing%2C%20CRM%2C%20workflow%2C%20case%20management%20and%20many%20more%20domains.%20Mail%20polling%20can%20simply%20stop%20working%20overnight%20from%201st%20of%20October%20unless%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20the%20sw%20vendor%20has%20implemented%20polling%20emails%20via%20Graph%20API%20and%20switched%20to%20modern%20auth%20there%20meanwhile%20and%20accepted%20the%20double%20work%20of%20maintaining%20two%20protocols%20for%20email%20polling%3C%2FP%3E%3CP%3E2)%20the%20vendor%20has%20implemented%20the%20mentioned%20Client%20Credentials%20Flow%20for%20IMAP%20feature%20which%20is%20targeted%20GA%20end%20of%20June.%20That%20leaves%203%20months%20for%20dev%2FQA%2C%20rollout%20and%20upgrades%20of%20the%20whole%20customer%20base%20of%20our%20product.%20That's%20not%20a%20doable%20timeframe%20for%20us%20and%20not%20for%20any%20product%20vendor%20I%20assume.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20only%20viable%20option%20seems%20to%20be%20to%20implement%20Graph%20API%20email%20polling%20now%2C%20but%20I%20still%20feel%20like%20I%20miss%20some%20back%20door%20or%20option%20out.%20We're%20a%20tiny%20fish%20but%20have%20all%20the%20Zendesks%2C%20Freshdesks%2C%20Salesforces%20etc.%20in%20the%20field%20realized%20all%20this%20and%20adapted%20their%20implementations%20to%20Graph%20already%3F%20Or%20is%20this%20mostly%20unknown%20and%20there%20will%20be%20a%20huge%20rage%20storm%20once%20October%20comes%20closer%20from%20that%20direction%20causing%20another%20lifesaver%20grace%20period%20for%20basic%20auth%20(making%20us%20the%20stupids%20who%20invested%20in%20a%20proprietary%20protocol%20implementation%20to%20maintain)%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20appreciate%20your%20thoughts%20on%20the%20above%20or%20recommendations%20for%20software%20vendors%20relying%20on%20polling%20email%20in%20an%20impersonated%20way%20like%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3065807%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3065807%22%20slang%3D%22en-US%22%3E%3CP%3EWill%20our%20IIS%20SMTP%20gateway%26nbsp%3B(on%20win%202019%20server)%20continue%20to%20work%20after%20october%202022%3F%3C%2FP%3E%3CP%3EWe%20use%20it%20with%20our%20onPrem%20SharePoint%202016%20with%20O365%20Exchange%20email-account.%3C%2FP%3E%3CP%3EIIS%20SMTP%20does%20not%20support%20moder%20auth.%3C%2FP%3E%3CP%3EOr%20may%20be%20MS%20will%20upgrade%20IIS%20SMTP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3065883%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3065883%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1278841%22%20target%3D%22_blank%22%3E%40Jan089%3C%2FA%3E%26nbsp%3B%20Your%20comment%20mirrors%20our%20exact%20situation%20about%20this%20change%20and%20we%20are%20extremely%20concerned%20as%20well%20as%20it%20affects%20critical%20business%20flows.%26nbsp%3B%26nbsp%3BWe%20have%20systems%20polling%20email%20inboxes%20via%20IMAP%20to%20generate%20tickets%2C%20cases%20and%20projects%20tasks%20but%20the%20timeline%20Microsoft%20has%20proposed%20for%20phase%20out%20of%20basic%20auth%20and%20use%20Client%20Credential%20flow%20leaves%20little%20to%20no%20room%20for%20testing%20all%20of%20these%20business%20flows.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThere%20are%20so%20many%20businesses%20using%20the%20countless%20available%20tools%20polling%20mailboxes.%20I%20feel%20like%20we%20are%20missing%20something%20as%20well%20as%20this%20feels%20like%20we%20are%20heading%20towards%20the%20edge%20of%20a%20cliff.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3066734%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3066734%22%20slang%3D%22en-US%22%3E%3CP%3EOnce%20more%20thanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B.%26nbsp%3B%3C%2FP%3E%3CP%3EAssuming%20we%20would%20place%20a%20bet%20and%20consider%20to%20wait%20for%20the%20GA%20release%20of%20CCF%20for%20IMAP%2C%20is%20there%20any%20upfront%20work%20we%20could%20do%20in%20parallel%20%3F%20An%20idea%20might%20be%20looking%20into%20%2Fprototyping%20CCF%20for%20some%20other%20protocol%2C%20but%20this%20only%20makes%20sense%20if%20the%20integration%20work%20we'd%20need%20to%20do%20is%20similar%20or%20nearly%20same%20as%20it%20will%20look%20like%20for%20CCF%20for%20IMAP.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOur%20product%20is%20a%20Java%20application%20polling%20via%20Javamail.%20What%20would%20be%20a%20reasonable%20prototype%20or%20preparation%20to%20lower%20the%20risks%20of%20hitting%20some%20wall%20in%20the%20narrow%20timeframe%20from%20June%20(in%20worst%20case)%20until%20October%20you%20could%20recommend%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94389%22%20target%3D%22_blank%22%3E%40SuperAJ%3C%2FA%3E%26nbsp%3Bthanks%20for%20chiming%20in%2C%20I%20feel%20you.%20Maybe%20the%20answer%20to%20my%20question%20above%20will%20help%20you%20too.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3067569%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3067569%22%20slang%3D%22en-US%22%3E%3CP%3EOutlook.com%20(for%20both%20consumer%20users%20and%20business)%20should%20allow%20users%20to%20collect%20email%20from%20other%20email%20accounts%20(Gmail%20etc)%20using%20Oauth.%20This%20feature%20should%20be%20updated%20and%20not%20just%20removed%20without%20replacement.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3067866%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3067866%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1278841%22%20target%3D%22_blank%22%3E%40Jan089%3C%2FA%3E%26nbsp%3BIt's%20a%20bit%20early%20for%20me%20to%20say%20your%20approach%20there%20is%20good%2C%20or%20is%20not.%20We're%20still%20building%20this%2C%20and%20some%20things%20are%20tbd.%20Ping%20me%20back%20(send%20me%20a%20private%20message%20here%20would%20work)%20in%20a%20month%20and%20I'll%20see%20where%20we're%20at%20and%20post%20back%20here%20if%20we%20have%20something%20to%20go%20on.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3072759%22%20slang%3D%22en-US%22%3EBetreff%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3072759%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everybody%3C%2FP%3E%3CP%3EI%20am%20a%20little%20confused%20now.%20It%20is%20clear%20that%20Basic%20Authentication%20will%20be%20disabled%20coming%20october.%20But%20can%20anybody%20tell%20me%20what%20about%20other%20authentication%20methods%20such%20as%20NTLM%3F%20Do%20I%20have%20to%20switch%20to%20the%20Microsoft%20modern%20authentication%20or%20is%20it%20fine%20to%20use%20NTLM.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlso%20someone%20told%20me%20that%20the%20Exchange%20WebService%20will%20not%20be%20available%20anymore%20coming%20october%20and%20I%20have%20to%20switch%20to%20the%20Graph%20interface.%20But%20I%20cannot%20find%20any%20facts%20about%20this.%20Could%20anybody%20help%20me%20out%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20so%20much!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3090011%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3090011%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F353267%22%20target%3D%22_blank%22%3E%40lightupdifire%3C%2FA%3E%26nbsp%3B-%20no%20current%20plan%20to%20shut%20AutoDiscover%20off%20-%20AutoD%20V2%20is%20anonymous%20anyway%2C%20no%20auth.%20It's%20just%20a%20lookup%20service%20after%20all.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1287728%22%20target%3D%22_blank%22%3E%40Haetti%3C%2FA%3E%26nbsp%3B-%20We%20don't%20allow%20you%20to%20connect%20to%20Exchange%20Online%20with%20NTLM%20today%20-%20it's%20Basic%2C%20or%20Modern%20auth%20only%20(ok%2C%20certificates%20too%2C%20for%20some%20EAS%20scenarios).%20So%20not%20sure%20if%20you%20are%20mixing%20on-prem%20and%20cloud%20Exchange%20up%3F%20EWS%20is%20not%20going%20away%20in%20October%20-%20only%20Basic%20Auth%2C%20for%20EWS.%20You%20can%20still%20use%20EWS%20with%20Modern%20(OAuth)%20auth.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3170216%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3170216%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20want%20to%20make%20sure%20I'm%20understanding%20where%20I'm%20at%20in%20all%20this%20correctly.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20a%20relay%20server%20to%20send%20mail%20from%20our%20copiers%2C%20services%2C%20etc.%2C%20to%20our%20Exchange%20Online%20%2F%20Office%20365%20tenant.%20Mail%20comes%20in%20to%20the%20local%20SMTP%20server%20(using%20the%20server%20provided%20as%20part%20of%20IIS)%2C%20then%20it%20connects%20and%20sends%20mail%20as%20a%20specific%20relay%20user%20set%20up%20as%20mailrelay%40%20our%20domain.%20It's%20using%20basic%20authentication%2C%20TLS%20encryption%2C%20and%20TCP%2F587.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20should%20still%20work%20come%20October%2C%20correct%3F%20Because%20it's%20authenticating%20and%20using%20SMTP%2C%20and%20SMTP%20Auth%20will%20still%20be%20supported.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhere%20I%20get%20confused%20is%20that%20it%20still%20shows%20up%20when%20I%20search%20the%20logins%20for%20legacy%20client%20apps%20as%20SMTP.%20However%2C%20it%20says%20%22%3CSPAN%3EAuthenticated%20SMTP%22%20in%20the%20details%20of%20the%20log%20file.%20I%20assume%20that%20is%20because%20it%20is%20still%20basic%20auth%2C%20but%20of%20the%20variety%20that%20will%20still%20be%20supported.%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ESo%20I%20think%20I'm%20good%20to%20go%20for%20now%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3184921%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3184921%22%20slang%3D%22en-US%22%3E%3CP%20data-unlink%3D%22true%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1278841%22%20target%3D%22_blank%22%3E%40Jan089%3C%2FA%3E%2F%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94389%22%20target%3D%22_blank%22%3E%40SuperAJ%3C%2FA%3E%20we%20solved%20this%20problem%20by%20implementing%20the%20%3CA%20title%3D%22Follow%20link%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-auth-code-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOAuth2%20authorization%20code%20flow%3C%2FA%3E%20or%20%3CA%20title%3D%22Follow%20link%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-device-code%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EOAuth2%20Device%20authorization%20grant%20flow%3C%2FA%3E%26nbsp%3Bon%20tenant%20or%20account%20level.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3E%26nbsp%3B%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EBut%20I%20have%20question%20for%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EIt's%20a%20legid%20workflow%20to%20just%20use%20the%20very%20basic%20mail%20operations%3A%20polling%20(list%2Fread%2Fdelete)%20and%20sending%20mails.%3C%2FP%3E%3CP%20data-unlink%3D%22true%22%3EThere%20are%20many%20mature%20clients%20and%20libraries%20doing%20this%20for%20the%20standardized%20protocols%20POP%2FIMAP%20and%20SMTP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20mentioned...%3C%2FP%3E%3CP%3E%22I%20would%20suggest%20getting%20away%20from%20all%20those%20protocols%20you%20listed%20and%20switching%20to%20EWS%2C%20or%20preferably%2C%20Graph%22%3C%2FP%3E%3CP%3E%22Graph%20is%20the%20better%20long%20term%20option%20though%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhy%20should%20we%20ever%20switch%20to%20Graph%20API%20when%20we%20just%20use%20these%20basic%20operations%20and%20there%20are%20rock%20solid%20libs%20out%20there%20doing%20this%3F%3C%2FP%3E%3CP%3EAre%20there%20_any_%20plans%20to%20remove%20support%20for%20IMAP%20and%20SMTP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3190828%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3190828%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3Bthanks%20for%20answering%20questions.%3CBR%20%2F%3E%22%3CSPAN%3EOAuth%20access%20to%20IMAP%2C%20POP%2C%20SMTP%20AUTH%20protocols%20via%20OAuth2%20client%20credentials%20grant%20flow%20is%20not%20supported.%26nbsp%3B%22%3CBR%20%2F%3EWhat%20is%20the%20recommended%20transition%20for%20the%20hundreds%20of%20line%20of%20business%20apps%20that%20use%20SMTP%20to%20send%20and%20IMAP%20to%20receive%20mail%20if%20they%20are%20not%20going%20to%20update%20to%20use%20OAuth%20(which%20for%20IMAP%2C%20doesn't%20matter%20because%20it's%20not%20supported%20except%20in%20impersonation)%3F%20Do%20we%20need%20to%20stand%20up%20an%20IMAP%2FSMTP%20server%20and%20configure%20Exchange%20forwarding%20rules%20to%20continue%20compatibility%3F%20These%20are%20multimillion%20dollar%20systems%20so%20maintaining%20compatibility%20is%20imperative.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3194379%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3194379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F461253%22%20target%3D%22_blank%22%3E%40JGrote%3C%2FA%3E%26nbsp%3B-%20we're%20working%20on%20adding%20CCF%20support%20to%20POP%2C%20IMAP%20and%20SMTP%20AUTH%20after%20all.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D70577%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D70577%3C%2FA%3E%26nbsp%3Bdoesn't%20mention%20SMTP%20AUTH%2C%20but%20that's%20coming%20too.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3199229%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3199229%22%20slang%3D%22en-US%22%3E%3CP%3EAfter%20enabling%20basic%20authentication%20for%20remote%20powershell%20with%20the%20diagnostic%20tool%20I%20would%20like%20to%20disable%20basic%20authentication%20again%20for%20remote%20powershell.%20How%20can%20I%20do%20that%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3199360%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3199360%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F15245%22%20target%3D%22_blank%22%3E%40Urs%20Egli%3C%2FA%3E%26nbsp%3B-%20the%20quickest%20and%20easiest%20way%20is%20probably%20to%20disable%20it%20via%20Auth%20Policy.%20Go%20into%20the%20M365%20admin%20center%2C%20go%20to%20Settings%2C%20Org%20settings%2C%20Modern%20authentication%2C%20and%20then%20uncheck%20'Allow%20access%20to.....'%20for%20PowerShell.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3202288%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3202288%22%20slang%3D%22en-US%22%3E%3CP%3EMany%20thanks%20for%20your%20support.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3291355%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3291355%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20an%20Oracle%20solution%20in%20our%20environment%20that%20they%20are%20saying%20will%20not%20be%20ready%20until%203rd%20quarter%20due%20to%20Microsoft%20not%20yet%20releasing%20Feature%20ID%2070577%20and%20description%20%22Adding%20support%20for%20the%20Client%20Credential%20Oauth%20flow%20to%20the%20POP%20and%20IMAP%20protocols%20in%20Exchange%20Online%22%20which%20is%20scheduled%20for%20June.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESeems%20like%20extremely%20poor%20timing%20on%20Microsoft's%20part%20to%20continue%20to%20deprecate%20in%20October%20when%20a%20solution%20is%20not%20even%20released%20until%20several%20months%20before%20that%20time%20from%20Microsoft.%20Vendors%20need%20ample%20time%20to%20integrate%20the%20solution%20as%20do%20customers.%20Will%20extensions%20be%20available%20for%20these%20situations%3F%20We%20have%20business%20critical%20dependencies.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3291703%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3291703%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20working%20with%20Oracle%20on%20this.%20Keep%20checking%20in%20with%20them.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3293201%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3293201%22%20slang%3D%22en-US%22%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3EUnfortunately%20this%20security%20improvement%20is%20misused%20to%20force%20Outlook%20users%20away%20from%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdeprecation-of-basic-authentication-exchange-online%23protocol-recommendation%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3EPOP%2FIMAP%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EWhat%20about%20the%20Exchange%20Online%20Kiosk%20customers%2C%20which%20only%20have%20access%20to%20POP%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3294046%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3294046%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955896%22%20target%3D%22_blank%22%3E%40ExchangeOnline%3C%2FA%3E%26nbsp%3B-%20OWA%2C%20or%20a%20third%20party%20POP%20client%20are%20the%20options.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3296094%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3296094%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20again%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%2C%20good%20to%20hear%20that%20you%20are%20working%20with%20major%20vendors%20in%20the%20background%2C%20which%20shows%20progress.%20So%20you%20have%20some%20sort%20of%20information%2Fdocumentation%20for%20those%20partners%20what%20needs%20to%20be%20implemented%20on%20client%20side%20for%20CCF.%20I%20wonder%20when%20you%20intend%20to%20release%20this%20information%20to%20a%20wider%20audience%20-%20or%20share%20it%20at%20least%20with%20interested%20parties%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20don't%20think%20that%20only%20Oracle-sized%20vendors%20run%20business%20critical%20use%20cases.%20Our%20clients%20(which%20are%20obviously%20your%20customers%20as%20well%20and%20some%20of%20them%20are%20huge)%20are%20getting%20increasingly%20nervous%20about%20the%20situation.%20And%20I%20still%20can't%20tell%20them%20whether%20we%20will%20be%20able%20to%20deliver%20or%20not%20until%20I%20have%20any%20clue%20what%20my%20team%20needs%20to%20implement.%26nbsp%3BThis%20rising%20anger%20against%20MS%20amongst%20your%20own%20customer%20base%20can't%20be%20in%20your%20interest.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2997216%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2997216%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3B%20Gmail%2C%20Samsung%20Mail%2C%20Blackberry%20Hub%2C%20Canary%2C%20Spark%2C%20and%20many%20more%20support%20Modern%20Authentication.%20You%20can%20check%20any%20mail%20app%20by%20seeing%20if%20they%20redirect%20you%20to%20the%20Microsoft%20365%20login%20portal%2C%20if%20they%20do%20then%20they%20support%20Modern%20Authentication.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2820318%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2820318%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F461253%22%20target%3D%22_blank%22%3E%40JGrote%3C%2FA%3E%26nbsp%3BI'll%20check%20into%20this%2C%20not%20aware%20of%20any%20plans%20in%20this%20area.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1177498%22%20target%3D%22_blank%22%3E%40langersit%3C%2FA%3E%26nbsp%3BNo%2C%20they%20will%20not.%20They%20use%20Basic%20Auth.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3350255%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3350255%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20do%20we%20authenticate%20from%20a%20Dotnet%20Desktop%20application%20from%20this%20point%20on%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3024394%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3024394%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20may%20be%20obvious%2C%20but%20since%20we%20use%20SMTP%2C%20and%20that%20will%20remain%20for%20tenants%20that%20use%20it%20after%20Basic%20Auth%20is%20disabled%2C%20will%20Application%20Passwords%20continue%20to%20work%20with%20SMTP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3355530%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3355530%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20the%20turning%20off%20of%20Basic%20Auth%20%3CSTRONG%3Ealso%20affect%3C%2FSTRONG%3E%20the%20Constructors%20(with%20user%20name%20and%20password%20as%20parameters)%20in%20the%20Java%20class%3C%2FP%3E%3CP%3E%3CSTRONG%3Emicrosoft.exchange.webservices.data.credential.WebCredentials%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3Eof%20the%20%3CSTRONG%3Eexchange-ews-api%3C%2FSTRONG%3E%3F%3C%2FP%3E%3CP%3EIf%20yes%2C%20will%20there%20be%20an%20update%20of%20the%20API%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3051308%22%20slang%3D%22en-US%22%3ERE%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3051308%22%20slang%3D%22en-US%22%3Ebut%20there%20is%20no%20requirement%20that%20EWS%20access%20from%20Teams%20uses%20Basic%20auth.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783278%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783278%22%20slang%3D%22en-US%22%3E%3CP%3EBasic%20auth%20is%20currently%20disabled%20in%20our%20tenant%20with%20an%20organizational%20level%20default%20Authentication%20Policy.%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22%22%3ESet-OrganizationConfig%3C%2FSPAN%3E%3CSPAN%20class%3D%22%22%3E%20-DefaultAuthenticationPolicy%3C%2FSPAN%3E%3CSPAN%3E%20%3CPOLICYIDENTITY%3E%3C%2FPOLICYIDENTITY%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%2C%20we%20have%20a%20small%20subset%20of%20accounts%20which%20still%20require%20basic%20auth%20for%20EWS%20and%20IMAP%20so%20we%20have%20a%20second%20Authentication%20Policy%20which%20allows%20basic%20auth%20over%20these%20protocols%2C%20and%20this%20policy%20is%20applied%20individually%20to%20these%20accounts.%20This%20works%20as%20described%20in%20this%20doc%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%23how-basic-authentication-is-blocked-in-exchange-online%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3ENote%20that%20the%20authentication%20policies%20assigned%20to%20users%20take%20precedence%20over%20the%20default%20policy.%20To%20configure%20the%20default%20authentication%20policy%20for%20the%20organization%2C%20use%20this%20syntax%3A%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20Microsoft%20disables%20basic%20auth%20in%20Oct%202022%2C%20will%20that%20override%20and%20break%20the%20Authentication%20Policy-based%20exception%20we%20have%20applied%20to%20our%20small%20subset%20of%20accounts%20which%20still%20need%20basic%20auth%20over%20EWS%20and%20IMAP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785398%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785398%22%20slang%3D%22en-US%22%3E%3CP%3EWish%20the%20past%20dates%20had%20stuck%2C%20but%20I%20appreciate%20the%20hard%20stance%20once%20again!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIronically%20once%20basic%20authentication%20is%20dead%2C%20we'll%20likely%20be%20re-enabling%20legacy%20protocols%20like%20IMAP%2FEAS%20on%20mailboxes%20to%20gives%20users%20more%20flexibility%20in%203rd%20party%20apps.%26nbsp%3B%20If%20basic%20auth%20is%20not%20functional%2C%20they%20have%20to%20use%20something%20that%20supports%20that%20protocol%20*with*%20Modern%20Authentication.%26nbsp%3B%20(e.g.%20Thunderbird%20currently%20supporting%20IMAP%20with%20OAuth%202.0)%26nbsp%3B%20If%20it%20supports%20it%2C%20great%2C%20they%20do%20their%20MFA%20and%20carry%20on.%20If%20it%20doesn't%2C%20it%20just%20doesn't%20work%20because%20basic%20auth%20is%20dead.%20Right%20now%20we%20selectively%20enable%20IMAP%20on%20mailboxes%20but%20block%20basic%20auth%20for%20specific%20users%20via%20Conditional%20Access%2C%20so%20the%20above%20will%20let%20us%20stay%20hands-off%20again%20while%20allowing%20these%203rd%20party%20apps.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788289%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788289%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20MAPI%20is%20going%20away%20how%20will%20the%20Outlook%20client%20connect%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2824413%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824413%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1179032%22%20target%3D%22_blank%22%3E%40JacksonIT%3C%2FA%3E%26nbsp%3B-%20sorry%20if%20this%20is%20confusing%2C%20I'll%20try%20and%20clarify.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20two%20things%20are%20not%20actually%20directly%20tied%20to%20each%20other.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20August%20article%20is%20about%20older%20versions%20of%20Outlook%20-%20nothing%20to%20do%20with%20Basic%20Auth%20really%20(though%20older%20versions%20use%20Basic%20Auth)%20-%20they%20are%20going%20to%20be%20blocked.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThis%20article%20is%20about%20more%20than%20Outlook%2C%20this%20is%20about%20any%20client%20using%20Basic%20Auth%20-%20and%20when%20those%20will%20be%20unable%20to%20connect.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%2C%20what%20to%20do%20-%20update%20Outlook%20to%20a%20version%20that%20will%20be%20supported%20after%20November%201st%2C%20and%20make%20sure%20it's%20using%20Modern%20Auth.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThen%2C%20make%20sure%20all%20other%20clients%20are%20using%20Modern%20Auth%20by%20October%202022.%20Because%20of%20what%20this%20blog%20is%20saying.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20that%20helps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2772210%22%20slang%3D%22en-US%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2772210%22%20slang%3D%22en-US%22%3E%3CP%3EUpdate%205%2F3%2F2022%3A%20for%20latest%20information%20on%20this%20subject%2C%20please%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-deprecation-in-exchange-online-may-2022%2Fba-p%2F3301866%22%20target%3D%22_blank%22%3EBasic%20Authentication%20Deprecation%20in%20Exchange%20Online%20%E2%80%93%20May%202022%20Update%3C%2FA%3E.%3C%2FP%3E%3CP%3EIn%20February%202021%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_blank%22%3Ewe%20announced%3C%2FA%3E%20some%20changes%20to%20our%20plan%20for%20turning%20off%20Basic%20Authentication%20in%20Exchange%20Online.%20In%20summary%2C%20we%20announced%20we%20were%20postponing%20disabling%20Basic%20Auth%20for%20protocols%20in%20active%20use%20by%20your%20tenant%20until%20further%20notice%2C%20but%20that%20we%20would%20continue%20to%20disable%20Basic%20Auth%20for%20all%20protocols%20not%20being%20used.%20The%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20MAPI%2C%20RPC%2C%20SMTP%20AUTH%20and%20OAB.%3C%2FP%3E%3CP%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20with%20the%20exception%20of%20SMTP%20Auth.%3C%2FP%3E%3CP%3EBasic%20Authentication%20is%20an%20outdated%20industry%20standard%2C%20and%20threats%20posed%20by%20Basic%20Auth%20have%20only%20increased%20in%20the%20time%20since%20we%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fimproving-security-together%2Fba-p%2F805892%22%20target%3D%22_blank%22%3Eoriginally%20announced%3C%2FA%3E%20we%20were%20making%20this%20change.%20The%20original%20announcement%20was%20titled%20%E2%80%98Improving%20Security%20%E2%80%93%20Together%E2%80%99%20and%20that%E2%80%99s%20never%20been%20truer%20than%20it%20is%20now.%20We%20need%20to%20work%20together%20to%20improve%20security.%20We%20take%20our%20role%20in%20that%20statement%20seriously%2C%20and%20our%20end%20goal%20is%20turning%20off%20Basic%20Auth%20for%20all%20our%20customers.%20But%20every%20day%20Basic%20Auth%20remains%20enabled%20in%20your%20tenant%2C%20your%20data%20is%20at%20risk%2C%20and%20so%20your%20role%20is%20to%20get%20your%20clients%20and%20apps%20off%20Basic%20Auth%2C%20move%20them%20to%20stronger%20and%20better%20options%2C%20and%20then%20secure%20your%20tenant%2C%20before%20we%20do.%3C%2FP%3E%3CP%3EEven%20though%20we%20announced%20we%20were%20putting%20the%20work%20on%20hold%2C%20we%20didn%E2%80%99t%20stop%20improving%20security.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-june-2021-update%2Fbc-p%2F2599824%23M31057%22%20target%3D%22_blank%22%3EBack%20in%20June%20we%20provided%20an%20update%3C%2FA%3E%20that%20we%20had%20already%20begun%20to%20disable%20Basic%20Auth%20for%20tenants%20not%20using%20it%2C%20and%20we%20described%20the%20process.%20We%20also%20explained%20how%20you%20could%20re-enable%20an%20affected%20protocol%20if%20you%20really%20needed%20to%20use%20it.%20This%20work%20has%20already%20protected%20millions%20of%20Exchange%20Online%20users.%3C%2FP%3E%3CP%3EToday%2C%20we%20have%20more%20news%20on%20how%20to%20prepare%20for%20this%20important%20change.%3C%2FP%3EProactive%20Protection%20Expansion%3CP%3EIn%202022%2C%20as%20we%20roll%20out%20the%20changes%20necessary%20to%20support%20this%20effort%2C%20we%20will%20begin%20disabling%20Basic%20Auth%20for%20some%20customers%20with%20usage%20on%20a%20short-term%20and%20temporary%20basis.%3C%2FP%3E%3CP%3EIMPORTANT%3A%20Sometime%20in%20second%20quarter%20of%202022%20we%20will%20selectively%20pick%20tenants%20and%20disable%20Basic%20Auth%20for%20all%20affected%20protocols%20except%20SMTP%20AUTH%20for%20a%20period%20of%2012-48%20hours.%20After%20this%20time%2C%20Basic%20Auth%20for%20these%20protocols%20will%20be%20re-enabled%2C%20if%20the%20tenant%20admin%20has%20not%20already%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-june-2021-update%2Fbc-p%2F2599824%23M31057%22%20target%3D%22_blank%22%3Ere-enabled%20them%20using%20our%20self-service%20tools%3C%2FA%3E.%3C%2FP%3E%3CP%3EDuring%20this%20time%20all%20clients%20and%20apps%20that%20use%20Basic%20Auth%20in%20the%20selected%20tenants%20will%20be%20affected%2C%20and%20they%20will%20be%20unable%20to%20connect.%20Any%20client%20or%20app%20using%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EModern%20Auth%3C%2FA%3E%20will%20not%20be%20affected.%20Users%20can%20switch%20to%20other%20clients%20(for%20example%2C%20use%20Outlook%20on%20the%20Web%20instead%20of%20an%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fnew-minimum-outlook-for-windows-version-requirements-for%2Fba-p%2F2767349%22%20target%3D%22_blank%22%3Eolder%20Outlook%20client%20that%20does%20not%20support%20Modern%20Auth%3C%2FA%3E)%20while%20they%20upgrade%20or%20reconfigure%20their%20client%20apps.%3C%2FP%3ELimited%20Opt%20Out%3CP%3EIf%20you%20receive%20a%20Message%20Center%20post%20between%20now%20and%20October%202022%2C%20informing%20you%20that%20we%20are%20going%20to%20disable%20Basic%20Auth%20for%20a%20protocol%20in%20your%20tenant%20due%20to%20non-usage%2C%20or%20you%20get%20one%20saying%20we%20know%20you%20are%20using%20Basic%20Auth%2C%20but%20we%20intend%20to%20proactively%20disable%20it%20for%20a%20short%20period%20of%20time%2C%20and%20you%20don%E2%80%99t%20want%20us%20to%20take%20that%20action%20for%20protocols%20in%20your%20tenant%2C%20you%20can%20use%20a%20new%20feature%20in%20the%20Microsoft%20365%20admin%20center%20to%20request%20that%20we%20not%20disable%20specific%20protocol(s).%3C%2FP%3E%3CP%3EWe%20added%20this%20feature%20to%20the%20self-service%20tool%20to%20help%20you%20minimize%20disruptions%20as%20you%20transition%20away%20from%20using%20Basic%20Auth.%20But%20we%20really%20want%20you%20to%20use%20this%20feature%20only%20if%20you%20really%20need%20Basic%20Auth.%20Not%20just%20because%20you%20think%20you%20might%2C%20or%20just%20in%20case.%20Customers%20are%20compromised%20through%20Basic%20Auth%20every%20day%2C%20and%20the%20best%20way%20to%20prevent%20that%20happening%20is%20to%20disable%20it%20and%20move%20to%20Modern%20Auth.%3C%2FP%3E%3CP%3EThe%20exception%20process%20was%20outlined%20in%20an%20earlier%20blog%20post%20but%20here%20it%20is%20again%2C%20with%20specifics%20for%20%E2%80%98opt%20out%E2%80%99%20requests.%3C%2FP%3E%3CP%3EYou%20can%20now%20go%20directly%20to%20the%20Basic%20Auth%20self-help%20diagnostic%20by%20simply%20clicking%20on%20this%20button%3A%20(it%E2%80%99ll%20bring%20up%20the%20diagnostic%20in%20the%20Microsoft%20365%20admin%20center%20if%20you%E2%80%99re%20the%20tenant%20admin)%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FPillarEXOBasicAuth%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3E%3C%2FA%3E%3C%2FP%3E%3CP%3EOr%20you%20can%20open%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fadmin.microsoft.com%2F%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EMicrosoft%20365%20admin%20center%3C%2FA%3E%26nbsp%3Band%20click%20the%20green%20Help%20and%20support%20button%20in%20the%20lower%20right%20hand%20corner%20of%20the%20screen.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EWhen%20you%20click%20the%20button%2C%20you%20enter%20our%20self-help%20system.%20Here%20you%20can%20enter%20the%20magic%20phrase%20%E2%80%9CDiag%3A%20Enable%20Basic%20Auth%20in%20EXO%E2%80%9D%3A%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EWhichever%20path%20you%20took%20to%20get%20here%2C%20click%20Run%20Tests%20to%20check%20your%20tenant%20settings%20to%20see%20if%20we%20have%20disabled%20Basic%20Auth%20for%20any%20protocols%2C%20and%20then%20review%20the%20results.%20If%20we%20have%20not%20disabled%20Basic%20Auth%20for%20any%20protocols%20in%20your%20tenant%2C%20and%20you%20are%20running%20the%20diagnostic%20before%20September%201%2C%202022%20(one%20month%20before%20the%20October%202022%20start%20date)%2C%20we%E2%80%99ll%20offer%20you%20the%20option%20to%20opt%20out.%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3ESelect%20the%20protocol%20to%20opt%20out%20from%20the%20dropdown%2C%20click%20the%20check%20box%2C%20and%20then%20click%20Update%20Settings.%20Repeat%20this%20process%20for%20each%20protocol%20to%20opt%20out.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3C%2FP%3E%3CP%3EThat%E2%80%99s%20it.%20Once%20you%20submit%20your%20opt%20out%20request%2C%20we%20won%E2%80%99t%20disable%20Basic%20Auth%20for%20the%20selected%20protocol(s)%20in%20your%20tenant%2C%20whether%20there%20is%20usage%20or%20not%2C%20until%20October%202022.%20Every%20tenant%20can%20request%20an%20opt%20out%20for%20each%20protocol%20(or%20set%20of%20protocols%20in%20the%20case%20of%20Outlook)%2C%20until%20the%20start%20of%20September%202022.%20Starting%20September%201%2C%202022%2C%20we%20will%20remove%20the%20opt%20out%20option%2C%20and%20starting%20October%201%2C%202022%2C%20we%E2%80%99ll%20begin%20turning%20off%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage.%3C%2FP%3E%3CP%3ENote%3A%20Self%20service%20re-enablement%20of%20Basic%20Auth%20does%20not%20currently%20work%20for%20GCC%20tenants.%20For%20GCC%20tenants%2C%20please%20open%20a%20ticket%20with%20our%20support%20team%20to%20re-enable%20Basic%20Auth.%3C%2FP%3E%3CP%3ETo%20reiterate%2C%20requesting%20an%20opt%20out%20for%20protocols%20you%20aren%E2%80%99t%20sure%20about%2C%20or%20just%20in%20case%2C%20puts%20your%20tenant%20data%20at%20risk.%20If%20you%20really%20aren%E2%80%99t%20sure%2C%20let%20us%20turn%20it%20off%20and%20wait%20to%20see%20what%20happens%20(or%20use%20Security%20Defaults%20or%20Conditional%20Access%20to%20do%20it%20today).%20You%20can%20always%20re-enable%20it%20for%20the%20time%20being%20using%20the%20opt%20out%20process%2C%20and%20while%20this%20might%20cause%20some%20disruption%2C%20the%20upside%20is%20it%20will%20help%20you%20identify%20the%20affected%20clients%20and%20apps%2C%20and%20the%20work%20you%20need%20to%20do%20prior%20to%20October%202022.%3C%2FP%3EFrequently%20Asked%20Questions%3CP%3EHow%20do%20I%20know%20if%20my%20tenant%20is%20using%20Basic%20Auth%3F%3C%2FP%3E%3CP%3ETake%20a%20look%20at%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Freports-monitoring%2Fconcept-sign-ins%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EAzure%20AD%20Sign-In%20log%3C%2FA%3E%2C%20as%20it%20can%20help%20identify%20%E2%80%98unexpected%E2%80%99%20usage.%20We%E2%80%99re%20also%20going%20to%20start%20sending%20Message%20Center%20posts%20to%20tenant%20admins%20summarizing%20their%20usage%20(or%20lack%20of).%3C%2FP%3E%3CP%3EHow%20will%20I%20know%20if%20this%20change%20will%20affect%20my%20tenant%3F%3C%2FP%3E%3CP%3EIf%20the%20Azure%20AD%20Sign-In%20log%20shows%20Basic%20(legacy)%20Auth%20usage%2C%20this%20change%20will%20affect%20your%20tenant.%3C%2FP%3E%3CP%3EI%20thought%20you%20said%20you%20were%20not%20going%20to%20completely%20disable%20SMTP%20AUTH%3F%3CBR%20%2F%3EYou%E2%80%99re%20right%2C%20we%20did%2C%20in%20blog%20posts%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_blank%22%3Ehere%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-july-update%2Fba-p%2F1530163%22%20target%3D%22_blank%22%3Ehere%3C%2FA%3E.%20We%E2%80%99re%20going%20to%20continue%20to%20disable%20SMTP%20AUTH%20for%20tenants%20who%20don%E2%80%99t%20use%20it%2C%20but%20we%20will%20not%20be%20changing%20the%20configuration%20of%20any%20tenant%20who%20does.%20We%20can%E2%80%99t%20tell%20though%20if%20the%20usage%20we%20see%20is%20valid%20or%20not%2C%20that%E2%80%99s%20down%20to%20you%20to%20determine.%20So%20you%20still%20should%20move%20away%20from%20using%20Basic%20and%20SMTP%20AUTH%20though%20if%20you%20can%2C%20as%20it%20does%20leave%20you%20exposed.%20Don%E2%80%99t%20forget%2C%20you%20can%20disable%20it%20at%20the%20tenant%20level%2C%20and%20re-enable%20on%20a%20per-user%2Faccount%20level%20as%20described%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fsecuring-authenticated-smtp-in-exchange-online%2Fba-p%2F1293154%22%20target%3D%22_blank%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%3CP%3EI%20can%E2%80%99t%20re-enable%20SMTP%20using%20this%20feature%2C%20but%20I%20can%20request%20an%20opt%20out%20%E2%80%93%20huh%3F%3C%2FP%3E%3CP%3EWell%20spotted!%20We%20didn%E2%80%99t%20build%20logic%20into%20the%20re-enablement%20tool%20for%20SMTP%20as%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fauthenticated-client-smtp-submission%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3Eyou%20can%20already%20do%20that%20easily%20using%20PowerShell%3C%2FA%3E%2C%20but%20we%20wanted%20to%20make%20sure%20you%20could%20request%20an%20opt%20out%20for%20disabling%20of%20%26nbsp%3BSMTP%20AUTH%2C%20so%20we%20included%20it%20here.%3C%2FP%3E%3CP%3EHow%20can%20I%20get%20a%20longer%20exception%3F%20I%20still%20want%20to%20use%20Basic%20Auth%20after%20October%202022%3C%2FP%3E%3CP%3EWe%20are%20not%20providing%20the%20ability%20to%20use%20Basic%20Auth%20after%20October%202022.%20You%20should%20ensure%20your%20dependency%20on%20Basic%20Auth%20in%20Exchange%20Online%20has%20been%20removed%20by%20that%20time.%26nbsp%3BBasic%20authentication%20(outside%20of%20SMTP)%20will%20be%20turned%20off%20for%20everyone%20in%20October%202022%2C%20including%20tenants%20who%20have%20previously%20opted%20out%20using%20our%20self-service%20tool.%3C%2FP%3E%3CP%3EWhat%20if%20I%20request%20an%20opt%20out%2C%20do%20the%20necessary%20work%2C%20and%20then%20want%20you%20to%20disable%20Basic%20Auth%3F%3C%2FP%3E%3CP%3EFirst%20of%20all%2C%20we%E2%80%99ll%20say%20well%20done%2C%20we%20appreciate%20you%20doing%20the%20work.%20Then%2C%20what%20we%20would%20advise%20would%20be%20to%20use%20Security%20Defaults%20or%20Conditional%20Access%20to%20block%20legacy%20auth.%20We%20might%20not%20get%20to%20your%20tenant%20right%20away%2C%20so%20better%20for%20you%20to%20take%20action%20and%20secure%20your%20tenant%20when%20you%20are%20ready%2C%20and%20then%20we%E2%80%99ll%20come%20back%20and%20disable%20it%20fully%20in%20time.%3C%2FP%3E%3CP%3EWhat%20if%20you%E2%80%99ve%20blocked%20some%20protocols%2C%20but%20I%20want%20to%20request%20an%20exception%20for%20others%3F%3C%2FP%3E%3CP%3EYou%20won%E2%80%99t%20see%20the%20opt%20out%20dialog%20unless%20no%20protocols%20in%20your%20tenant%20are%20blocked.%20But%20that%E2%80%99s%20ok%2C%20as%20all%20you%20have%20to%20do%20is%20%E2%80%98re-enable%E2%80%99%20that%20protocol%20(even%20though%20it%E2%80%99s%20not%20disabled%20at%20the%20time)%2C%20and%20we%E2%80%99ll%20consider%20that%20an%20opt%20out%20request%20for%20it.%3C%2FP%3E%3CP%3EIf%20I%E2%80%99ve%20set%20up%20Authentication%20Policies%2C%20or%20Conditional%20Access%20to%20block%20legacy%20auth%2C%20how%20will%20I%20know%20it%E2%80%99s%20safe%20to%20remove%20these%20and%20not%20re-open%20myself%20to%20the%20risks%20posed%20by%20Basic%20Auth%3F%3C%2FP%3E%3CP%3EKeep%20watching%20the%20Message%20Center%20in%20your%20tenant%3B%20we%E2%80%99ll%20send%20Message%20Center%20posts%20in%20advance%20of%20us%20making%20a%20change%20to%20your%20Basic%20Auth%20configuration%2C%20and%20again%20once%20we%E2%80%99ve%20made%20the%20change.%3C%2FP%3E%3CP%3EWhat%20about%20Office%20365%20operated%20by%2021Vianet%3F%20Is%20that%20subject%20to%20this%20change%20too%3F%3CBR%20%2F%3EYes%20it%20is%2C%20but%20the%20timeline%20is%20slightly%20different.%20We%20will%20turn%20off%20basic%20auth%20for%20all%20covered%20protocols%20on%20March%2031st%202023.%20There%20will%20be%20no%20Proactive%20Protection%20Expansion%20as%20detailed%20above%2C%20but%20we%20will%20start%20to%20turn%20off%20basic%20auth%20for%20unused%20protocols%20during%202022.%3C%2FP%3E%3CP%3EWhat%20are%20you%20doing%20with%20Application%20Access%20Policies%3F%20We%E2%80%99ve%20been%20trying%20to%20get%20our%20apps%20to%20use%20these%20to%20secure%20them%20more%20granularly%2C%20but%20with%20only%20100%20policies%20available%2C%20that%E2%80%99s%20impossible!%3C%2FP%3E%3CP%3EWe%20know%20many%26nbsp%3Bof%20our%20larger%20customers%20are%20already%20working%20on%20migrating%20thousands%20of%20service%20principals%20to%20our%20modern%20APIs%2C%20and%20we%E2%80%99ve%20heard%20the%20feedback%20that%20the%20existing%20limits%20with%20the%20current%20Application%20Access%20Policies%20code%20which%20allow%20only%20300%26nbsp%3Bservice%20principals%20(we've%20increased%20from%20100%20to%20300)%20is%20not%20enough.%26nbsp%3BWe%E2%80%99re%20announcing%20today%20that%20we%20plan%20on%20supporting%2010%2C000%20or%20more%20of%20these%20assignments%20per%20tenant.%20We%E2%80%99ll%20have%20more%20news%20on%20this%20update%20soon%2C%20so%20don%E2%80%99t%20let%20this%20issue%20stop%20you%3B%20it%E2%80%99s%20time%20to%20start%20planning%20to%20migrate%20your%20Basic%20Auth%20and%20legacy%20API%20applications%20to%20Microsoft%20Graph%20and%20Modern%20Authentication.%3C%2FP%3E%3CP%3EWhile%20we%E2%80%99re%20on%20the%20subject%20of%20Application%20Access%20Policies%2C%20we%20also%20want%20to%20say%20that%20we%20are%20aligning%20our%20Application%26nbsp%3Band%20Administrative%20access%20control%26nbsp%3Bmodels%20to%20allow%20the%20full%20flexibility%20of%20Role-Based%20Access%20Control%20to%20apply%20to%20service%20principals%20in%20Exchange%20Online.%26nbsp%3BAnd%20we%E2%80%99re%20bringing%20a%20unified%20management%20experience%20for%20scoped%20application%20access%20to%20the%20Azure%20AD%20Identity%20portal%20where%20admin%20permission%20consents%20are%20managed%20today.%26nbsp%3BMore%20details%20will%20be%20announced%20soon!%3C%2FP%3ESummary%3CP%3EWe%20know%20many%20of%20you%20will%20be%20happy%20about%20this%20announcement%2C%20as%20shutting%20down%20Basic%20Auth%20access%20to%20Exchange%20Online%20is%20a%20very%20good%20thing%20from%20a%20security%20perspective.%20And%20we%20also%20know%20that%20many%20of%20our%20customers%20have%20been%20focusing%20on%20other%20problems%20over%20the%20past%20year%2C%20and%20this%20will%20mean%20they%20might%20need%20to%20do%20more%20work%20in%20this%20area%20to%20be%20ready%20on%20time.%20We%20hope%20that%20giving%20you%2012%20months%E2%80%99%20notice%20will%20give%20you%20sufficient%20time%20to%20prepare.%3C%2FP%3E%3CP%3EThe%20Exchange%20Online%20Team%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2772210%22%20slang%3D%22en-US%22%3E%3CP%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20with%20the%20exception%20of%20SMTP%20Auth.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2772210%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781941%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3EThere%20are%20a%20lot%20of%20hacking%20methods%20that%20exploit%20how%20simple%20it%20is%20to%20run%20many%20combinations%20through%20basic%20authentication.%20Even%20if%20you%20implement%20modern%20authentication%20(sometimes%20called%20web%20authentication)%20and%20no%20other%20security%20controls%2C%20you%20protect%20your%20users%20from%20a%20variety%20of%20password%20attacks.%20In%20addition%2C%20additional%20login%20metadata%20is%20sent%20as%20part%20of%20your%20authentication%2C%20and%20authentication%20%2F%20risk%20decisions%20can%20be%20based%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20others%20have%20said%2C%20this%20paves%20the%20way%20for%20MFA%2C%20but%20that's%20a%20completely%20different%20topic.%3CBR%20%2F%3E%3CBR%20%2F%3EAlso%2C%20shared%20mailboxes%20work%20fine%20with%20MFA.%20Unless%20you%20had%20multiple%20people%20sharing%20a%20PASSWORD%2C%20in%20which%20case%2C%20you%20should%20stop%20doing%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874379%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874379%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1193198%22%20target%3D%22_blank%22%3E%40Shaafdiesel%3C%2FA%3E%26nbsp%3B%20To%20be%20frank%2C%20there's%20only%20so%20many%20options%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20If%20you%20have%20on-prem%20Exchange%20servers%20still%20(licensed%20%26amp%3B%20with%20DBs%2C%20not%20just%20the%20management-only%20free%20license)%2C%20you%20can%20simply%20bring%20the%20mailbox%20back%20on-prem.%20(Or%20use%20another%20mail%20host%2Fmailbox%2Femail%20address%20elsewhere%20that%20allows%20basic%20auth)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2)%20Stop%20using%20the%20vendor%20and%20migrate%20elsewhere%20if%20they%20do%20not%20stray%20away%20from%20a%20hard%20basic%20auth%20requirement.%20(Which%20given%20how%20many%20business%20customers%20are%20in%20M365%2FExchange%20Online%20these%20days%2C%20that%20sounds%20like%20a%20nail%20in%20the%20coffin%20for%20losing%20customers...%20I%20can't%20imagine%20%22no%22%20is%20going%20to%20be%20many%20vendors'%20final%20answers%20to%20this)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20know%20%232%20is%20easier%20said%20than%20done%20when%20customers%20can%20only%20have%20so%20much%20influence%20and%20some%20services%20just%20don't%20have%20alternatives%2C%20but%20that's%20what%20you're%20looking%20at.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3543291%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3543291%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20this%20change%20will%20impact%20email%20relay%20via%20which%20is%20set%20as%20Exchange%20connector%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3028495%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3028495%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22%22%3E%3CDIV%20class%3D%22%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3EWhich%20protocols%20are%20being%20completely%20disabled%3F%20Even%20with%20OAUTH%3F%3CBR%20%2F%3EAlso%20how%20does%20one%20authenticate%20via%20OAUTH%20if%20i%20am%20running%20say%20a%20headless%20UNIX%20or%20GNU%2FLinux%20OS%3F%26nbsp%3B%20Must%20I%20install%20a%20gui%20and%20a%20browser%20(increasing%20my%20attack%20surface)%20for%20such%20a%20machine%20to%20interface%20with%20IMAP%2C%20POP%2C%20EAS%20or%20MAPI%3F%26nbsp%3B%20Thanks.%3C%2FP%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3051634%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3051634%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F586475%22%20target%3D%22_blank%22%3E%40jvanbeusekom%3C%2FA%3E%26nbsp%3B%20EWS%20%3D%2F%3D%20basic%20authentication.%26nbsp%3B%20EWS%20is%20just%20a%20protocol%2C%20and%20it%20can%20work%20via%20Modern%20Authentication%20or%20basic%20authentication.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3055945%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3055945%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20Happy%20New%20Year.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGreat%20that%20excellent%20relevant%20discussion%20continues%20here%2C%20so%20planning%20remediation%20can%20take%20place%20ahead%20of%20the%20switch%20off%20date%20later%20this%20year.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EReturning%20to%20the%20topic%20of%20%3CSTRONG%3EOffice%20365%20web%20services%3C%2FSTRONG%3E%20in%20our%20in%20environment.%26nbsp%3B%20You%20mentioned%20at%20the%20beginning%20of%20October%20that%20%22%3CSPAN%3E%3CSTRONG%3EWe'll%20have%20news%20soon%20on%20this%3C%2FSTRONG%3E.%20As%20they%20say%20(still%2C%20despite%20no-one%20having%20tuned%20a%20radio%20in%20for%20years)%20-%20stay%20tuned!%20%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EPlease%20can%20you%20provide%20an%20update.%26nbsp%3B%20Has%20anything%20been%20announced%20as%20yet.%26nbsp%3B%20I've%20not%20seen%20anything%20but%20may%20have%20missed%20it%3F%26nbsp%3B%20Please%20can%20you%20specifically%20reach%20out%20within%20Microsoft%20and%20provide%20an%20update.%26nbsp%3B%20Expectations%26nbsp%3Bhave%20been%20set%20that%20%22help%20is%20coming%20from%20Microsoft%22%20in%20this%20focus%20area%20so%20would%20like%20ideally%20to%20re-confirm%20this%20is%20the%20case.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3066439%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3066439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1278841%22%20target%3D%22_blank%22%3E%40Jan089%3C%2FA%3E%26nbsp%3BI%20do%20understand%2C%20and%20I'm%20sorry%20our%20dates%20slipped.%20June%20is%20worst%20case%2C%20I%20really%20do%20hope%20(and%20as%20I%20write%2C%20I%20%3CEM%3Eexpect%3C%2FEM%3E)%20this%20to%20be%20much%20earlier.%20But%20I%20can't%20promise%20it%20until%20the%20code%20is%20written%2C%20tested%20and%20deployed.%20Many%20other%20partner%20solutions%20use%20EWS%2C%20and%20EWS%20has%20supported%20CCF%20for%20a%20long%20time%20now.%20Graph%20is%20the%20better%20long%20term%20option%20though%20as%20EWS%20is%20no%20longer%20something%20we%20are%20investing%20in.%20POP%20and%20IMAP%20are%20not%20the%20protocols%20the%20majority%20of%20apps%20that%20integrate%20with%20our%20service%20use%2C%20that's%20all%20I'm%20saying.%20They%20use%20EWS%2C%20or%20are%20moving%20to%20Graph.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F7940%22%20target%3D%22_blank%22%3E%40Andrey%20Alexandrov%3C%2FA%3E%26nbsp%3Bthis%20change%20does%20not%20affect%20Exchange%20on-prem%20at%20all.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3072341%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3072341%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20please%20highlight%20the%20topic%20for%20Autodiscover%2C%20is%20it%20included%20to%20%22close%20down%22%3F%20If%20not%2C%20will%20it%20be%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎May 03 2022 03:29 PM
Updated by: