Basic Authentication and Exchange Online – September 2021 Update

Published Sep 23 2021 02:55 PM 125K Views

In February 2021, we announced some changes to our plan for turning off Basic Authentication in Exchange Online. In summary, we announced we were postponing disabling Basic Auth for protocols in active use by your tenant until further notice, but that we would continue to disable Basic Auth for all protocols not being used. The overall scope of the program was also extended to include Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB.

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth.

Basic Authentication is an outdated industry standard, and threats posed by Basic Auth have only increased in the time since we originally announced we were making this change. The original announcement was titled ‘Improving Security – Together’ and that’s never been truer than it is now. We need to work together to improve security. We take our role in that statement seriously, and our end goal is turning off Basic Auth for all our customers. But every day Basic Auth remains enabled in your tenant, your data is at risk, and so your role is to get your clients and apps off Basic Auth, move them to stronger and better options, and then secure your tenant, before we do.

Even though we announced we were putting the work on hold, we didn’t stop improving security. Back in June we provided an update that we had already begun to disable Basic Auth for tenants not using it, and we described the process. We also explained how you could re-enable an affected protocol if you really needed to use it. This work has already protected millions of Exchange Online users.

Today, we have more news on how to prepare for this important change.

Proactive Protection Expansion

Beginning early 2022, as we roll out the changes necessary to support this effort, we will begin disabling Basic Auth for some customers with usage on a short-term and temporary basis.

IMPORTANT: Beginning early 2022, we will selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using our self-service tools.

During this time all clients and apps that use Basic Auth in the selected tenants will be affected, and they will be unable to connect. Any client or app using Modern Auth will not be affected. Users can switch to other clients (for example, use Outlook on the Web instead of an older Outlook client that does not support Modern Auth) while they upgrade or reconfigure their client apps.

Limited Opt Out

If you receive a Message Center post between now and October 2022, informing you that we are going to disable Basic Auth for a protocol in your tenant due to non-usage, or you get one saying we know you are using Basic Auth, but we intend to proactively disable it for a short period of time, and you don’t want us to take that action for protocols in your tenant, you can use a new feature in the Microsoft 365 admin center to request that we not disable specific protocol(s).

We added this feature to the self-service tool to help you minimize disruptions as you transition away from using Basic Auth. But we really want you to use this feature only if you really need Basic Auth. Not just because you think you might, or just in case. Customers are compromised through Basic Auth every day, and the best way to prevent that happening is to disable it and move to Modern Auth.

The exception process was outlined in an earlier blog post but here it is again, with specifics for ‘opt out’ requests.

You can now go directly to the Basic Auth self-help diagnostic by simply clicking on this link: Enable Basic Auth in EXO (it’ll bring up the diagnostic in the Microsoft 365 admin center if you’re the tenant admin). Or you can open the Microsoft 365 admin center and click the green Help and support button in the lower right hand corner of the screen.

 

The_Exchange_Team_0-1632432572284.png

The_Exchange_Team_2-1632432692361.png

When you click the button, you enter our self-help system. Here you can enter the magic phrase “Diag: Enable Basic Auth in EXO”.

The_Exchange_Team_3-1632432716629.png

Whichever path you took to get here, click Run Tests to check your tenant settings to see if we have disabled Basic Auth for any protocols, and then review the results. If we have not disabled Basic Auth for any protocols in your tenant, and you are running the diagnostic before September 1, 2022 (one month before the October 2022 start date), we’ll offer you the option to opt out.

The_Exchange_Team_4-1632432739155.png

Select the protocol to opt out from the dropdown, click the check box, and then click Update Settings. Repeat this process for each protocol to opt out.

 

The_Exchange_Team_5-1632432757422.png

That’s it. Once you submit your opt out request, we won’t disable Basic Auth for the selected protocol(s) in your tenant, whether there is usage or not, until October 2022. Every tenant can request an opt out for each protocol (or set of protocols in the case of Outlook), until the start of September 2022. Starting September 1, 2022, we will remove the opt out option, and starting October 1, 2022, we’ll begin turning off Basic Auth in all tenants, regardless of usage.

Note: Self service re-enablement of Basic Auth does not currently work for GCC tenants. For GCC tenants, please open a ticket with our support team to re-enable Basic Auth.

To reiterate, requesting an opt out for protocols you aren’t sure about, or just in case, puts your tenant data at risk. If you really aren’t sure, let us turn it off and wait to see what happens (or use Security Defaults or Conditional Access to do it today). You can always re-enable it for the time being using the opt out process, and while this might cause some disruption, the upside is it will help you identify the affected clients and apps, and the work you need to do prior to October 2022.

Frequently Asked Questions

How do I know if my tenant is using Basic Auth?

Take a look at the Azure AD Sign-In log, as it can help identify ‘unexpected’ usage. We’re also going to start sending Message Center posts to tenant admins summarizing their usage (or lack of).

How will I know if this change will affect my tenant?

If the Azure AD Sign-In log shows Basic (legacy) Auth usage, this change will affect your tenant.

I thought you said you were not going to completely disable SMTP AUTH?
You’re right, we did, in blog posts here and here. We’re going to continue to disable SMTP AUTH for tenants who don’t use it, but we will not be changing the configuration of any tenant who does. We can’t tell though if the usage we see is valid or not, that’s down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don’t forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

I can’t re-enable SMTP using this feature, but I can request an opt out – huh?

Well spotted! We didn’t build logic into the re-enablement tool for SMTP as you can already do that easily using PowerShell, but we wanted to make sure you could request an opt out for disabling of  SMTP AUTH, so we included it here.

How can I get a longer exception? I still want to use Basic Auth after October 2022

We are not providing the ability to use Basic Auth after October 2022. You should ensure your dependency on Basic Auth in Exchange Online has been removed by that time.

What if I request an opt out, do the necessary work, and then want you to disable Basic Auth?

First of all, we’ll say well done, we appreciate you doing the work. Then, what we would advise would be to use Security Defaults or Conditional Access to block legacy auth. We might not get to your tenant right away, so better for you to take action and secure your tenant when you are ready, and then we’ll come back and disable it fully in time.

What if you’ve blocked some protocols, but I want to request an exception for others?

You won’t see the opt out dialog unless no protocols in your tenant are blocked. But that’s ok, as all you have to do is ‘re-enable’ that protocol (even though it’s not disabled at the time), and we’ll consider that an opt out request for it.

If I’ve set up Authentication Policies, or Conditional Access to block legacy auth, how will I know it’s safe to remove these and not re-open myself to the risks posed by Basic Auth?

Keep watching the Message Center in your tenant; we’ll send Message Center posts in advance of us making a change to your Basic Auth configuration, and again once we’ve made the change.

What are you doing with Application Access Policies? We’ve been trying to get our apps to use these to secure them more granularly, but with only 100 policies available, that’s impossible!

We know many of our larger customers are already working on migrating thousands of service principals to our modern APIs, and we’ve heard the feedback that the existing limits with the current Application Access Policies code which allow only 300 service principals (we've increased from 100 to 300) is not enough. We’re announcing today that we plan on supporting 10,000 or more of these assignments per tenant. We’ll have more news on this update soon, so don’t let this issue stop you; it’s time to start planning to migrate your Basic Auth and legacy API applications to Microsoft Graph and Modern Authentication.

While we’re on the subject of Application Access Policies, we also want to say that we are aligning our Application and Administrative access control models to allow the full flexibility of Role-Based Access Control to apply to service principals in Exchange Online. And we’re bringing a unified management experience for scoped application access to the Azure AD Identity portal where admin permission consents are managed today. More details will be announced soon!

Summary

We know many of you will be happy about this announcement, as shutting down Basic Auth access to Exchange Online is a very good thing from a security perspective. And we also know that many of our customers have been focusing on other problems over the past year, and this will mean they might need to do more work in this area to be ready on time. We hope that giving you 12 months’ notice will give you sufficient time to prepare.

The Exchange Online Team

104 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-2780140%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780140%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20guys%20for%20going%20back%20to%20the%20hardline%20stance.%26nbsp%3BThis%20is%20fantastic%20news%20and%20gets%20my%20full%20support%2C%20keep%20it%20up%20Microsoft!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2780187%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780187%22%20slang%3D%22en-US%22%3E%3CP%3EPeel%20this%20band-aid%20off%20already!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781151%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781151%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20does%20this%20affect%20scanners%20and%20MFC%20devices%20using%20SMTP%20AUTH%20for%20scan%20to%20email%3F%26nbsp%3B%20Will%20they%20all%20fail%20come%20when%20this%20change%20goes%20live%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781665%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781665%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20question%20is%20also%20about%20MFC%20%2F%20MFP%20devices%20using%20SMTP%20for%20scan%20to%20email%20and%20how%20those%20should%20be%20managed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781704%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781704%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20goto%20be%20kidding%3F%202FA%20is%20the%20biggest%20flop%20known%20to%20Microsoft.%20The%20Microsoft%20team%20has%20no%20clue%20how%20to%20fix%20this%2C%20we%20have%20hundred%20of%20clients%20which%20we%20cannot%20implant%202FA%20as%20even%20with%20Microsoft%20tickets%20they%20have%20agreed%20too%20many%20bugs%E2%80%A6%20time%20to%20move%20to%20Google%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781824%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781824%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3E%26nbsp%3B%202FA%2FMFA%20is%20unrelated%20to%20disabling%20basic%20auth%2C%20disabling%20basic%20auth%20and%20moving%20to%20modern%20auth%20does%20not%20require%20you%20to%20use%20Microsoft's%20MFA.%20You%20can%20always%20use%20solutions%20like%20Duo%2C%20Okta%20and%20many%20others%20for%20alternative%20MFA%20solutions.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BCan%20you%20guys%20clarify%20your%20stance%20on%20SMTP%20AUTH%3F%20will%20you%20guys%20be%20disabling%20it%20effective%20October%201%2C%202022%20as%20well%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%22%3CSPAN%3EThe%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20MAPI%2C%20RPC%2C%20%3CSTRONG%3ESMTP%20AUTH%3C%2FSTRONG%3E%20and%20OAB.%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781935%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781935%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20Dylan%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethanks%20for%20the%20reply%2C%20so%20what%20is%20the%20difference%20between%20basic%20with%20and%20just%20a%20username%20and%20password%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eso%20when%20I%20am%20in%20the%20SW%20of%20Western%20Australia%20and%2070%25%20of%20the%20time%20have%20no%20internet%20or%20mobile%20connection%20how%20am%20I%20meant%20to%20support%20my%20clients%3F%202FA%20yet%20alone%20trying%20to%20get%20a%20text%20code%20to%20login%20could%20take%20hours%20yet%20alone%20days%20before%20you%20get%20a%20text%20code%20from%20Microsoft%20and%20then%20it%E2%80%99s%20expired%E2%80%A6.so%20how%20are%20we%20meant%20to%20provide%20services.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EShared%20mailboxes%20etc%202FA%20is%20a%20fail.%20Shared%20mailboxes%20don%E2%80%99t%20work%20in%20all%20situations.%20So%20when%20you%20have%20a%20mailbox%20and%20all%20the%20dramas%20that%20don%E2%80%99t%20work%20with%20Microsoft%20how%20are%20we%20meant%20to%20manage%20hundreds%20of%20companies%20in%20rural%20areas%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781991%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781991%22%20slang%3D%22en-US%22%3E%3CP%3EOnly%20if%20those%20copiers%20are%20sending%20to%20recipients%20outside%20of%20your%20tenant%20do%20they%20need*%20to%20use%20SMTP%20Auth.%20Most%20of%20the%20time%2C%20a%20user%20walks%20up%2C%20scans%20something%20to%20themselves%20and%20then%20uses%20Outlook%2C%20etc%20to%20send%20along%20elsewhere%20if%20necessary.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EIf%20your%20MFC%20doesn't%20support%20modern%20auth%2C%202%20of%203%20scenarios%20in%20the%20article%20still%20apply%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3Ee.%20*%20not%20%22need%22%2C%20but%20easier.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781941%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781941%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3EThere%20are%20a%20lot%20of%20hacking%20methods%20that%20exploit%20how%20simple%20it%20is%20to%20run%20many%20combinations%20through%20basic%20authentication.%20Even%20if%20you%20implement%20modern%20authentication%20(sometimes%20called%20web%20authentication)%20and%20no%20other%20security%20controls%2C%20you%20protect%20your%20users%20from%20a%20variety%20of%20password%20attacks.%20In%20addition%2C%20additional%20login%20metadata%20is%20sent%20as%20part%20of%20your%20authentication%2C%20and%20authentication%20%2F%20risk%20decisions%20can%20be%20based%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20others%20have%20said%2C%20this%20paves%20the%20way%20for%20MFA%2C%20but%20that's%20a%20completely%20different%20topic.%3CBR%20%2F%3E%3CBR%20%2F%3EAlso%2C%20shared%20mailboxes%20work%20fine%20with%20MFA.%20Unless%20you%20had%20multiple%20people%20sharing%20a%20PASSWORD%2C%20in%20which%20case%2C%20you%20should%20stop%20doing%20that.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782074%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782074%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Mike%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20I%20think%20something%20like%20that%20can%20be%20done%20as%20long%20as%20you%20dont%20mind%20being%20forced%20further%20in%20to%20Azure%20but%20even%20that%20currently%20has%20lots%20of%20confusion%20surrounding%20it.%20I%20am%20more%20bringing%20that%20up%20as%20another%20example%2C%20I%20am%20sure%20there%20are%20a%20lot%20more....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fupdate-your-applications-to-use-microsoft-authentication-library%2Fba-p%2F1257363%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fupdate-your-applications-to-use-microsoft-authentication-library%2Fba-p%2F1257363%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20point%20is%20its%20always%20done%20in%20an%20inconsistent%20way%20not%20matter%20what%20the%20roll%20out%20is.%20How%20can%20you%20have%20this%20many%20resources%20at%20your%20disposal%20and%20still%20have%20things%20this%20whacked%20out%3F%20Is%20it%20really%20necessary%20to%20have%20a%20major%20change%20notification%2010%20times%20a%20week.%20Can%20anyone%20really%20keep%20up%20with%2030k%20users%20things%20are%20just%20endlessly%20changing%20for%20no%20good%20reason%20other%20than%20to%20move%20things%20around%20and%20charge%20more%3F%20Why%20not%20just%20charge%20more%20for%20E3%20if%20you%20are%20so%20worried%20about%20security%20rather%20than%20saying%20hey%20if%20you%20want%20security%20you%20need%20P2%20blah%20blah%20blah.%26nbsp%3B%3CBR%20%2F%3EIt%20been%20abundantly%20clear%20for%20a%20long%20time%20those%20making%20the%20decisions%20have%20no%20idea%20what%20it%20means%20to%20this%20in%20the%20trenches.%20Its%20just%20endless%20non%20sense.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782106%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782106%22%20slang%3D%22en-US%22%3E%3CDIV%20class%3D%22%22%3EHSI%3C%2FDIV%3E%3CDIV%20class%3D%22%22%3E%3CSPAN%3EThere%20are%20many%20small%20firms%20that%20don't%20have%20those%20resources%20at%20their%20disposal.%20There%20are%20lots%20of%20use%20cases%20that%20are%20outside%20each%20of%20our%20point%20of%20view.%20That%20is%20also%20a%20work%20around%20that%20should%20not%20be%20needed.%3C%2FSPAN%3E%3C%2FDIV%3E%3CP%3E%3CSPAN%3EAnyway%20its%20Friday%20have%20a%20good%20day!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782230%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782230%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165613%22%20target%3D%22_blank%22%3E%40CISUPOORT%3C%2FA%3E%26nbsp%3B-%20you%20can%20move%20to%20Modern%20Auth%20without%20requiring%2Fenforcing%20MFA.%20Your%20creds%20in%20the%20first%20instance%20are%20used%20to%20get%20tokens%2C%20from%20them%20on%2C%20it's%20just%20about%20refreshing%20tokens%20for%20continued%20access.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781983%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781983%22%20slang%3D%22en-US%22%3E%3CP%3ECameron%2C%20Kdaylenhayes%20and%20groupsupport%20are%20correct%20we%20need%20to%20be%20crystal%20clear%20on%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20tell%20us%20you%20understand%20by%20doing%20this%20procedure%20you%20will%20disabling%20scan%20to%20email%20for%20every%20printer%20on%20the%20planet.%20That%20has%20nothing%20to%20do%20with%20security%2C%20it's%20an%20absolute%20requirement%20even%20for%20a%20lot%20of%20military%20based%20devices.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EThis%20seems%20insanely%20obvious%20but%20so%20does%20not%20asking%20admins%20to%20enter%20secret%20questions%20that%20we%20will%20have%20no%20idea%20of%20the%20answers%20in%20Windows%2010%20Pro%20setup%20so%20it%20must%20be%20specifically%20asked.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2780728%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2780728%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome.%20Keep%20it%20up%20and%20don't%20back%20down!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782018%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782018%22%20slang%3D%22en-US%22%3E%3CP%3ENone%20taken!%20I'm%20commenting%20so%20that%20at%20least%20some%20percentage%20of%20the%20readers%20can%20go%20away%20with%20alternate%20solutions.%20I%20get%20that%20some%20are%20going%20to%20have%20heartburn%20over%20this%20-%20but%20TBF%2C%20this%20is%20like%2010%20years%20in%20the%20making...%3C%2FP%3E%3CP%3EA%20website%20contact%20form%20could%20just%20use%20a%20shared%20secret%20or%20cert%20with%20application%20permissions%2C%20no%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783472%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783472%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165985%22%20target%3D%22_blank%22%3E%40JPogue%3C%2FA%3E%26nbsp%3BYes.%20After%20Oct%202022%2C%20Basic%20Auth%20will%20be%20disabled%20service-side.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783557%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783557%22%20slang%3D%22en-US%22%3E%3CP%3ENot%20an%20Exchange%20admin%20by%20trade%20(so%20I%20apologize%20if%20I'm%20way%20off%20base)%2C%20but%20we%20have%20several%20PowerShell%20scripts%20that%20require%20connecting%20to%20Exchange%20Online%20for%20tasks%20other%20than%20managing%20mailboxes%20(M365%20Group%20management%2C%20audit%20searches%2C%20legal%20holds%2C%20etc...).%26nbsp%3B%20Will%20the%20Exchange%20Online%20V2%20PowerShell%20module%20be%20affected%20by%20this%20change%3F%26nbsp%3B%20It%20currently%20%3CEM%3Erequires%3C%2FEM%3E%20Basic%20Authentication%20to%20be%20useful.%26nbsp%3B%20When%20connecting%20from%20a%20client%20where%20Basic%20Auth%20is%20disabled%20I%20get%20this%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EWARNING%3A%20Please%20note%20that%20you%20can%20only%20use%20above%209%20new%20EXO%20cmdlets%20(the%20one%20with%20*-EXO*%20naming%20pattern).You%20can't%20use%20other%20cmdlets%20as%20we%20couldn't%20establish%20a%20Remote%20PowerShell%20session%20as%20basic%20auth%20is%26nbsp%3Bdisabled%20in%20your%20client%20machine.%20To%20enable%20Basic%20Auth%2C%20please%20check%20instruction%20here%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online-powershell-v2%3Fview%3Dexchange-ps%23prerequisites-for-the-exo-v2-module%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fexchange-online-powershell-v2%3Fview%3Dexchange-ps%23prerequisites-for-the-exo-v2-module%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENew-ExoPSSession%20%3A%20Create%20Powershell%20Session%20is%20failed%20using%20OAuth%3CBR%20%2F%3EAt%20C%3A%5CProgram%20Files%5CWindowsPowerShell%5CModules%5CExchangeOnlineManagement%5C2.0.4%5CnetFramework%5CExchangeOnlineManagement.psm1%3A475%20char%3A30%3CBR%20%2F%3E%2B%20...%20PSSession%20%3D%20New-ExoPSSession%20-ExchangeEnvironmentName%20%24ExchangeEnviro%20...%3CBR%20%2F%3E%2B%20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~%3CBR%20%2F%3E%2B%20CategoryInfo%20%3A%20NotSpecified%3A%20(%3A)%20%5BNew-ExoPSSession%5D%2C%20Exception%3CBR%20%2F%3E%2B%20FullyQualifiedErrorId%20%3A%20System.Exception%2CMicrosoft.Exchange.Management.ExoPowershellSnapin.NewExoPSSession%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783564%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783564%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1166051%22%20target%3D%22_blank%22%3E%40RyanWalker%3C%2FA%3Eare%20you%20referring%20to%20the%20client-side%20basic%20auth%20as%20discussed%20here%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.stigviewer.com%2Fstig%2Fwindows_10%2F2020-06-15%2Ffinding%2FV-63335%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.stigviewer.com%2Fstig%2Fwindows_10%2F2020-06-15%2Ffinding%2FV-63335%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20so%2C%20this%20is%20not%20what%20this%20article%20is%20about.%20The%20ExchangeOnlineManagement%20powershell%20module%20works%20with%20modern%20authentication%20%2F%20%22legacy%20authentication%22%20disabled%20on%20the%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783567%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783567%22%20slang%3D%22en-US%22%3E%3CP%3EHere%20we%20go%20again.%20We're%20a%204%20fte%20company%20and%20I'm%20the%20Office%20365%20admin.%20The%20product%20is%20supposed%20to%20be%20ideal%20for%20small%20companies%20that%20do%20not%20have%20the%20resources%20to%20run%20their%20own%20server.%20No%20IT%20management%20knowledge%20required.%3C%2FP%3E%3CP%3EAlmost%20every%20day%20I%20get%20at%20least%20one%20%22major%20change%20update%20notification%22%20from%20the%20message%20center%20pointing%20me%20to%20pages%20like%20this%20one.%20I%20have%20NO%20IDEA%20what%20this%20is%20about%20but%20it%20scares%20the%20hell%20out%20of%20me.%20Every%20month%20something%20changes%20on%20our%20desktop%20keeping%20us%20from%20our%20own%20core%20business.%20Please%2C%20please%2C%20Microsoft%2C%20make%20something%20like%20Office%20365%20Small%20Business%20Basic%20LTS.%20We%20do%20appreciate%20to%20have%20our%20documents%20synchronized%20across%20all%20our%20devices%20but%20for%20the%20rest....%20The%20Office%202003%20apps%20would%20do%20the%20job%20for%20us.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783597%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783597%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%2C%26nbsp%3Byes%20that's%20the%20client-side%20setup%20I'm%20referring%20to.%26nbsp%3B%20I%20just%20saw%20that%20Basic%20Auth%20was%20being%20disabled%20and%20remember%20seeing%20the%20warning%20message%20that%20I%20referenced%20above%20almost%20every%20day%20when%20I%20run%20my%20scripts%20from%20the%20wrong%20client.%26nbsp%3B%20Wanted%20to%20make%20sure%20that%20Microsoft%20wasn't%20requiring%20mutually%20exclusive%20settings%20(the%20support%20documentation%20referenced%20in%20the%20warning%20message%20that%20I%20provided%20shows%2Frequires%20the%20exact%20opposite%20of%20the%20article%20that%20you%20referenced).%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783635%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783635%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F5185%22%20target%3D%22_blank%22%3E%40DoveFromAbove%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EAll%20these%20clients%20support%20modern%20authentication%3A%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3EOutlook%202013%20or%20later%20(Outlook%202013%20requires%20a%20registry%20key%20change.%20See%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fadmin%2Fsecurity-and-compliance%2Fenable-modern-authentication%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20Modern%20Authentication%20for%20Office%202013%20on%20Windows%20devices%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Efor%20more%20information.)%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%202016%20for%20Mac%20or%20later%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EOutlook%20for%20iOS%20and%20Android%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EMail%20for%20iOS%2011.3.1%20or%20later%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EGoogle%20is%20also%20headed%20down%20this%20path%2C%20but%20they%20have%20frozen%20their%20timeline%20temporarily.%26nbsp%3B%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fworkspaceupdates.googleblog.com%2F2020%2F03%2Fless-secure-app-turn-off-suspended.html%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EGoogle%20Workspace%20Updates%3A%20Less%20secure%20app%20turn-off%20suspended%20until%20further%20notice%20(googleblog.com)%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIt's%20just%20matter%20of%20time.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2783773%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2783773%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3Bjust%20in%20time%2C%20have%20you%20heard%20about%20this%20publication%20on%20Autodiscover%20and%20how%20easy%20it%20was%20to%20use%20autodiscover.com.anyTLD%20to%20phish%20for%20BASIC%20authentication%3F%3CBR%20%2F%3EI%20am%20not%20a%20sec%20expert%20but%20I%20hope%20that%20this%20measure%20will%20at%20least%20be%20one%20part%20of%20the%20puzzle.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785412%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785412%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F285725%22%20target%3D%22_blank%22%3E%40ajc196%3C%2FA%3E%26nbsp%3BAll%20the%20protocols%20that%20use%20Basic%20Auth%20and%20that%20we%20are%20shutting%20off%20already%20support%20OAuth%20already%20-%20so%20keep%20the%20protocol%2C%20just%20fix%20up%20the%20auth%20if%20you%20can.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785418%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785418%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BYep%2C%20we%20are%20aware%20but%20we%20have%20a%20web%20of%20CA%20policies%20still%20allowing%20basic%20auth%20for%20various%20sets%20of%20conditions%2Fscenarios%20that%20are%20still%20being%20addressed%20across%20several%20services%2C%20so%20we're%20not%20%22untangling%22%20said%20mess%20just%20yet.%26nbsp%3BBasic%20auth%20being%20disabled%20%26amp%3B%20legacy%20protocols%20on%20by%20default%20is%20our%20ultimate%20goal.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785672%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785672%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BWe%20fully%20support%20turning%20off%20basic%20authentication!%3C%2FP%3E%3CDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EBut%20please%20let%20the%20Outlook%20team%20add%20support%20for%20modern%20authentication%20in%20Outlook%20with%20POP%2FIMAP.%3C%2FSPAN%3E%3C%2FDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3ENow%20this%20is%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Ftroubleshoot%2Fadministration%2Fcannot-connect-mailbox-pop-imap-outlook%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Enot%20available%3C%2FA%3E%2C%20but%20this%20functionality%20is%20very%20much%20needed!%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785698%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785698%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955896%22%20target%3D%22_blank%22%3E%40ExchangeOnline%3C%2FA%3E%26nbsp%3BIf%20you%20have%20Outlook%2C%20why%20use%20POP%2FIMAP%3F%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20no%20plans%20to%20add%20support%20for%20Modern%20Auth%20to%20Outlook.%20If%20you%20have%20Outlook%2C%20use%20MAPI%2FHTTP.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785822%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785822%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BFor%20some%20mailboxes%20there%20is%20a%20security%20requirement%20to%20immediately%20dowload%20the%20messages%20using%20POP.%3C%2FP%3E%3CDIV%3E%3CBR%20%2F%3E%3CDIV%3E%3CSPAN%3EModern%20Auth%20in%20Exchange%20Online%20is%20available%20for%20POP%2C%20why%20not%20allowing%20it%20to%20use%20with%20Outlook%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2786423%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2786423%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F955896%22%20target%3D%22_blank%22%3E%40ExchangeOnline%3C%2FA%3E%26nbsp%3BWhy%20does%20a%20'security%20requirement'%20determine%20the%20protocol%20that%20has%20to%20be%20used%3F%20Why%20POP%3F%20Why%20not%20IMAP%3F%20or%20EWS%3F%20or%20MAPI%3F%20If%20this%20is%20an%20app%2C%20use%20EWS%2C%20or%20even%20better%2C%20REST%2FGraph.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2786837%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2786837%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3Bwe%20are%20familiar%20with%20the%20alternatives%2C%20but%20as%20you%20know%20POP%2C%20by%20default%2C%20removes%20the%20downloaded%20messages%20from%20the%20server.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20consequence%20of%20forcing%20Modern%20Auth%20means%20that%20POP%2FIMAP%20on%20Exchange%20Online%20with%20Outlook%20cannot%20be%20used%20anymore%2C%20that%20would%20be%20very%20dissapointing.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2787107%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2787107%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20FAQs%20state%20that%20%22the%26nbsp%3B%3CSPAN%3EAzure%20AD%20Sign-In%20log%22%20can%20inform%20an%20administrator%20if%20there%20are%20existing%20uses%20of%20Basic%20Auth%20in%20the%20tenant.%26nbsp%3B%20However%2C%20it%20does%20not%20indicate%20how%20you%20do%20that.%26nbsp%3B%20How%20do%20I%20do%20that%3F%26nbsp%3B%20Looking%20at%20the%20Azure%20AD%20Sign-in%20log%2C%20I%20don't%20see%20any%20obvious%20fields%20being%20reported%20that%20indicate%20if%20Basic%20Auth%20was%20used%20for%20the%20sign-in.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2787349%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2787349%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167203%22%20target%3D%22_blank%22%3E%40Kevin_Hamilton%3C%2FA%3E%26nbsp%3BCheck%20the%20%E2%80%9DClient%20apps%E2%80%9D%20kolumn%20in%20Sign-in%20logs%20and%20you%20can%20filter%20on%20Modern%20Authentication%20apps%20and%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782058%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782058%22%20slang%3D%22en-US%22%3E%3CP%3ESMTP%20AUTH%20-%20As%20mentioned%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-july-update%2Fba-p%2F1530163%22%20target%3D%22_blank%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20July%20Update%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_blank%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20February%202021%20Update%20-%20Microsoft%20Tech%20Community%3C%2FA%3E%20we%20will%20%3CSTRONG%3Enot%3C%2FSTRONG%3E%20be%20completely%20disabling%20SMTP%20AUTH%20for%20those%20customers%20that%20still%20want%20to%20use%20it.%20We%20will%20only%20be%20disabling%20it%20for%20tenants%20we%20don't%20see%20using%20it.%20We'll%20clarify%20that%20in%20the%20blog%20above%20shortly.%20Sorry%20for%20any%20confusion.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788210%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788210%22%20slang%3D%22en-US%22%3E%3CP%3EI%20run%20the%20office365%20logins%20for%20a%20school.%20I'm%20not%20up%20with%20the%20lingo%2C%20so%20an%20idiots%20guide%20to%20this%20change%20would%20be%20good%2C%20to%20enable%20me%20to%20understand%20if%20I%20need%20to%20do%20anything%20to%20my%20school%20setup%20or%20if%20this%20will%20effect%20us%20in%20any%20way%20or%20not%20-%20will%20we%20notice%20any%20change%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788310%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788310%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%20Will%20this%20change%20affect%20also%20SharePoint%20online%3F%20I%20see%20in%20Azure%26nbsp%3BSign-in%20logs%3A%3C%2FP%3E%3CP%3EApplication%3A%20Office%20365%20SharePoint%20Online%3C%2FP%3E%3CP%3E%3CSPAN%3EClient%20app%3A%26nbsp%3BOther%20clients%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EIf%20I%20understood%26nbsp%3Bcorrectly%20%22other%20clients%22%20is%20Legacy%20authentication%26nbsp%3Bclient.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788389%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788389%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1165630%22%20target%3D%22_blank%22%3E%40Fenner42%3C%2FA%3E%26nbsp%3B%20-%20You%20are%20able%20to%20use%20Direct%20Send%2C%20or%20any%20other%20number%20of%20options.%20Microsoft%20is%20not%20holding%20security%20efforts%20because%20you%20are%20unable%20to%20learn%20technology.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788448%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788448%22%20slang%3D%22en-US%22%3E%3CP%3E%26gt%3BIf%20MAPI%20is%20going%20away%20how%20will%20the%20Outlook%20client%20connect%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78995%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20IMAP%20is%20not%20MAPI%3C%2FP%3E%3CP%3E2)%20They%20aren't%20turning%20off%20MAPI%20or%20IMAP%3C%2FP%3E%3CP%3E3)%20They%20are%20turning%20off%20Basic%20%2F%20%22Legacy%22%20Authentication%2C%20but%20Exchange%20Online%20supports%20Modern%20Authentication%20for%20both%20IMAP%20and%20MAPI.%3CBR%20%2F%3E4)%20Most%20IMAP%20clients%20don't%20support%20Modern%20Auth.%20For%20example%2C%20Thunderbird%20does%2C%20but%20Outlook%20doesn't.%20However%20Outlook%20has%20no%20need%20to%2C%20since%20it%20it%20also%20supports%20(MAPI%20%2B%20Modern%20Authentication)%2C%20which%20is%20a%20much%20more%20capable%20protocol.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788586%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788586%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20the%20article%20it%20states%20that%20MAPI%20is%20included%20in%20the%20list%20of%20protocols%20to%20be%20disabled.%20If%20this%20is%20the%20case%20than%20wouldn't%20full%20Outlook%20clients%20be%20effected%20by%20this%3F%20Should%20the%20Outlook%20client%20be%20using%20MapiHttp%20instead%20of%20just%20Mapi%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20%3CSTRONG%3EMAPI%3C%2FSTRONG%3E%2C%20RPC%2C%20SMTP%20AUTH%20and%20OAB.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788620%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788620%22%20slang%3D%22en-US%22%3E%3CP%3EWith%20basic%20auth%20being%20disabled%20in%202022%2C%20will%20we%20still%20be%20able%20to%20use%20SMTP%20relay%20as%20mentioned%20in%20this%20article%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fmail-flow-best-practices%2Fhow-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365%3C%2FA%3E%26nbsp%3B.%20We%20use%20this%20method%20with%20IIS%206%20(couldn't%20find%20the%20MS%20article%20anymore%20so%20this%20one%20is%20the%20same)%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fsupport.datasharp.uk.com%2Fportal%2Fen-gb%2Fkb%2Farticles%2Fhow-to-configure-iis-for-relay-with-office-365%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.datasharp.uk.com%2Fportal%2Fen-gb%2Fkb%2Farticles%2Fhow-to-configure-iis-for-relay-with-office-365%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20now%20not%20work%20with%20IIS%206%20method%20once%20Basic%20Auth%20is%20turned%20off%3F%20What%20are%20our%20alternatives%20when%20the%20deadline%20hits%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788622%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788622%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F78995%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3B%26nbsp%3BNo%2C%20this%20article%20does%20not%20discuss%20disabling%20any%20protocols.%20This%20article%20discusses%20disabling%20legacy%20authentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20concept%20has%20been%20the%20discussion%20of%20various%20Ehlo%20blog%20posts%20for%20nearly%20a%20decade.%20Checkout%20some%20of%20these%20other%20articles%3A%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fduckduckgo.com%2F%3Fq%3D%2522modern%2Bauthentication%2522%2Bsite%253Atechcommunity.microsoft.com%252Ft5%252Fexchange-team-blog%26amp%3Bt%3Dffab%26amp%3Bia%3Dweb%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fduckduckgo.com%2F%3Fq%3D%2522modern%2Bauthentication%2522%2Bsite%253Atechcommunity.microsoft.com%252Ft5%252Fexchange-team-blog%26amp%3Bt%3Dffab%26amp%3Bia%3Dweb%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788798%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788798%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20about%20unattended%20Powershell%20scripts%20(or%20other%20system%20services)%20that%20need%20authentication%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788813%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788813%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3B%20Certificate-based%20authentication%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788838%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788838%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3BIf%20you%20previously%20used%20Send-MailMessage%2C%20you%20can%20move%20to%20Send-MgUserMessage.%20Shameless%20plug%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fmikecrowley.us%2F2021%2F09%2F25%2Fsend-mgusermessage%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fmikecrowley.us%2F2021%2F09%2F25%2Fsend-mgusermessage%2F%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20you%20want%20to%20see%20how%20modern%20auth%20works%20with%20Thunderbird%2C%20check%20out%20Michel%20de%20Rooij's%20post%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Feightwone.com%2F2020%2F07%2F01%2Fconfiguring-exchange-account-with-imap-oauth2%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Feightwone.com%2F2020%2F07%2F01%2Fconfiguring-exchange-account-with-imap-oauth2%2F%3C%2FA%3E%3CBR%20%2F%3EIf%20you%20have%20more%20complex%20needs%2C%20check%20out%20Glen%20Scales'%20numerous%2C%20high-quality%20articles%3A%20%3CA%20href%3D%22https%3A%2F%2Fgsexdev.blogspot.com%2Fsearch%3Fq%3D%2522modern%2Bauth%2522%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fgsexdev.blogspot.com%2Fsearch%3Fq%3D%2522modern%2Bauth%2522%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788877%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788877%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F926045%22%20target%3D%22_blank%22%3E%40QuiltersICT%3C%2FA%3E%26nbsp%3B-%20as%20the%20first%20FAQ%20says%2C%20start%20here%2C%20or%20you%20wait%20for%20our%20MC%20posts%20to%20arrive.%20Start%20with%20the%20report%20would%20be%20my%20advice.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EHow%20do%20I%20know%20if%20my%20tenant%20is%20using%20Basic%20Auth%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3ETake%20a%20look%20at%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Freports-monitoring%2Fconcept-sign-ins%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Sign-In%20log%3C%2FA%3E%2C%20as%20it%20can%20help%20identify%20%E2%80%98unexpected%E2%80%99%20usage.%20We%E2%80%99re%20also%20going%20to%20start%20sending%20Message%20Center%20posts%20to%20tenant%20admins%20summarizing%20their%20usage%20(or%20lack%20of).%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167848%22%20target%3D%22_blank%22%3E%40Lyle_Epstein%3C%2FA%3E%26nbsp%3BSMTP%20is%20not%20being%20turned%20off%20if%20it's%20being%20used%20in%20your%20tenant.%20Please%20read%20the%20blog%20and%20FAQ's%20again.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F99899%22%20target%3D%22_blank%22%3E%40Damon%20Villar%3C%2FA%3E%26nbsp%3BAs%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%26nbsp%3Bsaid%2C%20we're%20not%20disabling%20any%20protocols%2C%20only%20specific%20auth%20types.%20They%20are%20not%20the%20same%20thing.%20MAPI(http%2C%20you%20are%20right%2C%20it's%20MAPI%20over%20HTTP%2C%20but%20we're%20just%20calling%20it%20MAPI%20in%20this%20case%2C%20but%20they%20are%20one%20and%20the%20same)%20is%20not%20being%20disabled.%20Basic%20Auth%20with%20MAPI%20is%2C%20but%20not%20OAuth.%26nbsp%3BBut%20yes%2C%20this%20change%20affects%20Outlook%20-%20but%20only%20if%20it%20is%20using%20Basic%20Auth%20with%20MAPI.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2788969%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788969%22%20slang%3D%22en-US%22%3E%3CP%3EQuestion%20related%20to%20moving%20some%20mail%20connectivity%20over%20to%20Modern%20Auth%2C%20but%20it's%20technically%20more%20of%20an%20Azure%20AD%20question%20than%20an%20Exchange%20Online%20question%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20creating%20an%20Azure%20AD%20app%20registration%20for%20delegation%2Fapplication-based%20permissions%20over%20Graph%2C%20I%20noticed%20that%20client%20secrets%20now%20have%20a%20max%20expiration%20of%202%20years%2C%20which%20is%20good%20in%20my%20mind.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOther%20than%20tossing%20an%20event%20on%20my%20IT%20unit's%20shared%20calendar%20and%20hoping%20someone%20takes%20note%20of%20it%20if%20I%20happen%20to%20be%20out%20of%20office%2C%20are%20there%20any%20built-in%20mechanisms%20for%20sending%20expiration%20alerts%20to%20admins%2Fregistration%20owners%20for%20these%20client%20secrets%2C%20as%20to%20avoid%20outages%20when%20they%20expire%3F%20(Similar%20to%20certificate%20expiration%20alerts%20for%20SAML%2Fenterprise%20applications...%20they'll%20nag%20you%203%20times%20in%20the%20final%202%20months%20prior%20to%20expiration)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2789455%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2789455%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20%22Improving%20Security%20-%20Together%22%20article%20from%20September%202019%20had%20a%20section%20titled%2C%20%22Finding%20impacted%20users%22.%26nbsp%3B%20It%20said%3A%3C%2FP%3E%3CBLOCKQUOTE%3EThe%20first%20question%20you%20probably%20have%20is%20%E2%80%93%20so%20how%20do%20I%20know%20who%E2%80%99s%20using%20Basic%20Authentication%20in%20my%20tenant%3F%20Great%20question%2C%20and%20soon%20we%E2%80%99ll%20make%20a%20report%20available%20to%20help%20you%20easily%20answer%20that%20question%20for%20yourself.%20It%E2%80%99s%20a%20report%20that%20provides%20tenant%20admins%20with%20a%20simple%20way%20to%20determine%20who%20is%20using%20Basic%20Auth%20so%20you%2C%20the%20admin%2C%20can%20see%20how%20large%20of%20a%20task%20you%20have%20on%20your%20hands.%3C%2FBLOCKQUOTE%3E%3CP%3EIs%20the%20Azure%20AD%20Sign-in%20Log%20supposed%20to%20be%20that%20report%3F%26nbsp%3B%20If%20so%2C%20I%20think%20I%20need%20further%20guidance%20on%20how%20to%20interpret%20it.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELooking%20at%20the%20Azure%20AD%20Sign-in%20Log%20for%20the%20last%207%20days%2C%20I%20see%20successful%20logins%20with%20%22Client%20App%22%20values%20at%20the%20following%20rates%3A%3C%2FP%3E%3CTABLE%20border%3D%221%22%20width%3D%22100%25%22%3E%3CTBODY%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EBrowser%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E73.64%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EPOP%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E12.42%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EExchange%20ActiveSync%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E8.46%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EIMAP%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E3.14%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EUnknown%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E1.06%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EMobile%20Apps%20and%20Desktop%20clients%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E0.76%25%3C%2FTD%3E%3C%2FTR%3E%3CTR%3E%3CTD%20width%3D%2250%25%22%3EExchange%20Web%20Services%3C%2FTD%3E%3CTD%20width%3D%2250%25%22%3E0.51%25%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20my%20understanding%20that%20Exchange%20ActiveSync%2C%20POP%20and%20IMAP%20can%20all%20be%20used%20with%20or%20without%20Modern%20Authentication.%26nbsp%3B%20How%20do%20I%20know%20which%20one%20is%20being%20used%3F%26nbsp%3B%20And%20what%20should%20I%20assume%20about%20%22Unknown%22%2C%20%22Mobile%20Apps%20and%20Desktop%20clients%22%2C%20and%20%22Exchange%20Web%20Services%22%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E99%25%20of%20the%20%22Unknown%22%20entries%20list%20%22Office%20365%20SharePoint%20Online%22%20as%20the%20Application.%26nbsp%3B%20The%20remaining%201%25%20lists%20%22Microsoft%20Teams%22%20with%20%22Cross%20tenant%20access%20type%22%20set%20to%20%22b2bCollaboration%22.%3C%2FLI%3E%3CLI%3EThe%20Application%20listed%20for%20%22Mobile%20Apps%20and%20Desktop%20clients%22%20is%20a%20mix%20of%20%22Windows%20Sign%20in%22%2C%20%22Microsoft%20Teams%22%2C%20%22Microsoft%20Office%22%2C%20and%20%22%26nbsp%3BApple%20Internet%20Accounts%22%3C%2FLI%3E%3CLI%3EThe%20Application%20listed%20for%20%22Exchange%20Web%20Services%22%20is%20%22Office%20365%20Exchange%20Online%22%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790291%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790291%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167203%22%20target%3D%22_blank%22%3E%40Kevin_Hamilton%3C%2FA%3E%26nbsp%3Bin%20the%20Client%20App%20filter%2C%20deselect%20Web%20and%20Mobile%20Apps%20and%20Desktop%20clients.%20Only%20the%20stuff%20below%20that%20line%20is%20interesting%20for%20this%20exercise.%20Those%20are%20the%20clients%20using%20basic.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22legacy.png%22%20style%3D%22width%3A%20286px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F313234iA862773C38A55C31%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22legacy.png%22%20alt%3D%22legacy.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPic%20courtesy%20of%20Andy%20David%20who%20put%20this%20on%20Twitter%20just%20the%20other%20day.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790858%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790858%22%20slang%3D%22en-US%22%3E%3CP%3ERegarding%20EWS%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20this%20mean%20Impersonation%20for%20a%20service%20application%20would%20be%20affected%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790918%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790918%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BSo%20just%20to%20be%20clear%2C%20if%20you%20would%20have%20users%20using%20IMAP%20or%20EWS%20%3CSTRONG%3Ebut%20using%20Modern%20Authentication%3C%2FSTRONG%3E%2C%20are%20they%20shown%20as%20something%20else%20in%20the%20Sign-in%20logs%2C%20like%26nbsp%3B%3CSTRONG%3EMobile%20Apps%20and%20Desktop%20clients%3C%2FSTRONG%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2790964%22%20slang%3D%22fr-FR%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2790964%22%20slang%3D%22fr-FR%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20imap%2Fsmtp%20for%20our%20scanners%20to%20send%20email.%20I%20configure%20SMTP%20Auth%20for%20sending%20mail%2C%20it's%20work.%20But%20with%20this%20update%20if%20i%20corectly%20understand%20IMAP%20gonna%20be%20disssapear%20%3F%20What%20is%20the%20solution%20please%20%3F%20I%20need%20to%20use%20IMAP.%20I%20found%20a%20software%20nammed%20%22Davmail%22%20but%20it%20look%20like%20an%20old%20product.%26nbsp%3B%3C%2FP%3E%3CP%3EHelp%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791717%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791717%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1168589%22%20target%3D%22_blank%22%3E%40oaydogan%3C%2FA%3E%26nbsp%3BYour%20scanner%20checks%20for%20mail%20too%3F%20It%20reads%20mail%3F%20If%20it%20really%20does%2C%20and%20it%20can%20only%20use%20Basic%2C%20then%20I'm%20sorry%20to%20say%20it%20won't%20be%20able%20to%20use%20Exchange%20Online%20once%20we%20turn%20off%20Basic%20for%20IMAP.%20But%20most%20devices%20like%20that%20only%20send%20mail%2C%20which%20uses%20SMTP%2C%20so%20if%20it%20really%20only%20does%20send%2C%20you%20should%20be%20good.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3BCorrect.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32261%22%20target%3D%22_blank%22%3E%40Skeg%3C%2FA%3E%26nbsp%3BCorrect%20there%20too%2C%20assuming%20it's%20using%20a%20username%2Fpassword%20(i.e.%20Basic).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791747%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791747%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20%22...uses%20SMTP%2C%20so%20if%20it%20really%20only%20does%20send%2C%20you%20should%20be%20good.%22%26nbsp%3B%20Okay%2C%20now%20I'm%20confused%20--%20I%20thought%20authenticated%20SMTP%20was%20going%20away%20since%20it%20falls%20under%20Basic%20Auth%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791782%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791782%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%3CSPAN%3E%26nbsp%3BThe%20blog%20mentions%20SMTP%20several%20times.%20We're%20not%20turning%20it%20off%20for%20those%20that%20still%20need%20to%20use%20it%2C%20and%20even%20if%20we%20do%2C%20you%20can%20turn%20it%20back%20on.%20SMTP%20is%20the%20exception%20(there's%20always%20one%20isn't%20there).%20Read%20the%20blog%20and%20FAQs%20again...%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIt%20also%20says%20at%20the%20end%20of%202022%20basic%20auth%20will%20be%20disabled%20which%20is%20obviously%20causing%20confusion.%20Why%20not%20explain%20the%20proper%20way%20of%20doing%20this%20securely%20instead%20of%20just%20ripping%20everyone%20that%20has%20a%20question%3F%20In%20the%20end%20it%20seems%20everyone%20wants%20the%20platform%20to%20be%20secure%20but%20there%20is%20clearly%20concern%20by%20lots%20of%20people%20regarding%20the%20best%20practices%20to%20get%20this%20wrapped%20up%20proactively%20before%20any%20deadlines.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2791759%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2791759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167896%22%20target%3D%22_blank%22%3E%40MichaelN645%3C%2FA%3E%26nbsp%3BThe%20blog%20mentions%20SMTP%20several%20times.%20We're%20not%20turning%20it%20off%20for%20those%20that%20still%20need%20to%20use%20it%2C%20and%20even%20if%20we%20do%2C%20you%20can%20turn%20it%20back%20on.%20SMTP%20is%20the%20exception%20(there's%20always%20one%20isn't%20there).%20Read%20the%20blog%20and%20FAQs%20again...%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F64%22%20target%3D%22_blank%22%3E%40Tony%20Redmond%3C%2FA%3E%26nbsp%3Bdid%20a%20nice%20blog%20on%20the%20SMTP%20aspects%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Foffice365itpros.com%2F2021%2F09%2F27%2Fbasic-authentication-disappears-exchange-online%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ESMTP%20AUTH%20Exception%20Smoothens%20Path%20to%20Removal%20of%20Basic%20Auth%20in%20Exchange%20Online%20-%20Office%20365%20for%20IT%20Pros%20(office365itpros.com)%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2781773%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2781773%22%20slang%3D%22en-US%22%3E%3CP%3EMicrosoft%20needs%20to%20keep%20this%20around%20to%20support%20legacy%20equipment%20like%20MFC%2C%20MFP%20and%20other%20such%20devices%20not%20designed%20for%20modern%20authentication.%3C%2FP%3E%3CP%3ETelling%20us%20to%20upgrade%20or%20buy%20new%20is%20not%20very%20eco%20friendly.%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20not%20going%20to%20get%20rid%20of%20a%20piece%20of%20well%20working%20equipment%20just%20because%20Microsoft%20wants%20to%20be%20communist%20by%20dictating%20to%20what%20they%20think%20everyone%20should%20have%20or%20use.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2794092%22%20slang%3D%22fr-FR%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2794092%22%20slang%3D%22fr-FR%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%20not%20the%20scanner%20but%20me%20sometime%20i%20need%20to%20check%20sended%20emails.%20We%20have%20a%20lot%20of%20software%20using%20IMAP%20too...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795641%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795641%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20several%20headless%20back-end%20services%20that%20read%20various%20mailboxes%20through%20POP%20or%20IMAP.%20The%20Modern%20Auth%20flow%20requires%20a%20user%20to%20interact%20with%20the%20login%20screen%2C%20but%20these%20services%20do%20not%20have%20a%20user.%20Is%20there%20a%20way%20for%20back-end%20services%20to%20connect%20to%20POP%20or%20IMAP%20without%20Basic%20Auth%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795915%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795915%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1168589%22%20target%3D%22_blank%22%3E%40oaydogan%3C%2FA%3E%26nbsp%3BThe%20scanner%20can%20keep%20using%20SMTP%20AUTH%2FBasic%20to%20send%20mails.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECould%20you%20use%20a%20transport%20rule%20to%20copy%20messages%20it%20sends%20to%20you%2Fsome%20mailbox%3F%20As%20you%20won't%20be%20able%20to%20have%20it%20place%20messages%20in%20the%20Sent%20Items%20folder%20using%20IMAP%2FBasic.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThose%20other%20apps%20using%20IMAP%20need%20to%20be%20updated%20to%20use%20OAuth%2C%20or%20they%20need%20to%20stop%20using%20IMAP%20and%20switch%20to%20something%20else.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795962%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795962%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20be%20clear%2C%20will%20SMTP%20with%20basic%20authentication%20continue%20to%20work%20after%20October%201%2C%202022%3F%3C%2FP%3E%3CP%3EAccording%20to%20this%3A%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3E%3CSTRONG%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20%3CU%3Ewith%20the%20exception%20of%20SMTP%20Auth%3C%2FU%3E.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3Eit%20sounds%20like%20it%20should.%20But%20other%20places%20it%20sounds%20like%20it%20will%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20use%20this%20for%20a%20few%20PaaS%20and%20third%20party%20hosted%20apps%2C%20that%20need%20to%20send%20mails%20from%20our%20domain%2C%20and%20we%20do%20not%20authorize%20them%20with%20SPF%20or%20DKIM%20as%20they%20should%20not%20be%20able%20to%20impersonate%20any%20user.%3C%2FP%3E%3CP%3ECurrently%20we%20use%20SMTP%20with%20basic%20auth%20%2B%20requirement%20for%20membership%20of%20a%20certain%20group%20and%20coming%20from%20a%20known%20IP.%3C%2FP%3E%3CP%3ESwitching%20to%20OAuth2.0%20would%20be%20great%2C%20but%20I%20doubt%20all%20the%20apps%20can%20support%20this.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESecond%2C%20which%20flows%20are%20supported%20for%20SMTP%20OAuth2.0%3F%3C%2FP%3E%3CP%3EI%20have%20tested%20it%20with%26nbsp%3BAuthorization%20Code%2C%26nbsp%3BResource%20Owner%20Password%20Credentials%20(not%20great%20either)%20and%26nbsp%3BClient%20Credentials%20(app%20only).%3C%2FP%3E%3CP%3EThe%20first%20two%20work%20fine%2C%20but%20I%20cannot%20get%26nbsp%3BClient%20Credentials%20flow%20working.%20And%20for%20a%20deamon%20that%20would%20be%20the%20obvious%20choice%2C%20I%20think.%3C%2FP%3E%3CP%3EI%20believe%20I%20sent%20mail%20previously%20with%20Client%20Credentials%20and%20the%20Graph%20API.%20But%20it%20is%20not%20a%20common%20standard%20like%20SMTP.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795665%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795665%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1170238%22%20target%3D%22_blank%22%3E%40joshyeager%3C%2FA%3E%26nbsp%3B%20This%20could%20be%20a%20job%20for%20the%20Graph%20API%20and%20Azure%20AD%20app%20registrations.%20They%20can%20use%20certificates%20or%20client%20secrets%20to%20authenticate.%20(For%20an%20example%20of%20what%20this%20looks%20like%2C%20Lansweeper%20has%20users%20implementing%20Modern%20Authentication%20in%20this%20manner%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.lansweeper.com%2Fknowledgebase%2Fmicrosoft-graph-email-configuration%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Ehttps%3A%2F%2Fwww.lansweeper.com%2Fknowledgebase%2Fmicrosoft-graph-email-configuration%3C%2FA%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20these%20services%20are%20developed%20and%20maintained%20by%20a%20vendor%20or%20another%203rd%20party%2C%20the%20onus%20is%20on%20them%20to%20provide%20some%20type%20of%20Modern%20Authentication%20support.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2795989%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2795989%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1101242%22%20target%3D%22_blank%22%3E%40Jan11185%3C%2FA%3E%26nbsp%3Byes%2C%20SMTP%20AUTH%20with%20Basic%20will%20continue%20to%20work%20after%20October%201st%202022.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20will%20continue%20with%20the%20plan%20to%20turn%20it%20off%20for%20tenants%20not%20using%20(as%20many%20have%20it%20enabled%2C%20but%20don't%20use%20it).%20But%20even%20if%20we%20turn%20it%20off%2C%20they%20can%20turn%20it%20back%20on%20again%2C%20even%20after%20October%201st%202022.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAll%20other%20protocols%20will%20starting%20turning%20off%20from%20October%201st%202022.%20Regardless%20of%20usage.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESMTP%20OAuth%202.0%20does%20not%20support%20the%20client%20credential%20flow%20yet.%20We're%20looking%20to%20add%20that%2C%20but%20no%20timeline%20I%20can%20share%20at%20this%20time.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782011%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782011%22%20slang%3D%22en-US%22%3E%3CP%3EMike%2C%3C%2FP%3E%3CP%3ENo%20offense%20but%20thats%20not%20a%20good%20answer%2C%20there%20are%20so%20many%20legitimate%20use%20cases%20for%20these%20types%20of%20services.%20I%20have%20no%20doubt%20they%20will%20force%20this%20because%20they%20dont%20understand%20what%20daily%20use%20cases%20are%20but%20that%20doesn't%20make%20it%20smart%20or%20the%20correct%20choice.%20When%20you%20have%20suits%20making%20these%20decisions%20with%20no%20understanding%20of%20what%20they%20actual%20mean%20in%20the%20field%20its%20always%20going%20to%20be%20this%20way.%3C%2FP%3E%3CP%3EWhat%20about%20website%20contact%20forms%3F%20Are%20you%20going%20to%20use%20the%20auth%20app%20to%20approve%20that%20account%20every%20time%20the%20token%20gets%20renewed%3F%3C%2FP%3E%3CP%3EI%20am%20sure%20there%20are%20many%20many%20more%20things%20I%20am%20not%20thinking%20of%20at%20the%20moment%20that%20will%20be%20affected.%3C%2FP%3E%3CP%3EIn%20the%20end%20it%20probably%20wont%20matter%2C%20shills%20will%20shill%20and%20MS%20will%20just%20pull%20the%20trigger%20and%20after%20it%20shells%20everyone%20they%20will%20recant%2C%20re-enable%2C%20provide%20hack%20work%20arounds%20and%20on%20and%20on.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2801815%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2801815%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20I'd%20appreciate%20clarification%20on%20the%20scope%20of%20what%20will%20be%20permanently%20disabled%20on%201st%20October%202022%20please.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167714%22%20target%3D%22_self%22%3E%3CSPAN%20class%3D%22%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FA%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1167714%22%20target%3D%22_blank%22%3E%40JanisZ595%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ehas%20also%20asked%20this%20same%20question.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20following%20the%20MS%20guidance%20on%20filtering%20the%20Azure%20AD%20Sign-In%20Reports%20(%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-auth-and-exchange-online-february-2020-update%2Fba-p%2F1191282%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-auth-and-exchange-online-february-2020-update%2Fba-p%2F1191282%3C%2FA%3E%26nbsp%3B)%20for%20basic%20auth%20which%20includes%2013%20line%20items%26nbsp%3B%3CSTRONG%3EOther%20Clients%3C%2FSTRONG%3E%20we%20get%20the%20following%20records.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EClient%20App%3A%20Other%20Clients%3C%2FP%3E%3CP%3EApplication%3A%20%3CSTRONG%3EOffice%20635%20SharePoint%20Online%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20and%20any%20other%20non%20Exchange%2FEmail%20related%20basic%20auth%20protocols%20also%20be%20disabled%3F%26nbsp%3B%20The%20article%20is%20very%20Exchange%20Online%20focused%2C%20but%20also%20states%20%22%3C%2FP%3E%3CP%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20%3CSTRONG%3Edisable%20Basic%20Auth%3C%2FSTRONG%3E%20in%20all%20tenants%2C%20%3CSTRONG%3Eregardless%20of%20usage%3C%2FSTRONG%3E%2C%20with%20the%20exception%20of%20SMTP%20Auth.%22%20which%20I%20assume%20includes%20the%20SharePoint%20Online%20scenario.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2782066%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2782066%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E%26nbsp%3B100%25%20agree.%26nbsp%3B%20When%20we%20migrate%20new%20customers%20to%20Office%20365%20that%20have%20MFD%2C%20legacy%20applications%2Fservices%2C%20etc..%20we%20have%20them%20route%2Frelay%20through%20a%20connector%20on%20their%20Hybrid%20Exchange%20Server%20or%20other%20on-premises%20SMTP%20Relay%20service%2Fappliance%20to%20Office%20365.%26nbsp%3B%20It's%20a%20simple%20solution%20for%20those%20devices%20and%20apps%20that%20need%20to%20relay%20to%20users%20outside%20the%20org%20via%20Office%20365%2C%20but%20can't%20or%20don't%20need%20to%20login%20into%20a%20mailbox%20or%20do%20SMTP%20Auth%20and%20I%20have%20yet%20to%20see%20a%20customer%20where%20this%20solution%20doesn't%20work.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2809116%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2809116%22%20slang%3D%22en-US%22%3E%3CP%3EI%20love%20this.%20%26nbsp%3BHOWEVER%20-%20nowhere%20do%20you%20mention%20that%20for%20new%20tenants%2C%20Basic%20Auth%20is%20disabled%20automatically.%20%26nbsp%3B1%20support%20ticket%2C%2010%20days%20of%20back%20and%20forth%2C%20and%20a%20critical%20service%20for%20our%20company%20being%20down%2C%20I%20finally%20went%20through%20and%20checked%20this%20and%20opted%20out%20anyway%20and%20Basic%20Auth%20for%20POP3%20is%20working%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHorrific%20support%20and%20missing%20information.%20%26nbsp%3BMicrosoft%20Support%20is%20always%20disappointing.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2809136%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2809136%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3BThat%20traffic%20appears%20to%20be%20against%20SharePoint%20Online%2C%20so%20the%20answer%20is%20no%2C%20it%20won't%20be%20disabled.%20I%20don't%20know%20what%20that%20connection%20could%20be%20for%2C%20keep%20looking%2C%20but%20%3CSTRONG%3Ewe're%20only%20blocking%20Basic%20for%20auth%20against%20Exchange%20Online%20with%20the%20changes%20covered%20by%20this%20article%20and%20related%20content%3C%2FSTRONG%3E.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1174437%22%20target%3D%22_blank%22%3E%40mdiorio%3C%2FA%3E%26nbsp%3BSecurity%20Defaults%20is%20used%20to%20block%20Legacy%2FBasic%20for%20new%20tenants.%20Are%20you%20sure%20it%20wasn't%20that%20which%20resulted%20in%20blocking%20POP3%3F%20Did%20you%20get%20a%20MC%20post%20saying%20we%20were%2Fhad%20blocked%20Basic%20Auth%3F%20Sorry%20it%20took%20so%20long%20to%20resolve%2C%20we're%20working%20hard%20to%20give%20support%20the%20tools%20they%20need%2C%20but%20we'll%20take%20that%20as%20a%20sign%20we're%20not%20there%20yet.%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2813344%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813344%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EOffice%20365%20reporting%20services%20are%20still%20using%20Basic%20auth%2C%20any%20ETA%20to%20replace%20this%20with%20MS%20Graph%20API%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2813412%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2813412%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1084178%22%20target%3D%22_blank%22%3E%40dmbuk%3C%2FA%3E%26nbsp%3BWe'll%20have%20news%20soon%20on%20this.%20As%20they%20say%20(still%2C%20despite%20no-one%20having%20tuned%20a%20radio%20in%20for%20years)%20-%20stay%20tuned!%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2815233%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2815233%22%20slang%3D%22en-US%22%3E%3CP%3ESince%20basic%20auth%20is%20being%20retired%20and%20we%20can%20only%20use%20service%20principals%20with%20app-based%20authentication%20in%20Exchange%20Online%2C%20are%20there%20plans%20to%20support%20more%20than%20the%20roles%20listed%20here%3F%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fexchange%2Fapp-only-auth-powershell-v2%3Fview%3Dexchange-ps%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EApp-only%20authentication%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EGlobal%20administrator%3C%2FLI%3E%3CLI%3ECompliance%20administrator%3C%2FLI%3E%3CLI%3ESecurity%20reader%3C%2FLI%3E%3CLI%3ESecurity%20administrator%3C%2FLI%3E%3CLI%3EHelpdesk%20administrator%3C%2FLI%3E%3CLI%3EExchange%20administrator%3C%2FLI%3E%3CLI%3EGlobal%20Reader%3C%2FLI%3E%3C%2FUL%3E%3CP%3EUse%20case%3A%20I%20have%20an%20app%2C%20OpenText%2C%20that%20runs%20powershell%20commands%20to%20set%20Legal%20Hold.%20Currently%2C%20Legal%20Hold%20is%20only%20supported%20in%20the%20Global%20Admin%20and%20Exchange%20Admin%20roles%20above%2C%20so%20I%20have%20to%20give%20them%20the%20%E2%80%9Ckeys%20to%20the%20castle%E2%80%9D%20and%20that%20is%20unacceptable.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20a%20user%20with%20basic%20auth%2C%20I%20simply%20grant%20them%20app%20role%20access%20to%20Legal%20Hold%20and%20have%20the%20app%20run%20with%20a%20long%20randomized%20username%20and%20password%20that%20is%20no%20different%20than%20using%20a%20service%20principal%20client%20secret%2C%20and%20now%20and%20I%20have%20a%20best%20practices%20config.%20Switching%20to%20modern%20auth%20and%20CBA%2C%20I%20can%20now%20no%20longer%20do%20that%20with%20a%20service%20principal%20and%20my%20only%20option%20is%20a%20wildly%20insecure%20alternative.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20are%20the%20plans%20within%20this%20module%20to%20address%20this%20gap%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2818956%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2818956%22%20slang%3D%22en-US%22%3E%3CP%3EPost%20October%202022%2C%20will%20using%20app%20passwords%20to%20authenticate%20for%20example%2C%20via%20IMAP%2C%20still%20work%3F%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%26nbsp%3B%20Thanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2824377%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824377%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20was%20an%20August%2027th%202021%20article%20titled%20%22%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-365-blog%2Fnew-minimum-outlook-for-windows-version-requirements-for%2Fba-p%2F2684142%22%20target%3D%22_self%22%3E%3CSPAN%3ENew%20minimum%20Outlook%20for%20Windows%20version%20requirements%20for%20Microsoft%20365%3C%2FSPAN%3E%3C%2FA%3E%22%20mentioning%20November%201st%202021%20as%20the%20date%20that%20services%20in%20Outlook%202010%20will%20no%20longer%20be%20able%20to%20connect%20to%20Exchange.%20This%20was%20a%20follow%20up%20to%20the%20February%204th%202021%20article%20titled%20%22%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_self%22%3E%3CSPAN%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20February%202021%20Update%3C%2FSPAN%3E%3C%2FA%3E%22%20that%20mentioned%20a%20year%20deadline%20from%20the%20time%20the%20program%20continues%20which%20was%20still%20TBD%20as%20of%20August.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20newer%20article%20seems%20to%20contradict%20the%20August%20article%20and%20reinforce%20the%20Oct%201%202022%20date.%20Is%20this%20article%20saying%20that%20the%20date%20set%20in%20August%20for%20November%201st%202021%20has%20been%20pushed%20back%20to%20October%201st%202022%3F%20This%20would%20be%20a%20massive%20sigh%20of%20relief.%20If%20not%2C%20what%20is%20this%20article%20stating%20that%20i%20don't%20understand%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3EJackson%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2824934%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2824934%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%2C%26nbsp%3Bfollowing%20up%20on%20my%20query.%20This%20is%20a%20legitimate%20use%20case%20and%20loss%20of%20functionality.%20Is%20it%20possible%20to%20request%20an%20Opt-Out%20ONLY%20for%20exchange%20powershell%2C%20and%20perhaps%20limit%20it%20to%20an%20individual%20user(s)%20while%20still%20shutting%20down%20basic%20auth%20across%20all%20other%20services%3F%20Unless%20the%20app-based%20authentication%20is%20going%20to%20be%20updated%20to%20allow%20service%20principals%20to%20be%20assigned%20permissions%20with%20the%20same%20granularity%20as%20a%20user%2C%20this%20is%20an%20unacceptable%20loss%20of%20functionality%20that%20we%20cannot%20tolerate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2837165%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2837165%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAt%20some%20point%2C%20Pop3%20OAuth%20access%20stopped%20working%20for%20outlook.com%2Flive.com%20accounts.%20Any%20attempt%20to%20login%20using%20OAuth%20fails%20with%20%22unknown%20user%20name%20or%20bad%20password%22.%26nbsp%3BPOP%20is%20enabled%20in%20the%20mailbox%20settings%20and%20IMAP%20still%20works%20perfectly.%26nbsp%3B%20Also%2C%20it's%20not%20an%20issue%20for%20O365%20accounts%2C%20only%20for%20personal%20outlook%2Flive%20accounts.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAre%20there%20any%20known%20issues%20related%20to%20that%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2838139%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2838139%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F522206%22%20target%3D%22_blank%22%3E%40EugeneY%3C%2FA%3E%26nbsp%3B-%20Sorry%2C%20no%20idea%20what%20that%20is.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2842553%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2842553%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3Bno%20follow%20up%20was%20provided%20from%20you%20after%20a%20week.%20I%20opened%20a%20support%20ticket%20and%20this%20is%20what%20I%20was%20informed%20(the%20query%20went%20to%20the%20backend%20team%20I%20was%20told)%3A%3C%2FP%3E%3CP%3E%22such%20granular%20level%20of%20filtering%20cannot%20be%20provided%2C%20until%20the%20compatibility%20is%20covered%20for%20Modern%20authentication%20under%20the%20same%20by%20next%20year.%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20it%20appears%20my%20forward%20guidance%20is%20to%20continue%20to%20use%20a%20basic%20authentication%20user%20to%20gain%20the%20granularity%20I%20require%20until%20this%20is%20made%20available%20for%20the%20app-based%20authentication%20flow%2C%20and%20that%20it%20is%20planned%20prior%20to%20disablement%20of%20basic%20auth.%20Fingers%20crossed.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2842576%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2842576%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F461253%22%20target%3D%22_blank%22%3E%40JGrote%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20currently%20working%20on%20allowing%20Service%20Principals%20to%20support%20granular%20roles%20as%20it%20is%20currently%20allowed%20for%20users.%20This%20is%20an%20active%20work%20in%20progress%20and%20we%20hope%20to%20preview%20this%20feature%20some%20time%20early%20next%20year.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECC%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2872830%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2872830%22%20slang%3D%22en-US%22%3E%3CP%3EGreat%20improvement.%20And%20I%20have%20the%20same%20question%20too%3A%20Should%20Microsoft%20provide%20guide%20to%20devices%20provider%20to%20make%20devices%20like%20MFC%2FMFP%2C%20Meeting%20room%20devices%20to%20support%20modern%20authentication%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874169%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874169%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20Avaya%E2%80%99s%20contact%20center%2C%20which%20pulls%20emails%20using%20IMAP%20and%20can%20only%20connect%20to%20our%20tenant%20via%20basic%20auth%20at%20this%20time.%20As%20our%20vendor%20has%20no%20plans%20to%20update%20their%20software%2C%20and%20this%20process%20is%20critical%20to%20our%20company%2C%20what%20are%20we%20supposed%20to%20do%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874354%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874354%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1193198%22%20target%3D%22_blank%22%3E%40Shaafdiesel%3C%2FA%3E%26nbsp%3B-%20Did%20Avaya%20say%20they%20weren't%20going%20to%20do%20anything%3F%20Did%20you%20actually%20contact%20them%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874369%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874369%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BWe've%20been%20asking%20them%20about%20this%20for%20a%20few%20years%20now.%20We%20opened%20a%20new%20case%20with%20them%20recently%20in%20this%20regard%2C%20and%20are%20still%20waiting%20to%20see%20if%20they%20can%20push%20it%20up%20their%20management%20chain%20to%20get%20some%20traction%20on%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2874372%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2874372%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1193198%22%20target%3D%22_blank%22%3E%40Shaafdiesel%3C%2FA%3E%26nbsp%3Bok%2C%20thanks.%20I'll%20add%20them%20to%20my%20list%20of%20partners%20to%20chase%20down.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2881064%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2881064%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3Ewhat%20do%20we%20do%20with%20the%20PublicFolder%20Sync%20in%20hybrid%20environments%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcollaboration%2Fpublic-folders%2Fconfigure-legacy-public-folders-for-hybrid%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fcollaboration%2Fpublic-folders%2Fconfigure-legacy-public-folders-for-hybrid%3Fview%3Dexchserver-2019%3C%2FA%3E%3C%2FP%3E%3CP%3EThese%20scripts%20still%20only%20support%20basic%20auth.%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2883686%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2883686%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20reviewing%20our%20Intune%20MDM%20settings.%20For%20fully%20enrolled%20devices%2C%20iOS%20uses%20Exchange%20Active%20Sync%20(EAS).%20EAS%20and%20EWS%20are%20also%20used%20for%20native%20Apple%20mail%20and%20calendar%2C%20even%20if%20Modern%20Auth%20is%20enabled.%3C%2FP%3E%3CP%3EQuestions%3A%3C%2FP%3E%3CP%3E1.%20If%20EAS%20and%20EWS%20will%20be%20retired%2C%20how%20will%20Intune%20Admins%20create%20a%20management%20iOS%20profile%20for%20fully%20enrolled%20devices%3F%3C%2FP%3E%3CP%3E2.%20How%20will%20iOS%20devices%20be%20fully%20enrolled%20when%20EAS%20and%20EWS%20will%20be%20retired%3F%3C%2FP%3E%3CP%3E2.%20The%20setting%20to%20make%20Outlook%20for%20iOS%20as%20the%20default%20mail%20app%20is%20enabled%20at%20the%20user%20level%20-%20I%20can't%20find%20a%20way%20to%20make%20the%20Outlook%20mobile%20app%20as%20the%20default%20email%20app%20in%20fully%20enrolled%20devices.%20Any%20references%20on%20how%20to%20do%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2887381%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2887381%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1195057%22%20target%3D%22_blank%22%3E%40apexxx%3C%2FA%3E%26nbsp%3B-%20that%20script%20is%20being%20worked%20on%20and%20will%20support%20Modern%20Auth%20in%20due%20course.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6110%22%20target%3D%22_blank%22%3E%40Emy%20Loanzon%3C%2FA%3E%26nbsp%3B-%20EWS%20and%20EAS%20are%20not%20being%20retired.%20Only%20Basic%20Auth%20for%20those%20protocols%20is%20being%20retired.%20They%20will%20continue%20to%20be%20available%20with%20OAuth.%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENot%20sure%20on%20the%20Intune%2FMDM%20questions%20myself%2C%20you%20might%20wany%20to%20try%20there%20if%20no-one%20can%20answer%20here.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2887818%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2887818%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6110%22%20target%3D%22_blank%22%3E%40Emy%20Loanzon%3C%2FA%3E%26nbsp%3B-%20You%20can%20use%20Intune%20to%20push%20Outlook%20for%20iOS%20to%20the%20device%20and%20use%20Conditional%20Access%20to%20block%20the%20native%20EAS%20client.%20This%20will%20essentially%20force%20the%20end%20user%20to%20use%20Outlook%20mobile%20to%20access%20corporate%20email.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAFAIK%20you%20cannot%20change%20the%20default%20mail%20client%20using%20Intune.%20Doing%20so%20may%20prevent%20end-users%20from%20using%20the%20native%20email%20app%20to%20access%20other%20mail%20platforms%20from%20their%20device%20that%20are%20not%20supported%20by%20Outlook%20mobile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2924910%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2924910%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EI%20have%20Exchange%202013%20CU23%20running%20in%20on-premises%20in%20a%20hybrid%20scenario%20with%20Exchange%20online%2C%20and%20AAD%20connect%20setup%20for%20Pass-through%20authentication%20(Autodiscover%2C%20MX%20records%20pointing%20to%20on-prem).%20All%20active%20users%20have%20been%20migrated%20to%20Exchange%20Online%20and%20using%20a%20mix%20of%20clients%2C%20but%20majority%20running%20Outlook%202016%2B.%20Due%20to%20auth%20being%20handled%20by%20our%20on-prem%20AD%20because%20of%20the%20pass-through%20config%2C%20will%20the%20conditional%20access%20policies%20I%20apply%20to%20users%20in%20Azure%20AD%20to%20block%20basic%20authentication%20work%3F%20if%20not%2C%20will%20configuring%20a%20New-authenticationpolicy%20and%20assigning%20to%20users%20work%20as%20described%20in%20this%20article%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fdisable-basic-authentication-in-exchange-online%3C%2FA%3E%3C%2FP%3E%3CP%3EThe%20above%20article%20does%20not%20provide%20much%20information%20for%20hybrid%20scenarios%20like%20my%20case.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2926980%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2926980%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1185792%22%20target%3D%22_blank%22%3E%40mohsan466%3C%2FA%3E%26nbsp%3BFor%20connectivity%20to%20mailboxes%20--%20Passthrough%20authentication%20isn't%20making%20authentication%20go%20to%20your%20on-prem%20Exchange%20servers.%26nbsp%3B%20Authentication%20to%20a%20mailbox%20homed%20in%20Exchange%20Online%20is%20happening%20between%20Outlook%20and%20Azure%20AD.%26nbsp%3B%20(Passthrough%20authentication%20is%20only%20making%20Azure%20AD%20talk%20to%20on-prem%20agents%20to%20validate%20your%20password%20against%20AD%20DS.)%20You'll%20just%20follow%20all%20the%20normal%20guidance%20in%20documentation%20regarding%20the%20disabling%20of%20basic%20authentication%2C%20i.e.%20your%20blocking%20of%20basic%20auth%20via%20Conditional%20Access%20will%20work%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2785444%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2785444%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F285725%22%20target%3D%22_blank%22%3E%40ajc196%3C%2FA%3E%26nbsp%3Bok%2C%20not%20sure%20I%20entirely%20follow%2C%20but%20it%20sounds%20like%20you%20know%20what%20you%20need%20to%20do.%20So%20good%20luck.%20Make%20sure%20you%20follow%20the%20opt%20out%20steps%20above%20so%20we%20don't%20touch%20your%20tenant%20inadvertently%20between%20now%20and%20October%202022.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957176%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957176%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%3EI'm%20not%20sure%20if%20the%20pop%20protocol%20you%20mentioned%20includes%20pop3%2C%20and%20what%20new%20protocol%20should%20I%20use%20instead%26nbsp%3B%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957232%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957232%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%20class%3D%22%22%3E%3CSPAN%3EThank%20you%20very%20much%20for%20your%20answer%2C%20but%20I%20want%20to%20know%20what%20alternative%20protocols%20I%20can%20use%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2957443%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2957443%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1216012%22%20target%3D%22_blank%22%3E%40Xiaowei999%3C%2FA%3E%26nbsp%3BIt%20depends%20on%20what%20you%20are%20trying%20to%20do%2Fuse.%20You%20can%20use%20all%20the%20other%20protocols%20we%20support%20with%20OAuth%20-%20Graph%2FEWS%20for%20scripts%2Fapps%2C%20POP%2C%20IMAP%2C%20EAS%2C%20MAPI%2FHTTP%20for%20client%20apps.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2964276%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2964276%22%20slang%3D%22en-US%22%3E%3CP%3EWhat%20is%20the%20difference%20between%20the%20use%20of%20Modern%20authentication%20in%20sending%20and%20receiving%20emails%20and%20Basic%20Authentication%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2974821%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2974821%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20is%20a%20great%20resource%20for%20those%20looking%20to%20eliminate%20basic%20auth%20from%20their%20tenant.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ELike%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1084178%22%20target%3D%22_blank%22%3E%40dmbuk%3C%2FA%3E%26nbsp%3Bwe%20also%20have%20a%20number%20of%20use%20cases%20for%20Office%20365%20web%20services%20in%20our%20in%20environment.%26nbsp%3B%20You%20mentioned%20at%20the%20beginning%20of%20October%20that%20%22%3CSPAN%3E%3CSTRONG%3EWe'll%20have%20news%20soon%20on%20this%3C%2FSTRONG%3E.%20As%20they%20say%20(still%2C%20despite%20no-one%20having%20tuned%20a%20radio%20in%20for%20years)%20-%20stay%20tuned!%20%22%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EPlease%20can%20you%20provide%20an%20update.%26nbsp%3B%20Has%20anything%20been%20announced%20as%20yet.%26nbsp%3B%20I've%20not%20seen%20anything%20but%20may%20have%20missed%20it%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2973038%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2973038%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20several%20custom%20SaaS%20scripts%20and%20PHP%20applications%20we%20depend%20on%20for%20day%20to%20day%20business%20operations%20that%20use%20our%20Microsoft%20365%20Exchange%20service%20to%20send%20and%20fetch%20email%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Esmtp.office365.com%3C%2FP%3E%3CP%3Eport%3A587%3C%2FP%3E%3CP%3Ewith%20an%20application%20password%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eas%20well%20as%20IMAP%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eoutlook.office365.com%3C%2FP%3E%3CP%3Eport%3A%20993%3C%2FP%3E%3CP%3Ewith%20an%20application%20password%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20the%20proper%20way%20to%20replace%20these%20methods%20with%20the%20supported%20modern%20authentications%20after%20basic%20auth%20has%20been%20retired%3F%26nbsp%3B%20Will%20scripts%20that%20call%20IMAP%20servers%20with%20login%20info%20even%20work%20anymore%20after%20basic%20auth%20retirement%3F%26nbsp%3B%20Is%20there%20a%20KB%20explaining%20the%20proper%20way%20to%20replace%20SMTP%20and%20IMAP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20anyone%20can%20provide%20some%20guidance%20so%20we%20have%20time%20to%20prepare%2C%20that%20would%20be%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2975648%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2975648%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1216012%22%20target%3D%22_blank%22%3E%40Xiaowei999%3C%2FA%3E%26nbsp%3B-%20If%20you%20can%20use%20the%20same%20app%2Fcode%20and%20just%20change%20the%20auth%20being%20used%20-%20none.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F94389%22%20target%3D%22_blank%22%3E%40SuperAJ%3C%2FA%3E%26nbsp%3B-%20take%20a%20look%20at%20these%20pages%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclient-developer%2Flegacy-protocols%2Fhow-to-authenticate-an-imap-pop-smtp-application-by-using-oauth%23%3A~%3Atext%3DAuthenticate%2520an%2520IMAP%252C%2520POP%2520or%2520SMTP%2520connection%2520using%2Caccess%2520token.%2520...%25204%2520Authenticate%2520connection%2520requests.%2520%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAuthenticate%20an%20IMAP%2C%20POP%20or%20SMTP%20connection%20using%20OAuth%20%7C%20Microsoft%20Docs%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fapi%2Fuser-sendmail%3Fview%3Dgraph-rest-1.0%26amp%3Btabs%3Dhttp%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESend%20mail%20-%20Microsoft%20Graph%20v1.0%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1172016%22%20target%3D%22_blank%22%3E%40BentleyBoy%3C%2FA%3E%26nbsp%3B-%20The%20team%20that%20own%20that%20said%20they%20had%20news%20coming.%20Maybe%20they%20are%20busy%20transmitting%20on%20some%20old-fashioned%20radio%20frequency%20and%20we're%20not%20listening.....%3F%20I'll%20check%20with%20them.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2997120%22%20slang%3D%22en-US%22%3ERe%3A%20Basic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2997120%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20anyone%20recommend%20a%20good%20alternative%20mail%20app%20to%20the%20Outlook%20app%20for%20Android%20that%20supports%20modern%20authentication%20and%20is%20compatible%20with%20Office%20365%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.microsoft.office.outlook%26amp%3Bhl%3Den_US%26amp%3Bgl%3DUS%26amp%3BshowAllReviews%3Dtrue%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EMicrosoft%20Outlook%20-%20Apps%20on%20Google%20Play%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20noted%20that%20the%20Outlook%20app%20for%20Android%20from%20the%20Google%20Play%20Store%20has%20lots%20of%20users%20reporting%20issues%20with%26nbsp%3Bmessages%20not%20loading%20and%20the%20ice%20cream%20cone%2C%20and%20it%20would%20be%20good%20to%20offer%20users%20some%20alternatives.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2772210%22%20slang%3D%22en-US%22%3EBasic%20Authentication%20and%20Exchange%20Online%20%E2%80%93%20September%202021%20Update%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2772210%22%20slang%3D%22en-US%22%3E%3CP%3EIn%20February%202021%2C%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_blank%22%3Ewe%20announced%3C%2FA%3E%20some%20changes%20to%20our%20plan%20for%20turning%20off%20Basic%20Authentication%20in%20Exchange%20Online.%20In%20summary%2C%20we%20announced%20we%20were%20postponing%20disabling%20Basic%20Auth%20for%20protocols%20%3CEM%3Ein%20active%20use%3C%2FEM%3E%20by%20your%20tenant%20until%20further%20notice%2C%20but%20that%20we%20would%20continue%20to%20disable%20Basic%20Auth%20for%20all%20protocols%20not%20being%20used.%20The%20overall%20scope%20of%20the%20program%20was%20also%20extended%20to%20include%20Exchange%20Web%20Services%20(EWS)%2C%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%2C%20Remote%20PowerShell%2C%20MAPI%2C%20RPC%2C%20SMTP%20AUTH%20and%20OAB.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20with%20the%20exception%20of%20SMTP%20Auth.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EBasic%20Authentication%20is%20an%20outdated%20industry%20standard%2C%20and%20threats%20posed%20by%20Basic%20Auth%20have%20only%20increased%20in%20the%20time%20since%20we%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fimproving-security-together%2Fba-p%2F805892%22%20target%3D%22_blank%22%3Eoriginally%20announced%3C%2FA%3E%20we%20were%20making%20this%20change.%20The%20original%20announcement%20was%20titled%20%E2%80%98Improving%20Security%20%E2%80%93%20Together%E2%80%99%20and%20that%E2%80%99s%20never%20been%20truer%20than%20it%20is%20now.%20We%20need%20to%20work%20%3CEM%3Etogether%3C%2FEM%3E%20to%20improve%20security.%20We%20take%20our%20role%20in%20that%20statement%20seriously%2C%20and%20our%20end%20goal%20is%20turning%20off%20Basic%20Auth%20for%20all%20our%20customers.%20But%20every%20day%20Basic%20Auth%20remains%20enabled%20in%20your%20tenant%2C%20your%20data%20is%20at%20risk%2C%20and%20so%20your%20role%20is%20to%20get%20your%20clients%20and%20apps%20off%20Basic%20Auth%2C%20move%20them%20to%20stronger%20and%20better%20options%2C%20and%20then%20secure%20your%20tenant%2C%20before%20we%20do.%3C%2FP%3E%0A%3CP%3EEven%20though%20we%20announced%20we%20were%20putting%20the%20work%20on%20hold%2C%20we%20didn%E2%80%99t%20stop%20improving%20security.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-june-2021-update%2Fbc-p%2F2599824%23M31057%22%20target%3D%22_blank%22%3EBack%20in%20June%20we%20provided%20an%20update%3C%2FA%3E%20that%20we%20had%20already%20begun%20to%20disable%20Basic%20Auth%20for%20tenants%20not%20using%20it%2C%20and%20we%20described%20the%20process.%20We%20also%20explained%20how%20you%20could%20re-enable%20an%20affected%20protocol%20if%20you%20really%20needed%20to%20use%20it.%20This%20work%20has%20already%20protected%20millions%20of%20Exchange%20Online%20users.%3C%2FP%3E%0A%3CP%3EToday%2C%20we%20have%20more%20news%20on%20how%20to%20prepare%20for%20this%20important%20change.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-1446289744%22%20id%3D%22toc-hId-1447151886%22%3EProactive%20Protection%20Expansion%3C%2FH1%3E%0A%3CP%3EBeginning%20early%202022%2C%20as%20we%20roll%20out%20the%20changes%20necessary%20to%20support%20this%20effort%2C%20we%20will%20begin%20disabling%20Basic%20Auth%20for%20some%20customers%20with%20usage%20on%20a%20short-term%20and%20temporary%20basis.%3C%2FP%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3E%3CSTRONG%3EIMPORTANT%3A%20Beginning%20early%202022%2C%20we%20will%20selectively%20pick%20tenants%3C%2FSTRONG%3E%3CSTRONG%3E%20and%20disable%20Basic%20Auth%20for%20all%20affected%20protocols%20except%20SMTP%20AUTH%20for%20a%20period%20of%2012-48%20hours.%20After%20this%20time%2C%20Basic%20Auth%20for%20these%20protocols%20will%20be%20re-enabled%2C%20if%20the%20tenant%20admin%20has%20not%20already%20%3C%2FSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-june-2021-update%2Fbc-p%2F2599824%23M31057%22%20target%3D%22_blank%22%3E%3CSTRONG%3Ere-enabled%20them%20using%20our%20self-service%20tools%3C%2FSTRONG%3E%3C%2FA%3E%3CSTRONG%3E.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EDuring%20this%20time%20all%20clients%20and%20apps%20that%20use%20Basic%20Auth%20in%20the%20selected%20tenants%20will%20be%20affected%2C%20and%20they%20will%20be%20unable%20to%20connect.%20%3CSTRONG%3EAny%20client%20or%20app%20using%20%3C%2FSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSTRONG%3EModern%20Auth%3C%2FSTRONG%3E%3C%2FA%3E%3CSTRONG%3E%20will%20not%20be%20affected%3C%2FSTRONG%3E.%20Users%20can%20switch%20to%20other%20clients%20(for%20example%2C%20use%20Outlook%20on%20the%20Web%20instead%20of%20an%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fnew-minimum-outlook-for-windows-version-requirements-for%2Fba-p%2F2767349%22%20target%3D%22_blank%22%3Eolder%20Outlook%20client%20that%20does%20not%20support%20Modern%20Auth%3C%2FA%3E)%20while%20they%20upgrade%20or%20reconfigure%20their%20client%20apps.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-2136851218%22%20id%3D%22toc-hId-2137713360%22%3ELimited%20Opt%20Out%3C%2FH2%3E%0A%3CP%3EIf%20you%20receive%20a%20Message%20Center%20post%20between%20now%20and%20October%202022%2C%20informing%20you%20that%20we%20are%20going%20to%20disable%20Basic%20Auth%20for%20a%20protocol%20in%20your%20tenant%20due%20to%20non-usage%2C%20or%20you%20get%20one%20saying%20we%20know%20you%20are%20using%20Basic%20Auth%2C%20but%20we%20intend%20to%20proactively%20disable%20it%20for%20a%20short%20period%20of%20time%2C%20and%20you%20don%E2%80%99t%20want%20us%20to%20take%20that%20action%20for%20protocols%20in%20your%20tenant%2C%20you%20can%20use%20a%20new%20feature%20in%20the%20Microsoft%20365%20admin%20center%20to%20request%20that%20we%20not%20disable%20specific%20protocol(s).%3C%2FP%3E%0A%3CP%3EWe%20added%20this%20feature%20to%20the%20self-service%20tool%20to%20help%20you%20minimize%20disruptions%20as%20you%20transition%20away%20from%20using%20Basic%20Auth.%20But%20we%20really%20want%20you%20to%20use%20this%20feature%20%3CEM%3Eonly%20if%20you%20really%20need%20Basic%20Auth%3C%2FEM%3E.%20Not%20just%20because%20you%20%3CEM%3Ethink%3C%2FEM%3E%20you%20might%2C%20or%20%3CEM%3Ejust%20in%20case%3C%2FEM%3E.%20Customers%20are%20compromised%20through%20Basic%20Auth%20every%20day%2C%20and%20the%20best%20way%20to%20prevent%20that%20happening%20is%20to%20disable%20it%20and%20move%20to%20Modern%20Auth.%3C%2FP%3E%0A%3CP%3EThe%20exception%20process%20was%20outlined%20in%20an%20earlier%20blog%20post%20but%20here%20it%20is%20again%2C%20with%20specifics%20for%20%E2%80%98opt%20out%E2%80%99%20requests.%3C%2FP%3E%0A%3CP%3EYou%20can%20now%20go%20directly%20to%20the%20Basic%20Auth%20self-help%20diagnostic%20by%20simply%20clicking%20on%20this%20link%3A%20%3CA%20href%3D%22http%3A%2F%2Faka.ms%2FDiagEnableBasicAuthinEXO%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20Basic%20Auth%20in%20EXO%3C%2FA%3E%20(it%E2%80%99ll%20bring%20up%20the%20diagnostic%20in%20the%20Microsoft%20365%20admin%20center%20if%20you%E2%80%99re%20the%20tenant%20admin).%20Or%20you%20can%20open%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fadmin.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20365%20admin%20center%3C%2FA%3E%26nbsp%3Band%20click%20the%20green%20Help%20and%20support%20button%20in%20the%20lower%20right%20hand%20corner%20of%20the%20screen.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The_Exchange_Team_0-1632432572284.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312524iB71BC58D4F03EBB7%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22The_Exchange_Team_0-1632432572284.png%22%20alt%3D%22The_Exchange_Team_0-1632432572284.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The_Exchange_Team_2-1632432692361.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312526iF0F2B76A65AC50D7%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22The_Exchange_Team_2-1632432692361.png%22%20alt%3D%22The_Exchange_Team_2-1632432692361.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWhen%20you%20click%20the%20button%2C%20you%20enter%20our%20self-help%20system.%20Here%20you%20can%20enter%20the%20magic%20phrase%20%E2%80%9C%3CSTRONG%3EDiag%3A%20Enable%20Basic%20Auth%20in%20EXO%3C%2FSTRONG%3E%E2%80%9D.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The_Exchange_Team_3-1632432716629.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312527i842B45F90F5D95D7%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22The_Exchange_Team_3-1632432716629.png%22%20alt%3D%22The_Exchange_Team_3-1632432716629.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EWhichever%20path%20you%20took%20to%20get%20here%2C%20click%20%3CSTRONG%3ERun%20Tests%3C%2FSTRONG%3E%20to%20check%20your%20tenant%20settings%20to%20see%20if%20we%20have%20disabled%20Basic%20Auth%20for%20any%20protocols%2C%20and%20then%20review%20the%20results.%20If%20we%20have%20%3CSTRONG%3Enot%3C%2FSTRONG%3E%20disabled%20Basic%20Auth%20for%20any%20protocols%20in%20your%20tenant%2C%20and%20you%20are%20running%20the%20diagnostic%20before%20September%201%2C%202022%20(one%20month%20before%20the%20October%202022%20start%20date)%2C%20we%E2%80%99ll%20offer%20you%20the%20option%20to%20opt%20out.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The_Exchange_Team_4-1632432739155.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312528iD378155F018779A6%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22The_Exchange_Team_4-1632432739155.png%22%20alt%3D%22The_Exchange_Team_4-1632432739155.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ESelect%20the%20protocol%20to%20opt%20out%20from%20the%20dropdown%2C%20click%20the%20check%20box%2C%20and%20then%20click%20%3CSTRONG%3EUpdate%20Settings%3C%2FSTRONG%3E.%20Repeat%20this%20process%20for%20each%20protocol%20to%20opt%20out.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22The_Exchange_Team_5-1632432757422.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F312529i3D9F3EA6F7F74C10%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22The_Exchange_Team_5-1632432757422.png%22%20alt%3D%22The_Exchange_Team_5-1632432757422.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThat%E2%80%99s%20it.%20Once%20you%20submit%20your%20opt%20out%20request%2C%20we%20won%E2%80%99t%20disable%20Basic%20Auth%20for%20the%20selected%20protocol(s)%20in%20your%20tenant%2C%20whether%20there%20is%20usage%20or%20not%2C%20until%20October%202022.%20Every%20tenant%20can%20request%20an%20opt%20out%20for%20each%20protocol%20(or%20set%20of%20protocols%20in%20the%20case%20of%20Outlook)%2C%20until%20the%20start%20of%20September%202022.%20Starting%20September%201%2C%202022%2C%20we%20will%20remove%20the%20opt%20out%20option%2C%20and%20%3CSTRONG%3Estarting%20October%201%2C%202022%2C%20we%E2%80%99ll%20begin%20turning%20off%20Basic%20Auth%20in%20%3CEM%3Eall%3C%2FEM%3E%20tenants%2C%20regardless%20of%20usage%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%20style%3D%22background%3A%20%23F0F0F0%3B%20padding%3A%20.5em%3B%20margin%3A%201em%200%201em%200%3B%22%3E%3CSTRONG%3ENote%3A%3C%2FSTRONG%3E%20Self%20service%20re-enablement%20of%20Basic%20Auth%20does%20not%20currently%20work%20for%20GCC%20tenants.%20For%20GCC%20tenants%2C%20please%20open%20a%20ticket%20with%20our%20support%20team%20to%20re-enable%20Basic%20Auth.%3C%2FP%3E%0A%3CP%3ETo%20reiterate%2C%20requesting%20an%20opt%20out%20for%20protocols%20you%20aren%E2%80%99t%20sure%20about%2C%20or%20%3CEM%3Ejust%20in%20case%3C%2FEM%3E%2C%20puts%20your%20tenant%20data%20at%20risk.%20If%20you%20really%20aren%E2%80%99t%20sure%2C%20let%20us%20turn%20it%20off%20and%20wait%20to%20see%20what%20happens%20(or%20use%20Security%20Defaults%20or%20Conditional%20Access%20to%20do%20it%20today).%20You%20can%20always%20re-enable%20it%20for%20the%20time%20being%20using%20the%20opt%20out%20process%2C%20and%20while%20this%20might%20cause%20some%20disruption%2C%20the%20upside%20is%20it%20will%20help%20you%20identify%20the%20affected%20clients%20and%20apps%2C%20and%20the%20work%20you%20need%20to%20do%20prior%20to%20October%202022.%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-2126348114%22%20id%3D%22toc-hId-2127210256%22%3EFrequently%20Asked%20Questions%3C%2FH1%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EHow%20do%20I%20know%20if%20my%20tenant%20is%20using%20Basic%20Auth%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3ETake%20a%20look%20at%20the%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fazure%2Factive-directory%2Freports-monitoring%2Fconcept-sign-ins%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20AD%20Sign-In%20log%3C%2FA%3E%2C%20as%20it%20can%20help%20identify%20%E2%80%98unexpected%E2%80%99%20usage.%20We%E2%80%99re%20also%20going%20to%20start%20sending%20Message%20Center%20posts%20to%20tenant%20admins%20summarizing%20their%20usage%20(or%20lack%20of).%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EHow%20will%20I%20know%20if%20this%20change%20will%20affect%20my%20tenant%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EIf%20the%20Azure%20AD%20Sign-In%20log%20shows%20Basic%20(legacy)%20Auth%20usage%2C%20this%20change%20will%20affect%20your%20tenant.%3C%2FP%3E%0A%3CP%20data-unlink%3D%22true%22%3E%3CSTRONG%3E%3CEM%3EI%20thought%20you%20said%20you%20were%20%3CU%3Enot%3C%2FU%3E%20going%20to%20completely%20disable%20SMTP%20AUTH%3F%3C%2FEM%3E%3C%2FSTRONG%3E%3CBR%20%2F%3EYou%E2%80%99re%20right%2C%20we%20did%2C%20in%20blog%20posts%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-february-2021-update%2Fba-p%2F2111904%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fbasic-authentication-and-exchange-online-july-update%2Fba-p%2F1530163%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E.%20We%E2%80%99re%20going%20to%20continue%20to%20disable%20SMTP%20AUTH%20for%20tenants%20who%20don%E2%80%99t%20use%20it%2C%20but%20we%20will%20not%20be%20changing%20the%20configuration%20of%20any%20tenant%20who%20does.%20We%20can%E2%80%99t%20tell%20though%20if%20the%20usage%20we%20see%20is%20valid%20or%20not%2C%20that%E2%80%99s%20down%20to%20you%20to%20determine.%20So%20you%20still%20should%20move%20away%20from%20using%20Basic%20and%20SMTP%20AUTH%20though%20if%20you%20can%2C%20as%20it%20does%20leave%20you%20exposed.%20Don%E2%80%99t%20forget%2C%20you%20can%20disable%20it%20at%20the%20tenant%20level%2C%20and%20re-enable%20on%20a%20per-user%2Faccount%20level%20as%20described%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fexchange-team-blog%2Fsecuring-authenticated-smtp-in-exchange-online%2Fba-p%2F1293154%22%20target%3D%22_self%22%3Ehere%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EI%20can%E2%80%99t%20re-enable%20SMTP%20using%20this%20feature%2C%20but%20I%20can%20request%20an%20opt%20out%20%E2%80%93%20huh%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EWell%20spotted!%20We%20didn%E2%80%99t%20build%20logic%20into%20the%20re-enablement%20tool%20for%20SMTP%20as%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fauthenticated-client-smtp-submission%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eyou%20can%20already%20do%20that%20easily%20using%20PowerShell%3C%2FA%3E%2C%20but%20we%20wanted%20to%20make%20sure%20you%20could%20request%20an%20opt%20out%20for%20disabling%20of%20%26nbsp%3BSMTP%20AUTH%2C%20so%20we%20included%20it%20here.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EHow%20can%20I%20get%20a%20longer%20exception%3F%20I%20still%20want%20to%20use%20Basic%20Auth%20after%20October%202022%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EWe%20are%20not%20providing%20the%20ability%20to%20use%20Basic%20Auth%20after%20October%202022.%20You%20should%20ensure%20your%20dependency%20on%20Basic%20Auth%20in%20Exchange%20Online%20has%20been%20removed%20by%20that%20time.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EWhat%20if%20I%20request%20an%20opt%20out%2C%20do%20the%20necessary%20work%2C%20and%20then%20want%20you%20to%20disable%20Basic%20Auth%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EFirst%20of%20all%2C%20we%E2%80%99ll%20say%20well%20done%2C%20we%20appreciate%20you%20doing%20the%20work.%20Then%2C%20what%20we%20would%20advise%20would%20be%20to%20use%20Security%20Defaults%20or%20Conditional%20Access%20to%20block%20legacy%20auth.%20We%20might%20not%20get%20to%20your%20tenant%20right%20away%2C%20so%20better%20for%20you%20to%20take%20action%20and%20secure%20your%20tenant%20when%20you%20are%20ready%2C%20and%20then%20we%E2%80%99ll%20come%20back%20and%20disable%20it%20fully%20in%20time.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EWhat%20if%20you%E2%80%99ve%20blocked%20some%20protocols%2C%20but%20I%20want%20to%20request%20an%20exception%20for%20others%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EYou%20won%E2%80%99t%20see%20the%20opt%20out%20dialog%20unless%20no%20protocols%20in%20your%20tenant%20are%20blocked.%20But%20that%E2%80%99s%20ok%2C%20as%20all%20you%20have%20to%20do%20is%20%E2%80%98re-enable%E2%80%99%20that%20protocol%20(even%20though%20it%E2%80%99s%20not%20disabled%20at%20the%20time)%2C%20and%20we%E2%80%99ll%20consider%20that%20an%20opt%20out%20request%20for%20it.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EIf%20I%E2%80%99ve%20set%20up%20Authentication%20Policies%2C%20or%20Conditional%20Access%20to%20block%20legacy%20auth%2C%20how%20will%20I%20know%20it%E2%80%99s%20safe%20to%20remove%20these%20and%20not%20re-open%20myself%20to%20the%20risks%20posed%20by%20Basic%20Auth%3F%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EKeep%20watching%20the%20Message%20Center%20in%20your%20tenant%3B%20we%E2%80%99ll%20send%20Message%20Center%20posts%20in%20advance%20of%20us%20making%20a%20change%20to%20your%20Basic%20Auth%20configuration%2C%20and%20again%20once%20we%E2%80%99ve%20made%20the%20change.%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSTRONG%3EWhat%20are%20you%20doing%20with%20Application%20Access%20Policies%3F%20We%E2%80%99ve%20been%20trying%20to%20get%20our%20apps%20to%20use%20these%20to%20secure%20them%20more%20granularly%2C%20but%20with%20only%20100%20policies%20available%2C%20that%E2%80%99s%20impossible!%3C%2FSTRONG%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWe%20know%20many%26nbsp%3Bof%20our%20larger%20customers%20are%20already%20working%20on%20migrating%20thousands%20of%20service%20principals%20to%20our%20modern%20APIs%2C%20and%20we%E2%80%99ve%20heard%20the%20feedback%20that%20the%20existing%20limits%20with%20the%20current%20Application%20Access%20Policies%20code%20which%20allow%20only%20300%26nbsp%3Bservice%20principals%20(we've%20increased%20from%20100%20to%20300)%20is%20not%20enough.%26nbsp%3BWe%E2%80%99re%20announcing%20today%20that%20we%20plan%20on%20supporting%2010%2C000%20or%20more%20of%20these%20assignments%20per%20tenant.%20We%E2%80%99ll%20have%20more%20news%20on%20this%20update%20soon%2C%20so%20don%E2%80%99t%20let%20this%20issue%20stop%20you%3B%20it%E2%80%99s%20time%20to%20start%20planning%20to%20migrate%20your%20Basic%20Auth%20and%20legacy%20API%20applications%20to%20Microsoft%20Graph%20and%20Modern%20Authentication.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EWhile%20we%E2%80%99re%20on%20the%20subject%20of%20Application%20Access%20Policies%2C%20we%20also%20want%20to%20say%20that%20we%20are%20aligning%20our%20Application%26nbsp%3Band%20Administrative%20access%20control%26nbsp%3Bmodels%20to%20allow%20the%20full%20flexibility%20of%20Role-Based%20Access%20Control%20to%20apply%20to%20service%20principals%20in%20Exchange%20Online.%26nbsp%3BAnd%20we%E2%80%99re%20bringing%20a%20unified%20management%20experience%20for%20scoped%20application%20access%20to%20the%20Azure%20AD%20Identity%20portal%20where%20admin%20permission%20consents%20are%20managed%20today.%26nbsp%3BMore%20details%20will%20be%20announced%20soon!%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH1%20id%3D%22toc-hId-318893651%22%20id%3D%22toc-hId-319755793%22%3ESummary%3C%2FH1%3E%0A%3CP%3EWe%20know%20many%20of%20you%20will%20be%20happy%20about%20this%20announcement%2C%20as%20shutting%20down%20Basic%20Auth%20access%20to%20Exchange%20Online%20is%20a%20very%20good%20thing%20from%20a%20security%20perspective.%20And%20we%20also%20know%20that%20many%20of%20our%20customers%20have%20been%20focusing%20on%20other%20problems%20over%20the%20past%20year%2C%20and%20this%20will%20mean%20they%20might%20need%20to%20do%20more%20work%20in%20this%20area%20to%20be%20ready%20on%20time.%20We%20hope%20that%20giving%20you%2012%20months%E2%80%99%20notice%20will%20give%20you%20sufficient%20time%20to%20prepare.%3C%2FP%3E%0A%3CP%3E%3CFONT%20color%3D%22%23FF6600%22%3EThe%20Exchange%20Online%20Team%3C%2FFONT%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2772210%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EToday%2C%20we%20are%20announcing%20that%2C%20effective%20October%201%2C%202022%2C%20we%20will%20begin%20to%20permanently%20disable%20Basic%20Auth%20in%20all%20tenants%2C%20regardless%20of%20usage%2C%20with%20the%20exception%20of%20SMTP%20Auth.%3C%2FSTRONG%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2772210%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAnnouncements%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Co-Authors
Version history
Last update:
‎Nov 29 2021 01:44 PM
Updated by: