In early January 2023, we will permanently turn off Basic auth for multiple protocols for many Exchange Online tenants.
We want to thank you once again for all the hard work you’ve done to prepare your tenant and users for this change, and for your part in helping secure our service and your data.
How Will This Change Happen
Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope (we are still not touching SMTP, but you should).
Soon after basic auth is permanently disabled, any clients or apps connecting using Basic auth to one of the affected protocols will receive a bad username/password/HTTP 401 error.
The only remediation for this is to update the client or app or use a different client or app that supports Modern authentication.
Frequently Asked Questions
Why are you making this change? We’re making this change to protect your tenant and data from the increasing risks associated with Basic auth. The reasons to do this are many.
Wait! I still need to use Basic auth; how can I get it re-enabled in my tenant once it gets disabled in January? You cannot; it has been permanently disabled. Calling support will not help either, as they cannot re-enable Basic auth for you.
Where can I read more about this? You can read our official documentation here.
What happened to the basic authentication self-service re-enablement diagnostic in Microsoft 365 admin center? Starting in January 2023, we have removed the diagnostic that you could use to re-enable basic authentication in your tenant because we are starting to permanently disable basic authentication in Exchange Online.
It’s taken more than three years to reach this point, and we know it has taken a lot of effort from customers, partners and developers too. Thank you to everyone who has played their part in helping secure our customers’ data and tenants. Together, we’ve improved security!