Home
%3CLINGO-SUB%20id%3D%22lingo-sub-868141%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868141%22%20slang%3D%22en-US%22%3EGreat%20news!%20Wish%20we%20could%20have%20gotten%20modern%20auth%20IMAP%20sooner%20though...%20But%20surely%2C%20isn't%20it%20possible%20to%20add%20OAuth2%20to%20SMTP%20as%20well%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868152%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868152%22%20slang%3D%22en-US%22%3E%3CP%3EA%20bit%20disappointed%20at%20some%20of%20these%20changes%20to%20IMAP%2C%20particularly%20since%20I%20have%20yet%20to%20run%20across%20any%20non-interactive%20email%20program%20(i.e.%20for%20automated%20systems)%20that%20can%20use%20OAuth2.%26nbsp%3B%20Are%20there%20any%20plans%20to%20provide%20a%20workaround%20like%20per-application%20passwords%2C%20or%20manually%20re-enabling%20basic%20authentication%20on%20a%20per-account%20level%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868226%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868226%22%20slang%3D%22en-US%22%3E%3CP%3EAt%20last!%20I%E2%80%99ve%20been%20looking%20for%20a%20forced%20move%20to%20more%20secure%20authentication.%20A%20lot%20of%20customers%20will%20not%20like%20this%20-%20but%20it%20has%20to%20be%20done.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868237%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868237%22%20slang%3D%22en-US%22%3E%3CP%3EI%20really%20hope%20that%20by%20this%20time%20you%20will%20also%20have%20support%20for%20using%20service%20principals%20or%20app%20based%20auth%20so%20that%20we%20still%20have%20the%20possibility%20of%20doing%20automation%20with%20Exchange%20online.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868260%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868260%22%20slang%3D%22en-US%22%3E%3CP%3Efinally!!!%20great%20initiative%3C%2FP%3E%3CP%3EAt%20the%20same%20time%20(%20or%20earlier)%20can%20we%20switch%20OFF%20pop3%20smtp%20imap%20and%20exo%20PowerShell%20for%20newly%20created%20users%20please%3F%20(enabled%20by%20default%20currently)%3C%2FP%3E%3CP%3EAs%20admins%20can%20always%20switch%20them%20ON%2C%20on%20an%20%22as%20required%22%20basis.%3C%2FP%3E%3CP%3EI%20believe%20this%20will%20have%20the%20biggest%20impact%20in%20security%20in%20ExO.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868707%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868707%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%2C%20you%20can%20disable%20POP3%20and%20IMAP%20for%20new%20mailboxes%20by%20default%20by%20disabling%20it%20on%20the%20mailbox%20plan.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CPRE%3EGet-CASMailboxPlan%20-Filter%20%7BImapEnabled%20-eq%20%22true%22%20-or%20PopEnabled%20-eq%20%22true%22%20%7D%20%7C%20set-CASMailboxPlan%20-ImapEnabled%20%24false%20-PopEnabled%20%24false%3C%2FPRE%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868850%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868850%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F235719%22%20target%3D%22_blank%22%3E%40Tony%20Federer%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20that.%3C%2FP%3E%3CP%3EWe've%20been%20disabling%20it%20in%20the%20user%20provisioning%20scripts%20for%20all%20our%20customers%20tenancies%20for%2018%20months....%3C%2FP%3E%3CP%3EMy%20point%20is%20that%20it%20should%20be%20disabled%20by%20default%2C%20which%20is%20not.%3C%2FP%3E%3CP%3EMicrosoft%20is%20making%20leaps%20and%20bounds%20in%20security%2C%20which%20is%20very%20refreshing%2C%20as%20we've%20been%20constantly%20drumming%20about%20these%20issues.%20Would%20be%20good%20to%20get%20this%20one%20done%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868943%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868943%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20all%20the%20comments%20so%20far.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F412664%22%20target%3D%22_blank%22%3E%40NeedsCoffee%3C%2FA%3E%26nbsp%3B%20-%20we%20mentioned%20in%20the%20post%20we%20have%20plans%20for%20SMTP%20AUTH%20-%20we're%20working%20hard%20on%20those%20and%20will%20announce%20more%20when%20we're%20ready.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F412673%22%20target%3D%22_blank%22%3E%40silverts%3C%2FA%3E%26nbsp%3Band%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F17492%22%20target%3D%22_blank%22%3E%40Jan%20Ketil%20Skanke%3C%2FA%3E%26nbsp%3B%20-%20same%20answer%20as%20above.%20Yes%2C%20we%20have%20plans.%20Will%20announce%20what%20when%20we're%20ready.%20Work%20still%20to%20be%20done.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B-%20we%20agree%20and%20while%20this%20post%20is%20all%20about%20October%20next%20year%20we%20are%20going%20to%20be%20changing%20defaults%20for%20new%20customers%20sooner.%20We%20can't%20easily%20change%20something%20like%20this%20for%20existing%20customers%20like%20you%20without%20notice%2C%20that's%20part%20of%20our%20terms%20of%20service%20with%20you.%20But%20we%20do%20want%20new%20customers%20secure%20by%20default%20and%20we%20are%20considering%20turning%20off%20Basic%20for%20customers%20we%20know%20don't%20use%20it.%20We%20are%20also%20going%20to%20be%20sending%20tenant%20admins%20Message%20Center%20posts%20specific%20to%20their%20own%20tenant's%20usage.%20So%20look%20out%20for%20that.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-868946%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-868946%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnderstand%20and%20agree.%20Awesome%20you%20guys%20are%20doing%20this%20and%20taking%20into%20consideration%20.%20We%20all%20want%20both%20security%20and%20reputation%20being%20upheld.%20Thank%20you%20for%20listening%20and%20acting.%3C%2FP%3E%3CP%3E%3Athumbs_up%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-869568%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869568%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20this%20post%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E.%26nbsp%3BDo%20you%20have%20any%20further%20info%20on%20%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F4516672%2Foutlook-shows-disconnected-after-modern-authentication-enabled%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20KB%20article%3C%2FA%3E%20regarding%20disconnected%20mailboxes%20after%20enabling%20modern%20auth%3F%20This%20could%20cause%20us%20some%20problems%20in%20our%20organisation%20where%20the%20resolution%20of%20recreating%20the%20profile%20could%20be%20painful.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-869582%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869582%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F223328%22%20target%3D%22_blank%22%3E%40Michael%20Peebles%3C%2FA%3E%26nbsp%3B%20-%20the%20builds%20that%20contain%20the%20fix%20are%20in%20the%20KB%2C%20so%20the%20best%20advice%20is%20simply%20to%20make%20sure%20those%20are%20the%20builds%20you%20have%20deployed%20before%20enabling%20MA.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-869745%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869745%22%20slang%3D%22en-US%22%3E1.%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAzure-Cloud-Shell-Now-Supports-Exchange-Online%2Fba-p%2F652269%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAzure-Cloud-Shell-Now-Supports-Exchange-Online%2Fba-p%2F652269%3C%2FA%3E%20says%20%22if%20you%20don%E2%80%99t%20touch%20the%20machine%20for%20more%20than%2020%20minutes%20(approx.)%20we%20will%20reclaim%20the%20session.%20We%20anticipate%20that%20the%20current%20timeout%20should%20work%20for%20most%20ad-hoc%20management%20scenarios%20but%20if%20you%20intend%20to%20execute%20long-running%20scripts%20then%20Cloud%20Shell%20is%20not%20the%20best%20tool%20for%20the%20job%22%20How%20do%20we%20overcome%20this%3F%20What%20is%20the%20alternative%20solution%20for%20long-running%20scripts%3F%202.%20Will%20there%20be%20support%20for%20App%20password%20or%20Azure%20AD%20Application%20credentials%20in%20RPS%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-869872%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-869872%22%20slang%3D%22en-US%22%3E%3CP%3ESo%20when%20will%20IMAP%20be%20included%20so%20can%20use%20GMail%20account%20without%20having%20to%20allow%20legacy%20clients%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870014%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870014%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20the%20information%20and%20update.%20Have%20a%20query%20with%20regards%20to%20Skype%20for%20Business%20side%20changes%20if%20any%20(required)%20with%20respect%20to%20this%20change%2C%20as%20Lync.exe%20will%20interact%20with%20EWS%2FEXO%20regardless%20of%20the%20user%20placed%20over%20SfB%20On-Prem%20or%20Online%20if%20his%20exchange%20is%20Online.%20Pls%20let%20know.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870061%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870061%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%20I%20have%20a%20query%20with%20f1%20licence%2C%20the%20people%20that%20use%20this%20licence%20will%20use%20modern%20authentication%3F%20Or%20what%20mechanism%20will%20connect%20to%20exchange%20online%3F%3C%2FP%3E%3CUL%3E%3CLI%3EThanks.%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870160%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870160%22%20slang%3D%22en-US%22%3E%3CP%3EPlease%20fix%20the%20sync%20frequency%20for%20Outlook%20for%20Android%20first.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fmsoffice_outlook-mso_amobile-mso_o365b%2Fset-sync-frequency-and-quiet-times-on-outlook-app%2F344bf497-6490-4bb9-83bb-1cb5a6434e99%3Fauth%3D1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fanswers.microsoft.com%2Fen-us%2Fmsoffice%2Fforum%2Fmsoffice_outlook-mso_amobile-mso_o365b%2Fset-sync-frequency-and-quiet-times-on-outlook-app%2F344bf497-6490-4bb9-83bb-1cb5a6434e99%3Fauth%3D1%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20don't%20need%20the%20mobile%20Outlook%20notifications%20when%20I%20am%20sitting%20in%20the%20office%20and%20have%20the%20desktop%20Outlook%20open.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870178%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870178%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F412673%22%20target%3D%22_blank%22%3E%40silverts%3C%2FA%3E%26nbsp%3B-%20yes%2C%20absolutely%20yes.%20We%20personally%20use%20an%20automated%20e-mail%20fetching%20system%20that%20integrates%20into%20our%20core%20business%2C%20we%20use%20IMAP%20with%20an%20app%20password%20for%20it%20and%20that%20breaking%20will%20leave%20us%20at%20a%20standstill%2C%20and%20it's%20not%20OUR%20app%20so%20it's%20not%20something%20we%20can%20code%20an%20update%20to.%20Being%20at%20the%20mercy%20of%20other%20app%20developers%20to%20update%20an%20(admittedly%20aging)%20app%2C%20before%20the%20deadline.%20Ouch.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B-%20I%20know%20you%20said%20there%20is%20plans%2C%20but%20just%20reinforcing%20the%20fact%20that%20we%20need%20to%20allow%20an%20override%20for%20this%20to%20use%20an%20app%20password%20on%20a%20per-account%20basis%20or%20something%2C%20there's%20lots%20and%20lots%20of%20uses%20for%20IMAP%2FPOP%20right%20now%20using%20basicauth%2C%20not%20just%20a%20little%20bit.%20Many%20businesses%20may%20be%20using%20an%20older%20application%20that%20will%20NOT%20get%20an%20update%2C%20and%20for%20them%20an%20immediate%20transition%20to%20a%20new%20app%20may%20not%20be%20an%20option%20for%20them%2C%20yet%20they've%20already%20fully%20committed%20to%20using%20Exchange%20Online%2C%20so%20this%20change%20effectively%20breaks%20their%20businesses.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870389%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870389%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20use%20EAS%20only.%26nbsp%3B%20No%20access%20to%20OWA.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhats%20the%20options%20with%20EAS%20with%20MDM%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870650%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870650%22%20slang%3D%22en-US%22%3E%3CBLOCKQUOTE%3E%3CP%3E(did%20you%20know%20we%E2%80%99ve%20added%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Farticle%2FAdd-a-shared-mailbox-to-Outlook-mobile-f866242c-81b2-472e-8776-6c49c5473c9f%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eshared%20mailbox%20support%3C%2FA%3E%20to%20the%20Outlook%20app%20for%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D32571%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EiOS%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D32572%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAndroid%3C%2FA%3E%3F%20That%E2%80%99s%20one%20reason%20some%20people%20have%20been%20using%20POP%20and%20IMAP)%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EThis%20hasn't%20actually%20hit%20GA%20yet%20and%20is%20limited%20to%20TestFlight%20participants%20only.%26nbsp%3B%20There%20hasn't%20been%20any%20info%20about%20what%20the%20hold-up%20is%2C%20but%20hopefully%20in%20the%20next%20few%20months%20we'll%20see%20it.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D32571%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D32571%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870818%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870818%22%20slang%3D%22en-US%22%3EWill%20IMAP%2FPOP's%20implementation%20of%20OAuth2%20work%20with%20SAML-based%20IdP%20federation%2C%20or%20will%20it%20require%20ADFS%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870857%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870857%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20i%20like%20this%20in%20principal%2C%20as%20a%20manufacturing%20company%20this%20is%20going%20to%20be%20very%20disruptive.%26nbsp%3B%20When%20you%20have%20a%20bunch%20of%20physical%20tools%2Fdevices%20deployed%20that%20have%20very%20basic%20configuration%20options%2C%20and%20each%20tool%20costs%20millions%20of%20dollars%2C%20its%20a%20hard%20sell%20to%20management%20to%20get%20them%20to%20replace%20it.%26nbsp%3B%20I%20would%20like%20to%20second%20the%20app%20password%2Fbypass%20for%20specific%20account%20approach%20that%20some%20others%20have%20already%20mentioned.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-870900%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-870900%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F56954%22%20target%3D%22_blank%22%3E%40Eric%20Watkins%3C%2FA%3E%26nbsp%3B%40CoryCTI%3C%2FP%3E%3CP%3EWhile%20I%20personally%20accept%20the%20argument%2C%20with%20all%20due%20respect%2C%20this%20is%20not%20solely%20an%20Exchange%20matter%2C%20it's%20an%26nbsp%3B%20Identity%20and%20Authentication%20one.%20I%20don't%20think%20this%20will%20happen%20anytime%20soon%20on%20a%20per-protocol%20or%20per-user%20basis.%3C%2FP%3E%3CP%3EAs%20far%20as%20I%20know%2C%20you%20cannot%20selectively%20switch%20on%20or%20off%20MA%20at%20user%20level%2C%20but%20at%20the%20endpoint%20and%20organisation.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871286%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871286%22%20slang%3D%22en-US%22%3E%3CP%3EDoes%20this%20mean%20that%20App%20Passwords%20will%20no%20longer%20be%20usable%20on%20native%20Android%20mail%20%2F%20contacts%20%2F%20calendar%20app%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20so%2C%20please%20make%20sure%20Outlook%20for%20Android%20can%20do%20complete%2C%20automatic%2C%20in%20the%20background%2C%20two-way%20sync%20with%20our%20contacts%20stored%20on%20Exchange%20Online%2C%20similar%20to%20the%20way%20it%20works%20with%20Outlook%202016%2F2019%20for%20Windows%20Desktop.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20vital%20that%20we%20be%20able%20to%20update%20contacts%20on%20our%20mobile%20devices%20and%20have%20them%20sync%20to%20the%20cloud%20reliably%20and%20transparently%2C%20and%20that%20contacts%20modified%20on%20other%20mobile%20or%20desktop%20devices%20update%20on%20all%20devices.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871323%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871323%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EGood%2C%20solid%2C%20firm%20answer.%3C%2FP%3E%3CP%3ELove%20it.%20Something%20needed%20to%20be%20done%20and%20looks%20like%20you%20guys%20are%20doing%20it.%3C%2FP%3E%3CP%3EI%20think%20(and%20no%20doubt%20you%20ran%20the%20numbers%20in%20the%20impact%20assessment)%2099%25%20of%20organisations%20are%20going%20to%20be%20better%20off%20thanks%20to%20this.%3C%2FP%3E%3CP%3EYes%2C%20there%20will%20be%20pain-points%2C%20but%20so%20has%20evolution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871322%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871322%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413417%22%20target%3D%22_blank%22%3E%40bhoobalan%3C%2FA%3E%26nbsp%3B-%20we%20are%20working%20on%20a%20solution%20for%20scripts%2Fautomation.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413462%22%20target%3D%22_blank%22%3E%40anameihavetoenter%3C%2FA%3E%26nbsp%3B-%20Don't%20understand%20your%20question.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413497%22%20target%3D%22_blank%22%3E%40Venkata_R%3C%2FA%3E%26nbsp%3B-%20Lync%20client%20doesn't%20support%20Modern%20Auth%20afaik%2C%20but%20nor%20should%20it%20be%20trying%20to%20connect%20to%20EXO%20for%20any%20users%20which%20I%20assume%20are%20homed%20on-prem.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F61917%22%20target%3D%22_blank%22%3E%40David%20Abad%3C%2FA%3E%26nbsp%3B-%20F1%20users%20can%20use%20OWA%20(this%20change%20has%20no%20impact%20on%20that)%2C%20Outlook%20for%20iOS%2FAndroid%20and%20POP%2FIMAP.%20Outlook%20for%20iOS%2FAndroid%20already%20support%20Modern%20Auth%20and%20uses%20it%20already%2C%20so%20POP%2FIMAP%20are%20the%20two%20to%20think%20about%20-%20if%20you%20want%20to%20keep%20using%20them%20then%20you'll%20need%20to%20find%20a%20client%20that%20support%20POP%2FIMAP%20with%20OAuth.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413567%22%20target%3D%22_blank%22%3E%40CoreyCTI%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F56954%22%20target%3D%22_blank%22%3E%40Eric%20Watkins%3C%2FA%3E%26nbsp%3B-%20Sorry%2C%20but%20we're%20not%20adding%20app%20passwords%20for%20IMAP.%20We're%20providing%2013%20months%20notice%20of%20this%20change%2C%20you%20need%20to%20start%20reaching%20out%20to%20the%20developers%20of%20those%20apps.%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGary%20Smith%26nbsp%3B-%20there%20are%20plenty%20of%20solutions%20in%20the%20market%20-%20or%20you%20could%20try%20switch%20to%20Outlook%20mobile%20-%20it%20is%20a%20great%20client.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F131751%22%20target%3D%22_blank%22%3E%40Philip%20Kluss%3C%2FA%3E%26nbsp%3B-%20good%20point%2C%20thanks.%20Soon%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2857%22%20target%3D%22_blank%22%3E%40Jesse%20Thompson%3C%2FA%3E%26nbsp%3B-%20it%20won't%20depend%20upon%20ADFS.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F4769%22%20target%3D%22_blank%22%3E%40Steven%20Seligman%3C%2FA%3E%26nbsp%3B-%20correct%2C%20no%20more%20app%20passwords.%20OAuth%20ftw.%20What%20you%20are%20asking%20for%20should%20already%20work%20in%20Android.%20Sync%20of%20contacts%20from%20your%20mailbox%2C%20to%20Outlook%20on%20your%20device%2C%20to%20your%20local%20contacts%20store%20-%20and%20vice%20versa.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871672%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871672%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20-%20Thank%20you%20for%20the%20reply%20and%20feedback.%20We%20have%20enabled%20MA%20support%20for%20SfB%20online%20(not%20directly%20related%20to%20this%20topic)%20and%20also%20we%20have%20implemented%20ADAL%20support%20as%20described%20here%20-%26nbsp%3B%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fskypeforbusiness%2Ftroubleshoot%2Fhybrid-exchange-integration%2Fallowadalfornonlyncindependentoflync-setting%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fskypeforbusiness%2Ftroubleshoot%2Fhybrid-exchange-integration%2Fallowadalfornonlyncindependentoflync-setting%3C%2FA%3E%3C%2FSTRONG%3E%2C%20however%2C%20we%20still%20see%20Lync.exe%20making%20EXO%20connects%20over%20Basic%20Auth%20as%20reported%20from%20the%20sign-in%20logs%20from%20Azure%20AD.%20Requesting%20to%20provide%20insights%20if%20there%20are%20any%20specific%20actions%20needed%20to%20support%20this%20cutover%20at%20EXO.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871755%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871755%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BThis%20are%20great%20news%20for%20optimizing%20the%20security%20of%20out%20O365%20Tenants.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%2C%20we%20have%20migration%20scenarios%20where%20the%20EXO%20IMAP%20Migration%20is%20not%20suitable%20and%20we%20have%20to%20do%20a%20similar%20IMAP%20Migration%20Method%20which%20is%20triggered%20from%20the%20customer%20on-prem%20service.%20Are%20there%20plans%20for%20this%20kind%20of%20o365%20migrations%20to%20allow%20legacy%20IMAP%20Auth%20temporarly%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-871993%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-871993%22%20slang%3D%22en-US%22%3EHi%2C%20will%20also%20PST%20Export%20Tool%20support%20modern%20auth%20prompt%20with%20MFA%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-872326%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-872326%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20you%20clarify%2C%20for%20those%20of%20us%20with%20SMTP%2FIMAP%20apps%20today%2C%20what%20can%20we%20do%20%3CSTRONG%3Eright%20now%3C%2FSTRONG%3E%20to%20begin%20to%20test%20a%20new%20configuration%20and%20talk%20to%20app%20developers%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFrom%20what%20I've%20seen%20apps%20already%20support%20OAUTH%20flows%20for%20SMTP%2FIMAP%20to%20support%20gmail%2C%20but%20no%20support%20for%20O365%20is%20present%20because%20MS%20hasn't%20enabled%20any%20protocols%20server%20side.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E..%20and%20splitting%20the%20delivery%20date%20of%20IMAP%20and%20SMTP%20enablement%20is%20going%20to%20be%20horrible.%20I%20think%20in%20practice%20app%20makers%20will%20wait%20until%20MS%20enables%20OAUTH%20on%20both%20before%20doing%20anything.%20A%20split%20configuration%20is%20just%20an%20awful%20user%20experience.%20Meaning%20we%20will%20probably%20only%20have%20a%20few%20months%20before%20the%20deadline%20when%20completed%2C%20released%2C%20software%20is%20available%20to%20migrate!!%20I%20hope%20MS%20can%20now%20seriously%20expedite%20delivering%20OAUTH%20on%20both%20protocols.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873000%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873000%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414309%22%20target%3D%22_blank%22%3E%40Jason_Gunthorpe%3C%2FA%3E%26nbsp%3B-%20we'll%20have%20some%20new%20on%20SMTP%20AUTH%20soon%2C%20so%20hold%20on%20a%20bit%20longer%20for%20that.%20We%20understand%20you%20need%20both%2C%20but%20given%20OAuth%202.0%20and%20how%20we%20use%20it%20in%20O365%20is%20well%20understood%2C%20it%20should%20be%20possible%20to%20begin%20contemplating%20what%20this%20change%20means%2C%20even%20if%20it%20can't%20be%20tested%20today.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746%22%20target%3D%22_blank%22%3E%40Petr%20Vlk%3C%2FA%3E%26nbsp%3B-%20no%20plans%20to%20do%20that.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F270767%22%20target%3D%22_blank%22%3E%40jakobschaefer%3C%2FA%3E%26nbsp%3B-%20are%20you%20referring%20to%20an%20IMAP%20migration%20into%20EXO%2C%20pulling%20from%20on-prem%2Fsomewhere%20else%3F%20I%20don't%20think%20this%20change%20impacts%20that%2C%20as%20the%20auth%20flow%20is%20in%20the%20opposite%20direction%20there.%20EXO%20is%20using%20Basic%20to%20authenticate%20to%20your%20remote%20IMAP%20target%2C%20you%20aren't%20using%20Basic%20to%20auth%20to%20EXO.%20I'll%20check%20though.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873050%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873050%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3Ecan%20you%20at%20least%20commit%20which%20standard%20Microsoft%20will%20follow%20in%20the%20implementation%3F%20Will%20MS%20be%20using%20Google's%20AUTH%3DXOAUTH2%20scheme%3F%20RFC7628's%20AUTH%3DOAUTHBEARER%3F%20Something%20else%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873064%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873064%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%3A%20For%20Example%3A%20Right%20now%20we%C2%B4re%20in%20a%20migration%20from%20a%20solution%20which%20only%20is%20accessible%20via%20IMAP.%20Unfortunately%20there%20are%20technical%20reasons%20why%20we%20can%C2%B4t%20use%20the%20regular%20o365%20imap%20migration%20which%20pulls%20the%20mails%20via%20imap%20to%20EXO.%20We%20have%20to%20make%20use%20of%20another%20tool%20(IMAPSync)%20which%20exports%20the%20mail%20via%20IMAP%20(with%20special%20settings)%20and%20pushs%20it%20into%20exo.%20In%20the%20future%2C%20when%20this%20security%20improvement%20in%20EXO%20is%20implemented%2C%20i%20couldnt%20use%20this%20or%20similar%20tools%20anymore%2C%20because%20IMAP%20supports%20no%20Modern%20Auth%20Methods.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873236%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873236%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F270767%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%3A%20For%20Example%3A%20Right%20now%20we%C2%B4re%20in%20a%20migration%20from%20a%20solution%20which%20only%20is%20accessible%20via%20IMAP.%20Unfortunately%20there%20are%20technical%20reasons%20why%20we%20can%C2%B4t%20use%20the%20regular%20o365%20imap%20migration%20which%20pulls%20the%20mails%20via%20imap%20to%20EXO.%20We%20have%20to%20make%20use%20of%20another%20tool%20(IMAPSync)%20which%20exports%20the%20mail%20via%20IMAP%20(with%20special%20settings)%20and%20pushs%20it%20into%20exo.%20In%20the%20future%2C%20when%20this%20security%20improvement%20in%20EXO%20is%20implemented%2C%20i%20couldnt%20use%20this%20or%20similar%20tools%20anymore%2C%20because%20IMAP%20supports%20no%20Modern%20Auth%20Methods.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3EAs%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20pointed%20out%2C%20it%20appears%20that%20you're%20reading%20IMAP%20from%20a%20non%20ExO%20system%20for%20migration%20to%20365...%20so%20not%20sure%20how%20auth%20changes%20will%20impact%20that%2C%20as%20it%20will%20be%20outbound%20from%20ExO%20auth%20to%20an%20IMAP%20system%2C%20not%20inbound%20to%20ExO%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873250%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873250%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%3A%20For%20Example%3A%20Right%20now%20we%C2%B4re%20in%20a%20migration%20from%20a%20solution%20which%20only%20is%20accessible%20via%20IMAP.%20Unfortunately%20there%20are%20technical%20reasons%20why%20we%20can%C2%B4t%20use%20the%20regular%20o365%20imap%20migration%20which%20pulls%20the%20mails%20via%20imap%20to%20EXO.%20We%20have%20to%20make%20use%20of%20another%20tool%20(IMAPSync)%20which%20exports%20the%20mail%20via%20IMAP%20(with%20special%20settings)%20and%20pushs%20it%20into%20exo.%20In%20the%20future%2C%20when%20this%20security%20improvement%20in%20EXO%20is%20implemented%2C%20i%20couldnt%20use%20this%20or%20similar%20tools%20anymore%2C%20because%20IMAP%20supports%20no%20Modern%20Auth%20Methods.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAnd%20other%20example%20is%20the%20recovery%20process.%20eDiscovery%20running%20couple%20of%20minutes%2C%20but%20Restore-RecoverableItems%20runs%20like%20hours%20or%20days%20to%20restore%20the%20same.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873255%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873255%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%2C%20sorry%2C%20but%20no%20%3A).%20I%20read%20it%20from%20the%20non%20EXO%20via%20IMAP%2C%20%22caching%22%20the%20items%2C%20and%20then%20i%20connect%20to%20EXO%20via%20IMAP%20again%20to%20migrate%20the%20items%20into%20EXO.%20This%20is%20imapsync%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fimapsync%2Fimapsync%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%26nbsp%3Bhttps%3A%2F%2Fgithub.com%2Fimapsync%2Fimapsync%3C%2FA%3E%26nbsp%3B%3CSPAN%3Eit%C2%B4s%20a%20very%20helpfull%20tool%20for%20handling%20easy%20imap%20migrations.%20But%20this%20is%20just%20an%20example%20for%20a%20IMAP%20Migration%20Method.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-873265%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-873265%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414309%22%20target%3D%22_blank%22%3E%40Jason_Gunthorpe%3C%2FA%3E%26nbsp%3B-%20we'll%20tell%20you%20as%20soon%20as%20we%20can.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F270767%22%20target%3D%22_blank%22%3E%40jakobschaefer%3C%2FA%3E%26nbsp%3B-%20so%20you're%20using%20a%20system%20in%20the%20middle%2C%20pulling%20from%20the%20source%2C%20and%20pushing%20to%20O365%3F%20If%20so%2C%20then%20yes%2C%20that%20app%2Ftool%20will%20need%20to%20add%20OAuth%20support.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F746%22%20target%3D%22_blank%22%3E%40Petr%20Vlk%3C%2FA%3E%26nbsp%3B-%20I'll%20double%20check%20and%20come%20back.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-876210%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-876210%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BDoes%20this%20mean%20that%20you%20also%20will%20(automatically)%20switch%20all%20old%20tenants%20Exchange%20Online%20configuration%20to%20use%20Modern%20Authentication%20from%20Basic%20Authentication%3F%20I%20mean%20all%20those%20tenants%20created%20many%20years%20ago%20that%20defaulted%20to%20Basic%20Authentication%20and%20tenant%20admins%20who%20never%20have%20bothered%20to%20change%20to%26nbsp%3B%3CSPAN%3E%3CSTRONG%3ESet-OrganizationConfig%20-OAuth2ClientProfileEnabled%20%24true%3C%2FSTRONG%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877080%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877080%22%20slang%3D%22en-US%22%3E%3CP%3EJonas%2C%20we've%20been%20doing%20some%20of%20that%20already%2C%20and%20letting%20customers%20know%20via%20Message%20Center%20posts%20if%20their%20tenant%20is%20getting%20switched.%20It%20depends%20on%20whether%20those%20customers%20use%20Federated%20auth%20or%20not.%20If%20customers%20do%20not%20(they%20use%20just%20cloud%20identities%20or%20PTA%20or%20PHS%20etc.)%20then%20we're%20switching%20them.%20We're%20not%20switching%20those%20using%20Fed%20Auth%20yet.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt's%20really%20important%20customers%20make%20this%20change%2C%20there%20are%20a%20lot%20of%20benefits%20-%20we're%20continuing%20to%20push%20for%20this%20in%20various%20ways.%20IT%20Pros%20like%20those%20reading%20this%20blog%20can%20help%2C%20let's%20get%20off%20Basic%20Auth.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877096%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877096%22%20slang%3D%22en-US%22%3E%3CP%3EI%20agree.%20I%20do%20that%20for%20all%20customers%20even%20though%20they%20don't%20see%20the%20reason%20when%20I%20have%20the%20permissions%20to%20do%20it.%20But%20we%20have%20some%20customers%20who%20manage%20their%20own%20tenants%20and%20have%20more%20better%20things%20to%20do%20(according%20to%20them)%20and%20it's%20good%20to%20know%20their%20tenant%20will%20be%20switched%20whether%20they%20want%20or%20not%20-%20then%20I%20don't%20have%20to%20take%20that%20struggle%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877164%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877164%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20may%20be%20a%20dumb%20question%20but%20will%20this%20affect%20MAPI%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EClarification%20within%20this%20article%20would%20be%20beneficial.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-877636%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-877636%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20you%20give%20a%20timeframe%20on%20the%20reporting%20tool%20for%20basic%20auth%3F%20We'd%20like%20to%20get%20ahead%20of%20this%2C%20and%20are%20getting%20hit%20with%20credential%20harvesting%20on%20basic%20auth%20endpoints%2C%20like%20ActiveSync.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878147%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878147%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F380595%22%20target%3D%22_blank%22%3E%40lpage1669%3C%2FA%3E%26nbsp%3B-%20MAPI%20will%20not%20be%20affected%20-%20but%20that%20doesn't%20mean%20Outlook%20won't.%20Outlook%20uses%20MAPI%20and%20EWS%20(and%20OAB%20and%20AutoDiscover%20too%20of%20course)%2C%20so%20if%20Outlook%20is%20still%20trying%20to%20use%20Basic%20then%20features%20that%20use%20EWS%20might%20be%20impacted.%20It's%20very%20important%20to%20get%20Outlook%20switched%20to%20Modern%20Auth%20therefore.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F170351%22%20target%3D%22_blank%22%3E%40CHRISTOPHER%20BUES%3C%2FA%3E%26nbsp%3B-%20as%20the%20article%20said%2C%20soon.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878641%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878641%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%2C%26nbsp%3Bcheers%20for%20that.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20guessing%20the%20case%20is%20the%20same%20with%20RPC%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878760%22%20slang%3D%22ja-JP%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878760%22%20slang%3D%22ja-JP%22%3E%3CP%3EI%20understand%20the%20importance%20of%20security.%20I%20agree%20with%20that%20in%20the%20future.%20%3CBR%20%2F%3E%20But%20the%20deadline%20is%20not%20realistic.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ESo%2C%20we%20strongly%20request%20the%20withdrawal%20of%20the%20deadline.%3C%2FP%3E%3CP%3EWe%20are%20a%20tenant%20administrator%20for%2070%2C000%20accounts.%20%3CBR%20%2F%3E%20And%20because%20it's%20a%20university%2C%20they%20allow%20their%20own%20email%20clients.%20%3CBR%20%2F%3E%20We%20have%202%2C000%20IMAP%2FPOP%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20do%20you%20say%20to%20end%20users%20when%20there%20is%20no%20email%20client%20that%20can%20connect%20to%20Exchnage%20Online%20using%20OAuth%20%2B%20IMAP%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDon't%20set%20termination%20until%20Exchange%20Online%20supports%20IMAP%2FPOP%20with%20OAuth%20and%20some%20popular%20email%20clients%20support%20it!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-878933%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-878933%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F25192%22%20target%3D%22_blank%22%3E%40%E6%98%87%20%E8%B0%B7%E6%9D%91%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHow%20many%20security%20incidents%20related%20to%20this%20weak%20authentication%20is%20your%20SOC%20or%20OPS%20team%20dealing%20with%20please%3F%3C%2FP%3E%3CP%3EIf%20anything%20(not%20calculating%20the%20data%20and%20further%20identity%20theft%20actions)%2C%20think%20about%20the%20expense%20of%20effort.%3C%2FP%3E%3CP%3ESomeone%20older%20and%20wiser%20once%20taught%20me%3A%20risk%3Dcost.%3C%2FP%3E%3CP%3ESome%20people%20like%20us%2C%20security%20and%20forensics%2C%20would%20love%20to%20keep%20the%20status%20quo%2C%20but%20we%20observe%20a%20code%20of%20conduct%20to%20do%20what%20is%20right.%20I%20suggest%20you%20start%20educating%20your%20users%20now.%20There's%20plenty%20of%20time.%3C%2FP%3E%3CP%3EI%20got%20some%20tenancy%20of%20120%2C000%20.%20Rule%20them%20before%20they%20rule%20you.%3C%2FP%3E%3CP%3ERC%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-887324%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-887324%22%20slang%3D%22en-US%22%3E%3CP%3EI%20understand%20we%20should%20push%20app%20vendors%20to%20support%20OAuth%2C%20but%20like%20many%20people%20I%20have%20apps%20which%20use%20IMAP%20for%20mail%20flow.%26nbsp%3B%20JIRA%20is%20a%20good%20example%2C%20it%20is%20unlikely%20this%20will%20support%20Ouath.%26nbsp%3B%20What%20about%20printing%20devices%20which%20may%20not%20have%20firmware%20updates%3F%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENot%20having%20application%2Fimap%20specific%20passwords%20is%20a%20significant%20limitation.%26nbsp%3B%20What%20is%20the%20logic%20behind%20that%3F%20Is%20it%20the%20implementation%20effort%20or%20is%20there%20real%20world%20data%20on%20the%20abuse%20of%20application%20specific%20passwords.%26nbsp%3B%20While%20there%20is%20risk%20of%20misuse%2Ftheft%2C%20most%20things%20are%20a%20trade%20off%20between%20security%20and%20usability.%26nbsp%3B%20Not%20having%20basic%20auth%2Fapp%20password%20support%20improves%20security%2C%20but%20I%20now%20I%20cannot%20use%20O365%20mailboxes%20with%20a%20lot%20of%20systems.%26nbsp%3B%20Where%20an%20application%20vendor%20cannot%20update%20to%20support%20Oauth%20it%20means%20I%20need%20to%20setup%20an%20internal%20mail%20server%2C%20which%20seems%20a%20step%20backwards.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%22%3CSPAN%3ESorry%2C%20but%20we're%20not%20adding%20app%20passwords%20for%20IMAP.%20We're%20providing%2013%20months%20notice%20of%20this%20change%2C%20you%20need%20to%20start%20reaching%20out%20to%20the%20developers%20of%20those%20apps.%20'%20%26nbsp%3B%20%26nbsp%3B%20%3CFONT%3EGiven%20the%20impact%20of%20this%20change%20on%20your%20customers%2C%20it%20would%20be%20nice%20to%20have%20bit%20detail%20on%20why%20no%20app%20passwords.%26nbsp%3B%2013%20months%20is%20not%20a%20long%20time%20in%20development%20cycles.%3C%2FFONT%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-888701%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-888701%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F376676%22%20target%3D%22_blank%22%3E%40rajeev_Kap%3C%2FA%3E%2C%20from%20what%20I%20have%20been%20able%20to%20understand%20it%20looks%20like%20Microsoft%20expects%20a%20server%20application%20like%20Jira%20to%20use%20the%20OAUTH%20client%20credentials%20grant%20using%20an%20app%20password%20to%20get%20the%20OAUTH%20token.%20(see%20here%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-client-creds-grant-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-client-creds-grant-flow%3C%2FA%3E).%20This%20seems%20to%20have%20a%20nicer%20enrollment%20and%20security%20flow%20in%20general%2C%20but%20is%20a%20big%20disruption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20is%20also%20fairly%20unclear%20how%20this%20should%20be%20setup%20to%20allow%20the%20daemon%2Fserver%20account%20to%20access%20a%20mail%20box.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20really%20need%20some%20migration%20documentation%20from%20MS%20for%20common%20use%20cases%2C%20ie%26nbsp%3B%20a%20Jira%20server%20that%20needs%20to%20ingest%20and%20send%20email%20is%20a%20good%20use%20case%20to%20describe.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20hope%20MS%20staff%20will%20contribute%20patches%20to%20some%20of%20these%20popular%20open%20source%20projects%20to%20make%20them%20work%2C%20or%20at%20least%20offer%20up%20some%20free%20Azure%20accounts%20to%20open%20source%20for%20testing%20integration.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892586%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892586%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F127030%22%20target%3D%22_blank%22%3E%40Luke%20Page%3C%2FA%3E%26nbsp%3B-%20yes.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F25192%22%20target%3D%22_blank%22%3E%40%E6%98%87%20%E8%B0%B7%E6%9D%91%3C%2FA%3E%26nbsp%3B-%20client%20apps%20are%20adding%20OAuth%20support%20to%20IMAP.%20I%20know%20of%20at%20least%20one.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F376676%22%20target%3D%22_blank%22%3E%40rajeev_Kap%3C%2FA%3E%26nbsp%3B-%20server%20apps%20really%20need%20to%20move%20to%20Graph%20and%20OAuth%20-%20not%20IMAP.%20Graph%20gives%20those%20apps%20all%20they%20need%20in%20terms%20of%20access%20to%20mailboxes.%20App%20passwords%20are%20Basic%20Auth%2C%20still%20subject%20to%20all%20the%20same%20issues%20Basic%20Auth%20is.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F414309%22%20target%3D%22_blank%22%3E%40Jason_Gunthorpe%3C%2FA%3E%26nbsp%3BGraph%20is%20the%20path%2C%20and%20work%20is%20underway%20to%20help%20app%20developers%20understand%20how%20to%20integrate%20Graph%20and%20OAuth%20into%20apps.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdeveloper.microsoft.com%2Fen-us%2Fgraph%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892603%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892603%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E-%20Can%20you%20comment%20on%20whether%20Samsung%20has%20committed%20to%20upgrading%20their%20native%20Contacts%2C%20Calendar%2C%20and%20Email%20apps%20for%20Android%20Pie%20and%20above%2C%20to%20conform%20with%20this%20Microsoft%20initiative%20by%20the%20October%202020%20deadline%3F%26nbsp%3B%20If%20you%20don't%20know%2C%20do%20you%20have%20a%20Samsung%20resource%20that%20you%20can%20tap%20to%20try%20and%20find%20out%3F%26nbsp%3B%20You%20may%20be%20aware%20that%20Microsoft%20CEO%20Nadella%20participated%20in%20Samsung's%20unpacked%20event%20in%20August%2C%20and%20announced%20a%20strong%20integration%20initiative%20between%20the%20two%20companies%20going%20forward.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20previously%20replied%20to%20my%20question%20about%20robust%20two-way%20contact%20sync%20between%20O365%2FPeople%20and%20Android%20Outlook%20App%20with%20the%20following%3A%26nbsp%3B%20%22What%20you%20are%20asking%20for%20should%20already%20work%20in%20Android.%20Sync%20of%20contacts%20from%20your%20mailbox%2C%20to%20Outlook%20on%20your%20device%2C%20to%20your%20local%20contacts%20store%20-%20and%20vice%20versa.%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20been%20testing%20since%20your%20reply%20and%20have%20found%20many%20anomalies.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892612%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892612%22%20slang%3D%22en-US%22%3E%3CP%3EI%20can't%20comment%20on%20their%20timeline%20but%20I%20can%20tell%20you%20our%20dev%20teams%20are%20working%20together.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-892915%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-892915%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20to%20let%20you%20know%20ive%20spoken%20with%20support%20and%20their%20response%20is%20to%20use%20CBA%20(with%20or%20without%20ADFS)%20to%20continue%20with%20EAS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-893387%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-893387%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F89845%22%20target%3D%22_blank%22%3E%40Gary%20Smith%3C%2FA%3E%26nbsp%3B-%20it's%20an%20option%20for%20that%20that%20are%20happy%20with%20the%20requirements%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FCertificate-Based-Authentication-CBA-for-Exchange-Online%2Fba-p%2F605173%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FCertificate-Based-Authentication-CBA-for-Exchange-Online%2Fba-p%2F605173%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThere%20are%20EAS%20based%20apps%20out%20there%20that%20already%20support%20OAuth.%20The%20native%20iOS%20mail%20app%20for%20example%20has%20supported%20OAuth%20for%20a%20long%20time.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908018%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908018%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B-%20Firstly%2C%20this%20is%20awesome%20news%2C%20the%20line%20in%20the%20sand%20approach%20is%20what's%20needed.%20-%20my%20only%20question%20is%20the%20support%20for%20OAuth%20in%20IMAP%2C%20do%20we%20have%20a%20rough%20timeline%3F%20-%20I%20can't%20see%20anything%20on%20the%20O365%20Roadmap%20for%20it.%20We%20would%20be%20MORE%20than%20happy%20to%20be%20a%20test%20tenant%20for%20you%2C%20we%20are%20a%20100k%2B%20mbx%20tenant%20in%20a%20HE%20environment%20with%20lots%20of%20IMAP%20usage%20from%20our%20Linux%20community%2C%20so%20this%20is%20big%20for%20us.%20-%20PM%20Me%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20in%20advance!%20keep%20it%20up%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908613%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908613%22%20slang%3D%22en-US%22%3E%3CP%3ERough%20timeline%20is%20'soon'%2C%20sorry%20to%20be%20vague.%20We're%20working%20on%20it.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-908662%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-908662%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDudes%2C%20as%20long%20as%20it's%20on%20your%20radar%20and%20you're%20working%20on%20it%2C%20we're%20good.%3C%2FP%3E%3CP%3EWe%20know%20how%20priority%20works.%20If%20it's%20coming%20out%20in%20the%20next%20two%20quarters%2C%20we'll%20bow%20to%20you.%3C%2FP%3E%3CP%3EAs%20someone%20else%20mentioned%20before%2C%20maybe%20we%20can%20collaborate%20closer.%20Eat%20own%20dog%20food.%20feel%20free%20to%20use%20%40spartanway.com.au%20as%20ground%20zero%2C%20and%20I'm%20going%20to%20pitch%20to%20larger%20orgs%20for%20volunteering%20(20k%20and%20120k%20seats).%3C%2FP%3E%3CP%3EAs%20long%20as%20there's%20a%20big%20switch%20lever%20that%20can%20be%20pulled%20to%20revert%20to%20prior%20state.%3C%2FP%3E%3CP%3ELet's%20do%20this%2C%20Greg!%20Exciting!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-910956%22%20slang%3D%22es-ES%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910956%22%20slang%3D%22es-ES%22%3E%3CP%3EHow%20can%20I%20renew%20%3CSPAN%3EOffice%20365%20E3%20Developer%20from%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CDIV%20class%3D%22o365cs-mfp-personaView%22%3E%3CDIV%20class%3D%22o365cs-mfp-personaDetails%22%3E%3CSPAN%20class%3D%22o365cs-mfp-userEmail%20o365cs-segoeRegular%20o365cs-display-Block%20o365cs-me-bidi%20ms-fcl-ns%22%3Eonmicrosoft.com%3F%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22o365cs-mfp-linklist%20o365cs-segoeRegular%20o365cs-text-align-left%22%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-910957%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-910957%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F425082%22%20target%3D%22_blank%22%3E%40elvismedina%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20checked%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice%2Fdeveloper-program%2Foffice-365-developer-program-faq%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice%2Fdeveloper-program%2Foffice-365-developer-program-faq%3C%2FA%3E%3C%2FP%3E%3CP%3E%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-914589%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-914589%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BI%20read%20your%20response%20to%20automation%20%22%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F413417%22%20target%3D%22_blank%22%3E%40bhoobalan%3C%2FA%3E%3CSPAN%3E%26nbsp%3B-%20we%20are%20working%20on%20a%20solution%20for%20scripts%2Fautomation.%22%20I%20honestly%20don't%20understand%20how%20MS%20can%20announce%20a%20change%20like%20this%20and%20not%20think%20about%20backend%20automation.%20For%20us%2C%20we%20have%20an%20entire%20automated%20shared%20mailbox%20provisioning%20setup%20that%20requires%20exchange%20access.%20It%20all%20runs%20inside%20of%20Azure%20automation%20so%20automation%20via%20SPNs%20is%20a%20must%2C%20but%20then%20if%20it%20becomes%20Azure%20only%20this%20comes%20into%20vendor%20lockin.%20We%20still%20would%20like%20to%20be%20able%20to%20expand%20into%20AWS%20with%20automation%20to%20exchange%20where%20necessary.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EWhile%20I%20agree%20that%20IMAP%20and%20POP%20should%20go%20away%2C%20there%20definitely%20are%20use%20cases%20like%20mentioned%20above%20where%20Jira%20or%20Service%20Now%20checks%20a%20mailbox%20via%20IMAP%2C%20and%20they%20will%20never%20move%20to%20support%20OAuth.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-915583%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-915583%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F277369%22%20target%3D%22_blank%22%3E%40wesleykirklandmb%3C%2FA%3E%26nbsp%3B-%20Actually%20I%20think%20they%20probably%20will%20if%20they%20want%20to%20keep%20interacting%20with%20Exchange%20Online.%20Graph%20and%20OAuth%20is%20what%20they%20should%20be%20using%2C%20not%20IMAP%20%2B%20OAuth.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-916164%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-916164%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20understand%20that%20Graph%20is%20the%20ideal%20approach%20and%20like%20the%20graph%20api%2C%20but%20for%20folks%20with%20a%20lot%20of%20code%20that%20uses%20EWS%20it%20is%20easier%20said%20than%20done%20to%20migrate%20that%20code%20to%20Graph.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20EWS%20support%20the%20OAuth2.0%20client%20credential%20grant%20type%3F%26nbsp%3B%20I'd%20like%20to%20access%20EWS%20%3CSTRONG%3Ewithout%3C%2FSTRONG%3E%20a%20user%20context.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918262%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918262%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20mentioned%20that%20you%20will%20soon%20be%20offering%20a%20tool%20where%20we%20can%20find%20what%20accounts%20are%20using%20basic%20authentication%20(POP3%2C%20IMAP).%26nbsp%3B%20Is%20that%20tool%20available%20now%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918277%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918277%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20we%20know%20what%20the%20legacy%20protocols%20will%20be%20using%20legacy%20auth%2C%20so%20perhaps%20thia%20might%20help%20you%20canvas%20the%20landscape%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fadmin%2Factivity-reports%2Femail-apps-usage%3Fview%3Do365-worldwide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fadmin%2Factivity-reports%2Femail-apps-usage%3Fview%3Do365-worldwide%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918284%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918284%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20looking%20for%20a%20tool%20that%20will%20work%20with%20Exchange%202013%20on%20prem.%26nbsp%3B%20We%20are%20in%20the%20slow%20process%20of%20migrating%20to%20the%20cloud.%26nbsp%3B%20During%20this%20process%20we%20want%20to%20identify%20who%20is%20using%20basic%20auth%20and%20move%20them%20to%20a%20different%20client%20or%20different%20solution.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918308%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918308%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20this%20set-up%20enabled%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAnnouncing-Hybrid-Modern-Authentication-for-Exchange-On-Premises%2Fba-p%2F607476%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAnnouncing-Hybrid-Modern-Authentication-for-Exchange-On-Premises%2Fba-p%2F607476%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20have%20protocol%20logging%20enabled%3F%20Can%20probably%20use%20log%20analyser%20gui%20ver%20to%20see%20your%20starts%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-918387%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-918387%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%20we%20do%20have%20HMA%20enabled%20in%20our%20environment.%26nbsp%3B%20We%20do%20have%20logging%20turned%20on%20for%20most%20of%20our%20receive%20and%20send%20connectors.%26nbsp%3B%20Not%20sure%20how%20to%20review%20these%20logs%20to%20provide%20POP3%20and%20IMAP%20traffic...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927609%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927609%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F295%22%20target%3D%22_blank%22%3E%40Ryan%20Steeno%3C%2FA%3E%26nbsp%3B-%20It%20is%20possible%20yes.%26nbsp%3BThere%E2%80%99s%20a%20permission%20scope%20called%20full_access_as_app%20available.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20819px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F139495i0C7B62C246AE959D%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22full_access_as_app.png%22%20title%3D%22full_access_as_app.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927833%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927833%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%26nbsp%3B%20There%20should%20be%20client%20-type%20reports%20in%20365%20as%20well%20as%20PowerShell%20in%20the%20PowerShell%20gallery.%3C%2FP%3E%3CP%3ELet%20me%20know%20if%20you%20cannot%20find%20them.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927925%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927925%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20I%20do%20see%20in%20portal.office.com%20under%20reports%20there%20is%20a%20%22email%20usage%20by%20app%22%20report.%26nbsp%3B%20That%20is%20great%20and%20all%2C%20but%20that%20only%20shows%20our%20migrated%20cloud%20users.%26nbsp%3B%20I%20want%20to%20see%20who%20is%20using%20basic%20authentication%20for%20all%20the%20on%20prem%20mailboxes%2C%20which%20is%20still%2099.9%20percent%20of%20our%20organization.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%20Mentioned%20in%20the%20original%20post%20this%20%22%3C%2FP%3E%3CH4%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-742843000%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%20id%3D%22toc-hId-1428072543%22%3EFinding%20impacted%20users%3C%2FH4%3E%3CP%3EThe%20next%20action%20you%20really%20need%20to%20be%20thinking%20about%20is%20assessing%20client%20impact.%20The%20first%20question%20you%20probably%20have%20is%20%E2%80%93%20so%20how%20do%20I%20know%20who%E2%80%99s%20using%20Basic%20Authentication%20in%20my%20tenant%3F%20Great%20question%2C%20%3CFONT%20color%3D%22%23FF6600%22%3Eand%20soon%20we%E2%80%99ll%20make%20a%20new%20tool%20available%20to%20help%20you%20easily%20answer%20that%20question%20for%20yourself%3C%2FFONT%3E.%20It%E2%80%99s%20a%20tool%20that%20provides%20tenant%20admins%20with%20a%20simple%20way%20to%20determine%20who%20is%20using%20Basic%20Auth%20so%20you%2C%20the%20admin%2C%20can%20see%20how%20large%20of%20a%20task%20you%20have%20on%20your%20hands.%3C%2FP%3E%3CP%3EOnce%20you%20understand%20what%20your%20users%20use%2C%20and%20know%20if%20they%20are%20using%20Basic%20or%20Modern%20Authentication%2C%20what%20can%20you%20do%20about%20it%3F%20Each%20of%20the%20impacted%20protocols%20have%20options.%26nbsp%3B%20%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhere%20is%20this%20new%20tool%3F%26nbsp%3B%20Need%20to%20find%20basic%20authentication%20on%20prem%20users.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH1%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--1219773446%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%20id%3D%22toc-hId--534543903%22%3E%3CFONT%20size%3D%223%22%3EGet-ConnectionByClientTypeDetailReport%3C%2FFONT%3E%3C%2FH1%3E%3CDIV%20class%3D%22metadata%22%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%20class%3D%22summaryHolder%22%3E%3CDIV%20class%3D%22summary%22%3EThis%20cmdlet%20was%20deprecated%20in%20January%2C%202018%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927970%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927970%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%3C%2FP%3E%3CP%3EI%20don't%20know%20your%20topology%20or%20versions.%3C%2FP%3E%3CP%3EDo%20you%20also%20have%20this%20enabled%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fconfigure-protocol-logging-for-pop3-and-imap4-exchange-2013-help%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Fconfigure-protocol-logging-for-pop3-and-imap4-exchange-2013-help%3C%2FA%3E%3C%2FP%3E%3CP%3EBasic%20authentication%20is%20anything%20that%20doesn't%20support%20ADAL.%20I%20don't%20know%20where%20that%20magic%20tool%20is%2C%20possibly%20MSFT%20can%20answer.%3C%2FP%3E%3CP%3EI'm%20trying%20to%20understand%20what%20are%20you%20after%20-%20finding%20SMTP%2FPOP3%2FIMAP%20usage%20for%20your%20on%20prem%20CAS%20endpoints%2C%20or%20finding%20clients%20that%20do%20not%20support%20modern%20authentication%20(%20for%20example%2C%20older%20versions%20of%20MS%20Office%20do%20not)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-927983%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-927983%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3BThanks%20again%20for%20you%20reply.%26nbsp%3B%20I%20would%20like%20to%20know%20what%20mailbox%20accounts%20are%20using%20the%20POP3%20and%20IMAP%20protocol.%26nbsp%3B%20This%20way%20I%20can%20contact%20the%20appropriate%20departments%2Fend%20users%2C%20and%20move%20them%20on%20to%20a%20modern%20authentication%20application.%26nbsp%3B%20What%20I%20suspect%20is%20many%20of%20the%20accounts%20using%20basic%20authentication%20do%20so%20for%20some%20form%20of%20service%20account.%26nbsp%3B%20Need%20to%20find%20the%20accounts%20nonetheless.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-928029%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-928029%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAgain%2C%20without%20knowing%20more%20about%20your%20topology%20and%20versions%2C%20if%20I%20were%20faced%20myself%20with%20this%20challenge%20I%20would%3A%3C%2FP%3E%3CP%3E1.%20enable%20enough%20logging%20in%20my%20Exchange%20deoplyment%20on%20prem%20so%20I%20can%20lift%20for%20analysy%26nbsp%3B%20pop3%2Fimap%2Fsmtp%20(btw%2C%20ActiveSync%20is%20also%20a%20legacy%20protocol%20as%20far%20as%20I%20know)%3C%2FP%3E%3CP%3E2.%20Use%20something%20like%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FLog-Parser-Studio-2-0-is-now-available%2Fba-p%2F593266%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FLog-Parser-Studio-2-0-is-now-available%2Fba-p%2F593266%3C%2FA%3E%20%26nbsp%3Bto%20anaylise%20them%20(%20I%20would%20go%20for%201%20month%20logs)%3C%2FP%3E%3CP%3E3.%20Would%20determine%20how%20many%20of%20my%20users%20are%20currently%20on%20non-adal%20versions%20of%20office%2C%20just%20in%20case.%3C%2FP%3E%3CP%3EI'm%20sure%20that%20all%20the%20brilliant%20minds%20roaming%20this%20forum%20might%20have%20different%20alternatives%2C%20this%20is%20just%20my%20view.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20used%20this%20method%20before%20myself%20to%20determine%20usage%20and%20then%20restrict%20the%20tenancy%20(fully%20disable%20legacy%20protocols%20on%20a%20per%20user%20basis)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-928187%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-928187%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20seen%20that%20but%20that%20grants%20access%20to%20all%20mailboxes%20and%20I%20can't%20find%20a%20method%20to%20restrict%20to%20a%20single%20mailbox.%26nbsp%3B%20The%20use%20case%20is%20we%20have%20multiple%20app%20teams%20that%20have%20integrations%20with%20mailboxes%20and%20they%20currently%20user%20EWS%20with%20Basic%20Auth.%26nbsp%3B%20I've%20read%20that%20the%20EXO%20Access%20Restrictions%20do%20not%20apply%20to%20EWS%2C%20only%20the%20Graph%20API.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20guess%20we%20will%20be%20encouraging%20our%20developers%20to%20migrate%20to%20Graph%20vs.%20continuing%20to%20use%20EWS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20other%20gap%20we%20still%20see%20is%20around%20EXO%20PowerShell.%26nbsp%3B%20We%20have%20batch%20scripts%20that%20are%20using%20basic%20auth%20to%20connect.%26nbsp%3B%20I%20know%20that%20EXO%20PowerShell%20supports%20MFA%20via%20the%20OAuth2.0%20Authorization%20Code%20grant%20type%2C%20but%20that%20sub-optimal%20for%20batch%20jobs.%26nbsp%3B%20Will%20there%20be%20support%20for%20using%20a%20Service%20Principal%20and%20OAuth2.0%20client%20credential%20grant%20type%20to%20connect%20to%20EXO%20PowerShell%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-928210%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-928210%22%20slang%3D%22en-US%22%3E%3CP%3EGraph%20is%20the%20right%20direction%20that's%20for%20sure.%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FScoping-Microsoft-Graph-application-permissions-to-specific%2Fba-p%2F671881%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FScoping-Microsoft-Graph-application-permissions-to-specific%2Fba-p%2F671881%3C%2FA%3E%26nbsp%3Bfor%20example.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20also%20working%20on%20the%20batch%20job%20problem.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-928258%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-928258%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20Great.%26nbsp%3B%20Thanks%20for%20the%20information%2C%20much%20appreciated!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-805892%22%20slang%3D%22en-US%22%3EImproving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-805892%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20many%20years%2C%20client%20apps%20have%20used%20Basic%20Authentication%20to%20connect%20to%20servers%2C%20services%20and%20endpoints.%20It%20is%20enabled%20by%20default%20on%20most%20servers%20and%20services%20and%20it%E2%80%99s%20super%20simple%20to%20set%20up.%20Basic%20Authentication%20simply%20means%20the%20application%20sends%20a%20username%20and%20password%20with%20every%20request%20(often%20stored%20or%20saved%20on%20the%20device).%3C%2FP%3E%3CP%3ESimplicity%20isn%E2%80%99t%20at%20all%20bad%20in%20itself%2C%20but%20Basic%20Authentication%20makes%20it%20easier%20for%20attackers%20armed%20with%20today%E2%80%99s%20tools%20and%20methods%20to%20capture%20users%E2%80%99%20credentials%20(particularly%20if%20not%20TLS%20protected)%2C%20which%20in%20turn%20increases%20the%20risk%20of%20credential%20re-use%20against%20other%20endpoints%20or%20services.%20Multi-factor%20authentication%20(MFA)%20isn%E2%80%99t%20easy%20to%20enable%20when%20you%20are%20using%20Basic%20Authentication%20and%20so%20all%20too%20often%20it%20isn%E2%80%99t%20used.%3C%2FP%3E%3CP%3ESimply%20put%2C%20there%20are%20better%20and%20more%20effective%20alternatives%20to%20authenticate%20users%20available%20today%2C%20and%20we%20are%20actively%20recommending%20to%20customers%20to%20adopt%20security%20strategies%20such%20as%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2018%2F06%2F14%2Fbuilding-zero-trust-networks-with-microsoft-365%2F%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EZero%20Trust%3C%2FA%3E%20(i.e.%20Trust%20but%20Verify)%20or%20apply%20real%20time%20assessment%20policies%20when%20users%20and%20devices%20are%20accessing%20corporate%20information.%20This%20allows%20for%20intelligent%20decisions%20to%20be%20made%20about%20who%20is%20trying%20to%20access%20what%20from%20where%20on%20which%20device%20rather%20than%20simply%20trusting%20an%20authentication%20credential%20which%20could%20be%20a%20Bad%20Actor%20impersonating%20a%20user.%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20these%20threats%20and%20risks%20in%20mind%2C%20we%E2%80%99re%20taking%20steps%20to%20improve%20data%20security%20in%20Exchange%20Online.%3C%2FP%3EWhat%20We%E2%80%99re%20Changing%3CP%3ELast%20year%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FUpcoming-changes-to-Exchange-Web-Services-EWS-API-for-Office-365%2Fba-p%2F608055%22%20target%3D%22_blank%22%3Ewe%20announced%3C%2FA%3E%20we%20are%20turning%20off%20Basic%20Authentication%20for%20Exchange%20Web%20Services%20on%20October%2013%2C%202020.%20Today%2C%20we%20are%20announcing%20we%20are%20also%20turning%20off%20Basic%20Authentication%20in%20Exchange%20Online%20for%20Exchange%20ActiveSync%20(EAS)%2C%20POP%2C%20IMAP%20and%20Remote%20PowerShell%20at%20the%20same%20time%20%E2%80%93%20October%2013%2C%202020.%3C%2FP%3E%3CP%3EWe%20want%20your%20help%20in%20getting%20users%20to%20move%20away%20from%20apps%20that%20use%20Basic%20Authentication%2C%20to%20apps%20that%20use%20Modern%20Authentication.%20Modern%20Authentication%20(which%20is%20OAuth%202.0%20token%20based%20auth)%20has%20many%20benefits%20and%20improvements%20that%20help%20mitigate%20the%20issues%20present%20in%20Basic%20Authentication.%20For%20example%2C%20OAuth%20access%20tokens%20have%20a%20limited%20usable%20lifetime%20and%20are%20specific%20to%20the%20applications%20and%20resources%20they%20are%20issued%20for%20so%20they%20can%E2%80%99t%20be%20re-used.%20Enabling%20and%20enforcing%20MFA%20is%20also%20very%20simple%20with%20Modern%20Auth.%3C%2FP%3E%3CP%3EPlease%20note%20this%20change%20does%20not%20affect%20SMTP%20AUTH%20%E2%80%93%20we%20will%20continue%20supporting%20Basic%20Authentication%20for%20the%20time%20being.%26nbsp%3B%20There%20is%20a%20huge%20number%20of%20devices%20and%20appliances%20that%20use%20SMTP%20for%20sending%20mail%2C%20and%20so%20we%E2%80%99re%20not%20including%20SMTP%20in%20this%20change%20%E2%80%93%20though%20we%20are%20working%20on%20ways%20to%20further%20secure%20SMTP%20AUTH%20and%20we%E2%80%99ll%20share%20more%20on%20that%20in%20due%20course.%20Nor%20does%20this%20change%20affect%20Outlook%20for%20Windows%20or%20Mac%20assuming%20they%20are%20already%20configured%20and%20using%20Modern%20Auth%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fexchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Eand%20they%20really%20should%20be%3C%2FA%3E).%3C%2FP%3EHow%20This%20Impacts%20You%3CP%3EThis%20change%20might%20affect%20some%20of%20your%20users%20or%20apps%2C%20so%20we%20wanted%20to%20provide%20additional%20information%20to%20help%20you%20in%20identifying%20and%20deciding%20upon%20an%20action%20plan.%3C%2FP%3ERemote%20PowerShell%3CP%3EFirstly%2C%20how%20does%20this%20impact%20your%20own%20tenant%20administration%3F%20You%20probably%20use%20Remote%20PowerShell%20(RPS)%20to%20access%20Exchange%20Online%2C%20hopefully%20with%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fpowershell%2Fexchange%2Fexchange-online%2Fconnect-to-exchange-online-powershell%2Fmfa-connect-to-exchange-online-powershell%3Fview%3Dexchange-ps%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EMFA%20module%3C%2FA%3E.%20If%20so%2C%20you%20might%20also%20consider%20switching%20some%20of%20your%20day%20to%20day%20usage%20to%20using%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAzure-Cloud-Shell-Now-Supports-Exchange-Online%2Fba-p%2F652269%22%20target%3D%22_blank%22%3EPowerShell%20within%20Azure%20Cloud%20Shell%3C%2FA%3E.%20We%20are%20also%20making%20significant%20investments%20in%20RPS%20to%20make%20the%20MFA%20module%20work%20better%20and%20we%E2%80%99ll%20be%20sharing%20some%20more%20information%20on%20that%20in%20due%20course.%3C%2FP%3EFinding%20impacted%20users%3CP%3EThe%20next%20action%20you%20really%20need%20to%20be%20thinking%20about%20is%20assessing%20client%20impact.%20The%20first%20question%20you%20probably%20have%20is%20%E2%80%93%20so%20how%20do%20I%20know%20who%E2%80%99s%20using%20Basic%20Authentication%20in%20my%20tenant%3F%20Great%20question%2C%20and%20soon%20we%E2%80%99ll%20make%20a%20new%20tool%20available%20to%20help%20you%20easily%20answer%20that%20question%20for%20yourself.%20It%E2%80%99s%20a%20tool%20that%20provides%20tenant%20admins%20with%20a%20simple%20way%20to%20determine%20who%20is%20using%20Basic%20Auth%20so%20you%2C%20the%20admin%2C%20can%20see%20how%20large%20of%20a%20task%20you%20have%20on%20your%20hands.%3C%2FP%3E%3CP%3EOnce%20you%20understand%20what%20your%20users%20use%2C%20and%20know%20if%20they%20are%20using%20Basic%20or%20Modern%20Authentication%2C%20what%20can%20you%20do%20about%20it%3F%20Each%20of%20the%20impacted%20protocols%20have%20options.%20%26nbsp%3B%3C%2FP%3EPOP%20and%20IMAP%3CP%3ESo%20let%E2%80%99s%20talk%20about%20POP%20and%20IMAP.%20We%20know%20there%E2%80%99s%20still%20some%20usage%20out%20there%2C%20not%20much%2C%20but%20some.%20We%E2%80%99re%20planning%20on%20adding%20OAuth%20support%20to%20both%20POP%20and%20IMAP%20in%20the%20next%20few%20months.%20If%20you%20want%20to%20keep%20using%20these%20protocols%2C%20you%E2%80%99ll%20need%20to%20update%20the%20app%20to%20one%20that%20supports%20Modern%20Auth.%20Or%20better%20yet%20%E2%80%93%20get%20the%20user%20to%20use%20a%20more%20modern%20client%20(did%20you%20know%20we%E2%80%99ve%20added%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Farticle%2FAdd-a-shared-mailbox-to-Outlook-mobile-f866242c-81b2-472e-8776-6c49c5473c9f%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Eshared%20mailbox%20support%3C%2FA%3E%20to%20the%20Outlook%20app%20for%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D32571%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EiOS%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmicrosoft-365%2Froadmap%3Ffeatureid%3D32572%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EAndroid%3C%2FA%3E%3F%20That%E2%80%99s%20one%20reason%20some%20people%20have%20been%20using%20POP%20and%20IMAP)%2C%20or%20get%20the%20application%20developer%20to%20%3CA%20href%3D%22https%3A%2F%2Fdeveloper.microsoft.com%2Fgraph%2Fdocs%2Fconcepts%2Fauth_overview%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Estart%20using%20OAuth%3C%2FA%3E.%3C%2FP%3EExchange%20ActiveSync%3CP%3EThe%20client%20app%20you%20might%20have%20the%20most%20usage%20with%20probably%20uses%20Exchange%20ActiveSync.%20There%20are%20many%20users%20out%20there%20with%20mobile%20devices%20set%20up%20with%20EAS.%20If%20they%20are%20using%20Basic%20Auth%20(and%20many%20of%20them%20are)%2C%20now%E2%80%99s%20the%20time%20to%20do%20something%20about%20that.%20What%20are%20your%20choices%3F%3C%2FP%3E%3CP%3EWithout%20doubt%2C%20we%20believe%20the%20best%20mobile%20device%20client%20to%20use%20when%20connecting%20to%20Exchange%20Online%20is%20%3CA%20href%3D%22https%3A%2F%2Fproducts.office.com%2Fen-us%2Foutlook-mobile-for-android-and-ios%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3EOutlook%20mobile%3C%2FA%3E.%20Trusted%20by%20over%20100M%20users%20across%20the%20world%2C%20Outlook%20mobile%20fully%20integrates%20Microsoft%20Enterprise%20Mobility%20%2B%20Security%20(EMS)%20enabling%20conditional%20access%20and%20app%20protection%20(MAM)%20capabilities.%20Outlook%20mobile%20helps%20you%20secure%20your%20users%20and%20your%20corporate%20data%2C%20and%20it%20natively%20supports%20Modern%20Authentication.%3C%2FP%3E%3CP%3EThere%20are%20of%20course%20other%20email%20apps%20for%20mobile%20devices%20that%20support%20Modern%20Authentication%20too%2C%20so%20that%E2%80%99s%20another%20option.%3C%2FP%3E%3CP%3EFor%20users%20that%20don%E2%80%99t%20want%20an%20app%2C%20or%20for%20users%20that%20have%20a%20device%20for%20which%20there%20is%20no%20app%2C%20they%20could%20switch%20to%20the%20browser%20on%20their%20mobile%20device.%20Outlook%20on%20the%20Web%20is%20used%20by%20millions%20of%20users%20every%20month%2C%20it%E2%80%99s%20feature-rich%20and%20we%20have%20a%20version%20ideal%20for%20mobile%20browsers.%20You%20can%20access%20it%20on%20a%20mobile%20device%20by%20navigating%20to%20%3CA%20href%3D%22https%3A%2F%2Foutlook.office365.com%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Foutlook.office365.com%3C%2FA%3E.%20We%E2%80%99ll%20know%20it%E2%80%99s%20a%20mobile%20device%20you%20are%20using%20so%20we%20have%20a%20special%20experience%20just%20waiting%20for%20you.%20Go%20try%20it.%3C%2FP%3ESummary%3CP%3EWe%20know%20the%20change%20from%20Basic%20Auth%20to%20Modern%20Auth%20will%20potentially%20cause%20some%20disruption.%20For%20some%20users%2C%20any%20time%20they%20have%20to%20do%20something%20different%2C%20it%E2%80%99s%20challenging%20for%20them%2C%20but%20we%20want%20to%20do%20this%20together%20to%20improve%20security%20and%20protect%20your%20data%20and%20your%20users%20data.%20Disabling%20Basic%20Authentication%20and%20requiring%20Modern%20Authentication%20with%20MFA%20is%20one%20of%20the%20best%20things%20you%20can%20do%20to%20improve%20the%20security%20of%20data%20in%20your%20tenant%2C%20and%20that%20has%20to%20be%20a%20good%20thing.%3C%2FP%3E%3CP%3EThe%20last%20thing%20to%20make%20clear%20-%20this%20change%20only%20affects%20Exchange%20Online%2C%20we%20are%20not%20changing%20anything%20in%20the%20Exchange%20Server%20on-premises%20products.%20We%20think%20turning%20off%20Basic%20Auth%20on-premises%20is%20a%20great%20idea%20too%2C%20by%20the%20way%2C%20and%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FDisabling-Legacy-Authentication-in-Exchange-Server-2019%2Fba-p%2F712048%22%20target%3D%22_blank%22%3Ehere%E2%80%99s%3C%2FA%3E%20something%20we%20published%20recently%20on%20that%20subject.%3C%2FP%3E%3CP%3EWe%20know%20this%20is%20big%20news%20and%20we%E2%80%99re%20here%20to%20help.%20Please%20do%20leave%20us%20comments%20or%20questions%20and%20we%E2%80%99ll%20do%20our%20best%20to%20help.%3C%2FP%3E%3CP%3EThe%20Exchange%20Team%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-805892%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20many%20years%2C%20client%20apps%20have%20used%20Basic%20Authentication%20to%20connect%20to%20servers%2C%20services%20and%20endpoints.%20It%20is%20enabled%20by%20default%20on%20most%20servers%20and%20services%20and%20it%E2%80%99s%20super%20simple%20to%20set%20up.%20Simplicity%20isn%E2%80%99t%20at%20all%20bad%20in%20itself%2C%20but%20Basic%20Authentication%20makes%20it%20easier%20for%20attackers%20to%20capture%20user%E2%80%99s%20credentials%20and%20so%20we%E2%80%99re%20taking%20steps%20to%20improve%20data%20security%20in%20Exchange%20Online.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-805892%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Emobility%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-965495%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-965495%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%20We%20are%20currently%20using%20a%20C%23%20application%20that%20creates%20an%20Exchange%20Online%20Powershell%20session%20(using%20System.Management.Automation).%20Is%20there%20a%20way%20to%20use%20the%20Powershell%20MFA%20module%20with%20this%20approach.%20I%20only%20was%20able%20to%20launch%20that%20module%20as%20described%20on%20the%20linked%20page%20(using%20MS%20Edge).%20Switching%20to%20graph%20is%20unfortunately%20not%20an%20option.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-977661%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-977661%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20selling%20point%20for%20Exchange%2C%20and%20more%20recently%20O365%2C%20the%20one%20thing%20that%20made%20it%20stand%20out%20-%20it%20had%20an%20incredibly%20rich%20feature%20set%20and%20integration%20with%20the%20native%20tools%2C%20yet%20also%20worked%20with%20anything%20you%20threw%20at%20it.%26nbsp%3B%3CBR%20%2F%3EYou%20could%20have%20a%20core%20user%20set%20on%20Windows%2BOffice%2C%20with%20some%20Mac%20users%2C%20some%20linux%20users%2C%20some%20phone%20users%2C%20and%20some%20appliances%20and%20business%20applications%20all%20talking%20to%20the%20same%20mailboxes%2C%20with%20pretty%20darn%20good%20feature%20mapping%20across%20protocols.%3CBR%20%2F%3ESo%20many%20other%20products%20had%20rich%20feature%20sets%20but%20only%20worked%20properly%20with%20their%20proprietary%20tools%2C%20or%20they%20had%20barebones%20functionality%20but%20worked%20with%20standard%20tools%2C%20needing%20so%20much%20work%20to%20stitch%20together%20with%20other%20products%20to%20make%20a%20complete%20solution.%3CBR%20%2F%3EOnce%20this%20change%20kicks%20in%2C%20that's%20no%20longer%20true.%3CBR%20%2F%3EIt%20shouldn't%20be%20Microsoft's%20place%20to%20mandate%20security%20practices%20to%20organizations.%20Advise%2C%20default%2C%20persuade%2C%20sure%20-%20but%20not%20mandate.%20Microsoft's%20job%2C%20in%20O365%20and%20in%20Exchange%2C%20is%20to%20give%20customers%20the%20flexibility%20and%20choice%20to%20run%20their%20own%20IT%20the%20way%20they%20need%20to.%3CBR%20%2F%3EFrankly%2C%20the%20Outlook%20android%20app%20is%20a%20bolt-on%20half-baked%20solution.%20It%20does%20not%20suit%20most%20users.%20Being%20an%20aftermarket%20solution%20-%20it%20never%20will%20suit%20most%20users.%3CBR%20%2F%3EThere%20are%20dozens%20of%20tools%20out%20there%20that%20demand%20standards-compliant%20IMAP%2C%20POP3%2C%20etc%20to%20function.%20Exchange%20is%20abandoning%20it%20-%20offering%20instead%20to%20hack%20up%20a%20proprietary%20mess%20of%20IMAP%20plus%20their%20brand%20of%20OATH2.%20A%20mess%20that%20doesn't%20even%20exist%20yet.%20Expecting%20customers%20to%20figure%20out%20how%20to%20change%20software%20they%20don't%20develop%20to%20fit%20-%20software%20that%20may%20not%20even%20have%20the%20option%20of%20custom%20development%20if%20the%20customer%20can%20afford%20it.%3CBR%20%2F%3EThis%20smells%20suspiciously%20similar%20to%20the%20early%20phases%20of%20Google's%20moves%20to%20lock%20down%20their%20platform%20so%20only%20their%20own%20apps%20can%20connect%20to%20the%20system%2C%20so%20they%20can%20gatekeep%20favoured%20developers%20to%20use%20their%20platform.%20Microsoft's%20moves%20here%20look%20very%20similar%20to%20that%20and%20make%20me%20doubt%20the%20future%20reliability%20of%20MS%20as%20an%20open%20platform%20provider.%3CBR%20%2F%3ERemoving%20this%20support%20presents%20a%20fantastic%20argument%20to%20customers%20to%20move%20to%20another%20platform.%20One%20that%20leaves%20choices%20(and%2C%20admittedly%2C%20risks)%20in%20the%20customers'%20hands%2C%20and%20doesn't%20dictate%20from%20on-high%2C%20with%20inadequate%20timeframes%20to%20adjust%20(and%20yes%2C%20one%20year%20is%20actually%20too%20short%20for%20something%20like%20this%20-%20timeframes%20for%20changes%20like%20this%20should%20be%20five%20to%20ten%20years%2C%20and%20only%20implemented%20after%20full%2C%20open%2C%20standardization%20and%20implementation%20is%20complete)%3CBR%20%2F%3EIt's%20situtations%20like%20this%20that%20mean%20I%20have%20no%20choice%20but%20to%20advise%20my%20customers%20that%20Microsoft%20O365%20features%20are%20unreliable%2C%20and%20that%20they%20risk%20significant%20lock-in%20and%20expense%20should%20MS%20decide%2C%20on%20a%20whim%2C%20to%20dictate%20new%20terms%20to%20customers.%26nbsp%3B%3CBR%20%2F%3EA%20quote%20comes%20to%20mind...%20%22I%20am%20altering%20the%20deal.%20Pray%20I%20don't%20alter%20it%20any%20further%22.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004591%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004591%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20currently%20have%20a%203rd%20party%20company%20that%20is%20operating%20a%20software.%20This%20software%20uses%20a%20service%20account%20that%20we've%20given%20App-Impersonation%20RBAC%20role%20against%20a%20very%20narrow%20RBAC%20recipient%20scope%20(just%20a%20few%20mailboxes)%20because%20that%20software%20seriously%20manipulates%20the%20emails%20inside%20those%20mailboxes%20(e.g.%20moving%2C%20deleting%2C%20changing%20subjects%2C%20marking%20as%20read%2Funread%2C%20setting%20flags%2C%20etc.).%20This%20application%20connects%26nbsp%3Bto%20those%20mailboxes%20using%20EWS%20and%20Basic%20Authentication.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBecause%20the%20application%20is%20operated%20by%20a%203rd%20party%2C%20the%20safest%20way%20for%20us%20(the%20exchange%20admins)%26nbsp%3Bto%20ensure%20it%20only%20has%20access%20to%20that%20narrow%20scope%20of%20mailboxes%20was%20to%20use%20RBAC.%3C%2FP%3E%3CP%3EOnce%20the%20Basic%20Auth%20will%20be%20stopped%2C%20the%20software%20will%20have%20to%20use%20the%20OAUTH%20client%20credentials%20flow%20which%20requires%20a%20global%20admin%20grant%20(this%20%3CSTRONG%3Egrants%20read%2Fwrite%20permission%20to%20the%20application%20against%20ALL%20mailboxes%20in%20the%20tenant%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Ethis%20scope%20cannot%20be%20currently%20restricted%20only%20to%20a%20few%20select%20mailboxes%3C%2FSTRONG%3E%20!!!%20).%20This%20means%20that%20the%203rd%20party%20operator%20will%20have%20a%20way%20to%20access%20in%20read%2Fwrite%20mode%20to%20ALL%20our%20mailboxes%20in%20the%20tenant%3CSTRONG%3E%2C%20without%20us%20(the%20exchange%20admins)%20having%20any%20possibility%20to%20restrict%20that%20from%20EXO%20side...%3C%2FSTRONG%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20Microsoft%20considering%20also%20this%20scenario%20when%20proposing%20the%20OAUTH%20client%20credentials%20flow%20as%20a%20replacement%20to%20EWS%2FIMAP%2FPOP%2FAS%20for%20automated%20systems%20(aka%20daemons)%20%3F%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004600%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004600%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F456281%22%20target%3D%22_blank%22%3E%40mipopa%3C%2FA%3E%26nbsp%3BEither%20you%20or%20I%20have%20a%20very%20different%20interpretation%20of%20what%20oAuth%20is.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6749%23section-3.3%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc6749%23section-3.3%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMay%20we%20please%20understand%20where%20the%20GA%20account%20comes%20into%20place%2C%20as%20opposed%20to%20restricted%20impersonation%20(worst%20case%20scenario)%20%3F%3C%2FP%3E%3CP%3EMany%20galery%20apps%20get%20integrated%20with%20ExO%20-%20and%20yes%2C%20while%20for%20the%20initial%20set-up%20GA%20is%20sometimes%20needed%2C%20once%20set-up%2C%20it%20can%20be%20removed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004956%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004956%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3EThanks%20for%20your%20answer.%20According%20to%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-permissions-and-consent%23permission-types%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%20a%20service%20(or%20daemon)%20application%20requires%20%22application%20permissions%22%20which%20are%20given%20through%20a%20%22OAuth%202.0%20client%20credentials%20grant%20flow%22%20(as%20per%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-client-creds-grant-flow%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-client-creds-grant-flow%3C%2FA%3E).%20The%20%22OAuth%202.0%20client%20credentials%20grant%20flow%22%20requires%20a%20global%20admin%20to%20consent%20for%20the%20whole%20tenant.%20According%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-permissions-and-consent%23permission-types%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Esame%20article%20linked%20on%20the%20first%20line%20of%20my%20reply%3C%2FA%3E%2C%3C%2FP%3E%3CBLOCKQUOTE%3E%3CP%3EFor%20application%20permissions%2C%20the%20%3CEM%3Eeffective%20permissions%3C%2FEM%3E%20of%20your%20app%20will%20be%20the%20full%20level%20of%20privileges%20implied%20by%20the%20permission.%20For%20example%2C%20%3CU%3Ean%20app%20that%20has%20the%20%3CEM%3EUser.ReadWrite.All%3C%2FEM%3E%20application%20permission%20can%20update%20the%20profile%20of%20every%20user%20in%20the%20organization%3C%2FU%3E.%3C%2FP%3E%3C%2FBLOCKQUOTE%3E%3CP%3EGoing%20back%20to%20your%20remark%2C%20the%20scopes%20in%20the%20context%20of%20%22application%20permissions%22%20(not%20%22delegated%20permissions%22)%20look%20like%20the%20following%20ones%20(as%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fdevelop%2Fv2-oauth2-client-creds-grant-flow%23application-permissions%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ethis%20article%3C%2FA%3E%20confirms)%3A%3C%2FP%3E%3CUL%3E%3CLI%3ERead%20mail%20in%20all%20mailboxes%3C%2FLI%3E%3CLI%3ERead%20and%20write%20mail%20in%20all%20mailboxes%3C%2FLI%3E%3CLI%3ESend%20mail%20as%20any%20user%3C%2FLI%3E%3CLI%3ERead%20directory%20data%3C%2FLI%3E%3C%2FUL%3E%3CP%3ESo%2C%20my%20question%20to%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%20stays%20the%20same%3A%20%3CSTRONG%3EIs%20Microsoft%20considering%20the%20scenario%20where%20%3C%2FSTRONG%3E%3CSTRONG%3Edaemon%20apps%20that%20previously%20only%20had%20a%20narrow%20RBAC%20recipient%20scope%20for%20the%20EWS%20App-Impersonation%20permissions%2C%20when%20Microsoft%20proposes%20OAuth%202.0%20%22application%20permissions%22%20(with%20%22client%20credentials%20grant%20flow%22)%20as%20replacement%3F%20If%20yes%2C%20what%20should%20be%20right%20setup%20that%20global%20admins%20must%20do%2C%20in%20order%20for%20a%20daemon%20application%20to%20not%20receive%20the%20scope%20e.g.%20%22Read%20and%20write%20mail%20in%20all%20mailboxes%22%2C%20but%20only%20%22Read%20and%20write%20mail%20in%20user's%20mailbox%22%3C%2FSTRONG%3E%20(where%20the%20%3CUSER%3E%20is%20defined%20by%20the%20O365%20admins)%3C%2FUSER%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1005737%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1005737%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F456281%22%20target%3D%22_blank%22%3E%40mipopa%3C%2FA%3E%26nbsp%3B-%26nbsp%3Bthere%E2%80%99s%20a%20feature%20called%20AppAccessPolicy%20that%20we%20released%20early%20this%20year.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fgraph%252Fauth-limit-mailbox-access%26amp%3Bdata%3D02%257C01%257Cgrtaylor%2540microsoft.com%257Cb160e6deda18422d89da08d76835c8e5%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637092452979482713%26amp%3Bsdata%3DczFxai6j3Z3foes%252F69uwzexOOPiOVBquYgd5M6u1%252BYQ%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fgraph%2Fauth-limit-mailbox-access%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1007390%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1007390%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECould%20you%20let%20us%20know%20when%20will%20Oauth2%20support%20for%20IMAP%20be%20added.%20Will%20it%20be%20before%20October%202020%20when%20the%20basic%20auth%20for%20IMAP%20is%20going%20to%20be%20retired.%20This%20will%20help%20in%20coming%20with%20a%20migration%20plan.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1007670%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1007670%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F457365%22%20target%3D%22_blank%22%3E%40balakrishnan1260%3C%2FA%3E%26nbsp%3B-%20it%20will%20be%20before%20October%20for%20sure.%20We're%20aiming%20for%20Q1%202020.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1008048%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1008048%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20for%20the%20quick%20reply.%26nbsp%3B%20If%20there%20is%20any%20way%20by%20which%20we%20can%20get%20an%20early%20access%20like%20a%20beta%20test%20customer%20please%20let%20us%20know.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1019959%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1019959%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20specific%20reason%20why%20all%20my%20Citrix%20Env%20(W2K3%2FOffice%202K10)%20stopped%20working%20yesterday%3F%20(we%20have%20a%20O365%20tenant)%3C%2FP%3E%3CP%3EI%20cannot%20connect%20to%20Outlook%20anymore%2C%20using%20outlook.office365.com.%3C%2FP%3E%3CP%3Ewe%20used%20to%20use%20http%20proxy%20connection%20with%20all%20the%20msstd%20stuff%20and%20co%3C%2FP%3E%3CP%3EHint%201%20%3A%20an%20old%20Win%20XP%20%2B%20Office%202007%20cannot%20connect%20anymore%20too%3C%2FP%3E%3CP%3EHint%202%20%3A%26nbsp%3B%20all%20my%20computers%20above%20Win7%20and%20office%202013%20are%20working%20great.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20not%20expecting%20a%20deprecating%20process%20untill%20at%20least%20mid%202020...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20thoughts%20will%20be%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020180%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020180%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3BHave%20you%20checked%20portal.azure.com%20%26gt%3B%20Azure%20Active%20Directory%20%26gt%3B%20Sign-in%20logs%20and%20see%20if%20sign-ins%20Succeed%20of%20Fail%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020269%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020269%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6201%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3B%20We%20have%20the%20free%20subscription%20to%20Azure%20(%3CSPAN%3EAzure%20AD%20Free)%26nbsp%3B%3C%2FSPAN%3E%20that%20comes%20with%20office%20365%2C%20and%20so%20no%20access%20to%20these%20logs.%3C%2FP%3E%3CP%3EFYI%20%3A%26nbsp%3B%20nothing%20has%20changed%20in%20our%20environment%2C%20even%20on%20Azure%20or%20Citrix%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020393%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020393%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3BEverything%20you%20mentioned%20is%20unsupported%20or%20fully%20unsupported%20soon.%202007%20should%20have%20never%20worked%20but%20MS%20has%20been%20cutting%20legacy%20protocols%20all%20year%20and%20it%20sounds%20like%20you%20got%20hit.%20You're%20going%20to%20have%20to%20upgrade.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020462%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020462%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F277369%22%20target%3D%22_blank%22%3E%40wesleykirklandmb%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20mean%20they%20already%20have%20been%20cutting%20legacy%20protocols%20%3F%3CBR%20%2F%3Ewhat's%20the%20purpose%20of%20this%20if%20they%20annouce%20the%20removal%20for%20Q3%202020%20%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyway%2C%20in%20my%20case%20is%20the%20bottleneck%20the%20TLS%20support%20or%20the%20Basic%2Fanonymous%20authentication%20(i'm%20actually%20trying%20to%20make%20it%20work%20with%20thunderbird%20for%20test%20purpose)%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020529%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020529%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3BThere%20were%20two%20outages%20recently%20-%20one%20was%20affecting%20Exchange%20Online%20mailflow%2C%20the%20other%20sign-ins.%20It's%20likely%20you've%20been%20affected%20by%20one%20of%20those.%20They%20are%20now%20resolved.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020577%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020577%22%20slang%3D%22en-US%22%3E%3CP%3EAlso%2C%20this%20announcement%20is%20for%20Legacy%20Authentication%20(ActiveSync%2C%20POP%2C%20IMAP%20and%20Remote%20PowerShell).%20Outlook%202010%20used%20to%20use%20RPC%20over%20HTTP%20to%20connect%20to%20Exchange%20Online%20but%20that%20was%20removed%2031%20Oct%202017%20and%20replaced%20with%20MAPI%20over%20HTTP%20which%20required%20a%20patch%20for%20Outlook%202010.%20So%20maybe%20there%20has%20been%20a%20late%20change%20even%20though%20it%20was%202%20years%20ago%20since%20they%20announced%20the%20switch%20from%20RPC%20over%20HTTP%20to%20MAPI%20over%20HTTP.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020461%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020461%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3Btip%20is%20to%20sign%20up%20for%20an%20EMS%20trial%20license%20that%20will%20light%20up%20this%20feature.%20Even%20though%20I%20agree%20on%20the%20above%20that%20you%20should%20replace%20Office%202010%20it%20would%20be%20interesting%20to%20see%20what%20the%20logs%20say.%20%26nbsp%3BIt%20might%20be%20that%20Legacy%20Authentication%20is%20starting%20to%20get%20turned%20off%20but%20as%20far%20as%20I%20know%20if%20should%20not%20have%20started%20yet.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1020589%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1020589%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Bhard%20to%20try%20as%20we%20have%20no%20control%20on%20our%20subscription%20and%20have%20to%20go%20through%20our%20CSP%20to%20get%20an%20upgrade.%3C%2FP%3E%3CP%3EDo%20we%20have%20a%20release%20date%20on%20the%20MS%20tool%20%3F%20that%20would%20be%20perfect%20time%20for%20me%20to%20understand%20what's%20wrong%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F277369%22%20target%3D%22_blank%22%3E%40wesleykirklandmb%3C%2FA%3E%26nbsp%3BWe%20are%20not%20going%20to%20upgrade%20our%20Citrix%20as%20we%20are%20getting%20rid%20of%20it%20as%20soon%20as%20our%20ERP%20is%20upgraded.%20but%20it%20may%20still%20last%20~2%20years%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFYI%20%3A%20MAPI%20in%20thunderbird%20works%20on%20Win%20XP%20SP3%20fir%20me%2C%20whereas%20it%20does%20not%20work%20on%20Outlook%202007%2F2010%3C%2FP%3E%3CP%3Eto%20be%20continued%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1023240%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1023240%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHave%20you%20tried%20this%20%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftestconnectivity.microsoft.com%2F%3Ftestid%3DO365Eas%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftestconnectivity.microsoft.com%2F%3Ftestid%3DO365Eas%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1023851%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1023851%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3B%20yes%20and%20it%20says%20it's%20Ok%20with%20warnings%3C%2FP%3E%3CUL%3E%3CLI%3EConnectivity%20Test%20Successful%20with%20Warnings%3C%2FLI%3E%3CLI%3EThe%20Autodiscover%20service%20was%20successfully%20contacted%20using%20the%20HTTP%20redirect%20method.-%20Analyzing%20the%20certificate%20chains%20for%20compatibility%20problems%20with%20versions%20of%20Windows.%3C%2FLI%3E%3CLI%3EPotential%20compatibility%20problems%20were%20identified%20with%20some%20versions%20of%20Windows.%3CBR%20%2F%3EAdditional%20Details%20%3A%26nbsp%3BThe%20Microsoft%20Connectivity%20Analyzer%20can%20only%20validate%20the%20certificate%20chain%20using%20the%20Root%20Certificate%20Update%20functionality%20from%20Windows%20Update.%20Your%20certificate%20may%20not%20be%20trusted%20on%20Windows%20if%20the%20%22Update%20Root%20Certificates%22%20feature%20isn't%20enabled.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%3CLI%3Eroot%20certificate%20are%20updated%20as%20per%20%22add%20remove%20programs%22%20features%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eeven%20the%20test%20outlook%20connectivity%20is%20OK%20with%20same%20warning%20for%20SSL%20from%20root%20certificate%3C%2FP%3E%3CP%3E%3CSPAN%3ETesting%20MAPI%20over%20HTTP%20connectivity%20to%20server%20outlook.office365.com%20and%20RPC%20over%20HTTP%20are%20both%20OK.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EThunderBird%20works%20great%20with%20IMAP%20settings%20on%20both%20XP%20and%20W2K3.%20is%20by%20chance%20the%20Modern%20Auth%20supported%20by%20Thunderbird%20V52%20%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EOutlook%20still%20not%20able%20to%20connect%20to%20exchange%20online...%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1023867%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1023867%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20mention%20you%20use%20a%20proxy%20to%20access%20Office%20365.%20Could%20it%20be%20that%20you%20have%20ACL%20lists%20to%20allow%20only%20certain%20URL%2FIP-ranges%20through%20that%20proxy%20and%20Microsoft%20has%20added%20new%20networks%20and%20those%20have%20not%20been%20added%20to%20the%20rules%20in%20the%20proxy%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1024172%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1024172%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F6201%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3BI%20don't%20use%20a%20specific%20proxy%2C%20i%20just%20set%20it%20up%20in%20outlook%20to%20make%20it%20connect%20over%20HTTP%20in%20the%20%22outlook%20anywhere%22%20section%20of%20the%20%22connection%22%20tab%20in%20the%20mail%20settings%20of%20outlook.%3C%2FP%3E%3CP%3EI%20have%20no%20control%20on%20how%20MS%20proxies%20the%20request%20AFAIK%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnd%20I%20lower%20to%20anonymous%20authentication%20in%20the%20security%20tab%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1025460%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1025460%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3BI%20guess%20i'll%20survive%20like%20this%20until%20MS%20shuts%20down%20an%20other%20legacy%20protocol%20and%20Thunderbird%20becomes%20obsolete%20too.%3C%2FP%3E%3CP%3Ethanks%20anyway%20for%20your%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1024949%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1024949%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20it%20appears%20it's%20your%20client...%3C%2FP%3E%3CP%3EFor%20local%20Thunderbird%2C%20check%20this%20out%3A%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1528136%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1528136%3C%2FA%3E%3C%2FP%3E%3CP%3EHowever%2C%20there's%20a%20host%20of%20other%20potential%20issues%20at%20the%20tenancy%20settings%20level.%3C%2FP%3E%3CP%3EModern%20Auth%20%3D%20oAuth%20in%20this%20case.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1043409%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1043409%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F296171%22%20target%3D%22_blank%22%3E%40Fragobar%3C%2FA%3E%26nbsp%3BI%20got%20some%20more%20information%20for%20you.%20We%20have%20had%20customers%20this%20and%20last%20week%20that%20had%20older%20types%20of%20%22booking%20room%20devices%22%20that%20suddenly%20stopped%20working%20after%20working%20for%20years.%20These%20devices%20were%20pretty%20old%20so%20we%20did%20some%20digging%20and%20their%20support%20told%20us%20we%20needed%20to%20enable%20TLS%201.2%20in%20these%20devices.%20Once%20we%20did%2C%20they%20started%20working%20again.%20This%20could%20probably%20be%20why%20you're%20having%20issues.%3CBR%20%2F%3E%3CBR%20%2F%3EWhat%20makes%20it%20strange%20is%20that%20Microsoft%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Ftroubleshoot%2Fsecurity%2Fprepare-tls-1.2-in-office-365%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Eannounced%3C%2FA%3E%20they%20will%20start%20deprecating%20TLS%201.0%20and%201.1%20as%20of%20%3CSTRONG%3EJune%202020.%26nbsp%3B%3C%2FSTRONG%3EBut%20the%20Exchange%20Team%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FExchange-Team-Blog%2FAn-Update-on-Office-365-Requiring-TLS-1-2%2Fba-p%2F607711%22%20target%3D%22_self%22%3Eblog%20post%3C%2FA%3E%20mentions%20%3CSTRONG%3EOctober%202018%3C%2FSTRONG%3E.%20So%20not%20sure%20which%20and%20what%20is%20correct%20but%20I%20suspect%20that%20Microsoft%20simply%20continues%20to%20slowly%20disable%20TLS%201.0%20and%201.1%20on%20a%20tenant%20by%20tenant%20basis.%20Maybe%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3Bcan%20comment%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20for%20anyone%20-%20TLS%201.0%20and%201.1%20is%20doomed%20-%20get%20off%20it%20ASAP%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1043524%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1043524%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Bthank%20you%20for%20your%20feedback.%3C%2FP%3E%3CP%3Ethe%20weird%20thing%20is%20that%20thunderbird%20is%20working%20on%20my%20W2K3%20R2%20wheread%20outlook%202007%2F2010%20is%20not%20working.%3C%2FP%3E%3CP%3EI%20thought%20TLS%20support%20was%20relying%20on%20OS%20version%2C%20so%20i'm%20wondering%20if%20the%20bottleneck%20was%20at%20this%20point%20the%20%22authentication%22%20used.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055592%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055592%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20-%20any%20news%20on%20when%20this%20tool%20to%20detect%20basic%20auth%20connections%20is%20going%20to%20be%20available%20please%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055616%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055616%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308099%22%20target%3D%22_blank%22%3E%40BigAde%3C%2FA%3E%20-%20here%2C%20we've%20been%20taking%20an%20educated%20guess%20based%20on%20the%20protocols%20used%20stats%20and%20cross%20checked%20with%20config%20manager%20stats.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055743%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055743%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3BThanks%20-%20yes%2C%20are%20doing%20the%20same%2C%20but%20an%20educated%20guess%20is%20still%20just%20a%20guess.%26nbsp%3B%20I%20was%20rather%20hoping%20for%20some%20positive%20news%20on%20the%20proprietary%20tool%20that's%20been%20promised.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055753%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055753%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3B%20fair%20point%20...%20when%20%3F%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308099%22%20target%3D%22_blank%22%3E%40BigAde%3C%2FA%3E%26nbsp%3Bagreed.%20it's%20a%20bit%20of%20a%20pain%20and%20not%20accurate%20atm%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055854%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055854%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20going%20to%20make%20the%20Azure%20AD%20Sign-In%20logs%20available%20for%20all%20admins%2C%20and%20extend%20the%20functionality%20in%20there%20to%20add%20things%20like%20user%20agent%20string.%20I%20had%20hoped%20before%20the%20end%20of%20the%20calendar%20year%2C%20but%20by%20the%20time%20it%20has%20rolled%20out%20it%20might%20be%20the%20first%20half%20of%20Jan.%20That's%20the%20plan%2C%20we'll%20post%20another%20blog%20when%20that%20become%20available.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055872%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055872%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3BThanks.%26nbsp%3B%20That%20can't%20come%20soon%20enough%20for%20us%20because%20we%20have%20an%20awful%20lot%20of%20stuff%20both%20in-house%20written%20and%20commercial%20software%20connecting%20into%20EXO.%20So%20the%20sooner%20we%20can%20identify%20what%20is%20still%20using%20basic%20auth%2C%20the%20better%2C%20as%20it%20can%20take%20developers%20months%20to%20change%2C%20test%20and%20release%20enterprise%20code.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055876%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055876%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308099%22%20target%3D%22_blank%22%3E%40BigAde%3C%2FA%3E%26nbsp%3B%20with%20all%20due%20respect%2C%20you'll%20have%20at%20least%208%20months%20if%20you%20correlate%20the%20timelines%20described%20in%20the%20thread%20...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1055885%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1055885%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%26nbsp%3BMaybe%2C%20and%20in%20theory%20that%20should%20be%20plenty%20of%20time%2C%20I%20just%20know%20how%20release%20dates%20tend%20to%20slip%20and%20how%20long%20it%20takes%20certain%20developers%20to%20change%20code%20especially%20alongside%20other%20(higher)%20priorities.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1056519%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1056519%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308099%22%20target%3D%22_blank%22%3E%40BigAde%3C%2FA%3E%26nbsp%3BThanks%20for%20bringing%20up%20the%20basic%20auth%20detection%20tool!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F324116%22%20target%3D%22_blank%22%3E%40The_Exchange_Team%3C%2FA%3E%26nbsp%3BThe%20Azure%20AD%20sing%20in%20logs%20you%20mention.%26nbsp%3B%20Is%20this%20the%20%22tool%22%3F%26nbsp%3B%20Also%20this%20will%20work%20with%20onprem%20Exchange%202013%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1056619%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1056619%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F428298%22%20target%3D%22_blank%22%3E%40travisalexander%3C%2FA%3E%20-%20yes%2C%20the%20Azure%20AD%20Sign%20in%20logs%20is%20the%20tool%20we're%20making%20widely%20available%20and%20extending.%20It%20will%20not%20work%20against%20on-prem%2C%20but%20then%20this%20announcement%2Fchange%20doesn't%20impact%20on-prem.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1056715%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1056715%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F308099%22%20target%3D%22_blank%22%3E%40BigAde%3C%2FA%3E%26nbsp%3B%20I%20hear%20you%3C%2FP%3E%3CP%3EThe%20standards%20should%20already%20be%20out%20there%2C%20so%20nothing%20preventing%20at%20least%20a%20part%20of%20the%20products%20in%20use%20to%20be%20started%20on%20...%3C%2FP%3E%3CP%3EDon't%20forget%3A%20MS%20is%20also%20coding%2C%20so%20as%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F149115%22%20target%3D%22_blank%22%3E%40Greg%20Taylor%20-%20EXCHANGE%3C%2FA%3E%26nbsp%3B%20mentioned%2C%20they%20held%20hope%20it%20will%20be%20released%20earlier...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065232%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065232%22%20slang%3D%22en-US%22%3E%3CP%3EWhen%20will%20the%20tool%20be%20available%20to%20find%20impacted%20end%20users%3F%26nbsp%3B%20%26nbsp%3BIf%20it%20is%20available%20where%20can%20I%20find%20that%20in%20my%20tenant%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1065774%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065774%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F54954%22%20target%3D%22_blank%22%3E%40Eric%20Sabo%3C%2FA%3E%26nbsp%3BI%20think%20this%20has%20already%20been%20covered%20as%20a%20topic%20%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1085540%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1085540%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20manage%20%2B100K%20users%20tenant%20and%20we%20try%20to%20embrace%20automation%20in%20our%20day%20to%20day%20jobs.%20I%20have%20some%20serious%20questions%20to%20find%20answers%20to%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3EWhat%20are%20the%20ways%20of%20using%20modern%20auth%20non-interactively%3F%20We%20have%20some%20long-running%20scripts%20scheduled%20across%20several%20servers.%20They%20are%20scheduled%20to%20run%20automatically%20without%20an%20engineer%20supervising%20them.%26nbsp%3B%26nbsp%3B%3C%2FLI%3E%3CLI%3EWhat%20do%20we%20do%20to%20the%20hundreds%20of%20automation%20scripts%20(remote%20PowerShell)%20which%20currently%20enjoy%20non-interactive%20connections%20to%20Exchange%2FAAD%2FMSOL%2FSPO%20etc.%3F%3C%2FLI%3E%3CLI%3EWhat%20happens%20to%20the%20printers%2C%20scanners%2C%20MFPs%2C%20applications%2C%20websites%20which%20can't%20use%20modern%20auth%20by%20this%20deadline%3F%26nbsp%3B%3C%2FLI%3E%3CLI%3EWithout%20our%20hands%20on%20the%20said%20'tool'%20to%20%3CEM%3Edetect%3C%2FEM%3E%20users%20currently%20using%20basic%20authentication%2C%20how%20do%20we%20measure%20the%20beast%20we%20got%20to%20wrestle%3F%26nbsp%3B%3C%2FLI%3E%3CLI%3EWhat%20EAS%20versions%20and%20profiles%20already%20work%20on%20modern%20auth%3F%20Does%20native%20email%20on%20Android%20use%20basic%20auth%3F%20Does%20native%20mail%20app%20on%20iOS%20when%20configured%20with%20an%20app%20password%20use%20basic%3F%20What%20do%20we%20do%20for%20older%20devices%20not%20set%20to%20receive%20firmware%20upgrades%3F%20If%20they%20don't%20support%20modern%20auth%2C%20how%20do%20they%20access%20to%20email%3F%20We%20don't%20want%20to%20use%20IMAP%2FPOP%20with%20or%20without%20modern%20auth.%26nbsp%3B%3C%2FLI%3E%3CLI%3EHow%20do%20we%20give%20exceptions%20to%20service%20accounts%3F%20We%E2%80%99d%20like%20some%20service%20accounts%20to%20continue%20using%20basic%20authentication.%20We'd%20like%20to%20rewrite%20the%20scripts%20our%20own%20pace.%20With%20so%20many%20changes%20happening%20in%20M365.%3CBR%20%2F%3E%3CBR%20%2F%3ELastly%2C%20the%20deadline%2C%20%3CSTRONG%3EOctober%202020%3C%2FSTRONG%3E%20does%20not%20seem%20to%20be%20realistic%20for%20tenants%20of%20our%20size.%20We%20need%20more%20time%20if%20we%20have%20to%20change%20how%20M365%20administration%20is%20done.%3C%2FLI%3E%3C%2FOL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1118905%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1118905%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3E%22We%20are%20also%20making%20significant%20investments%20in%20RPS%20to%20make%20the%20MFA%20module%20work%20better%20and%20we%E2%80%99ll%20be%20sharing%20some%20more%20information%20on%20that%20in%20due%20course%22%20-%20does%20this%20mean%20Powershell%20ISE%20will%20stop%20locking%20up%20when%20connected%20using%20the%20MFA-supported%20EXO%20module%3F%20I%20use%20a%20script%20to%20connect%20to%20multiple%20modules%2Fadmin%20centres%20easily%20(given%20how%20often%20we%20have%20to%20switch%20between%20AAD%2FEXO%2FTeams%20etc)%20so%20this%20would%20be%20greatly%20appreciated.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAlso%20i%20assume%20before%20this%20can%20happen%2C%20modern%20auth%20will%20need%20to%20be%20enabled%20for%20Exchange%20on%20all%20tenants.%20I%20understand%20MS%20was%20going%20to%20force%20enable%20this%2C%20when%20is%20this%20being%20rolled%20out%3F%20As%20we%20still%20have%20some%20customers%20without%20it%20enabled%20i%20believe.%20Cheers%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1122482%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1122482%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F326777%22%20target%3D%22_blank%22%3E%40SpartanWaycomau%3C%2FA%3E%20-%20I%20see%20some%20workaround%20reporting%20but%20I%20haven't%20saw%20the%20reporting%20yet.%26nbsp%3B%20%26nbsp%3B%20If%20you%20have%20that%20information%20can%20you%20post%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20our%20Azure%20AD%20-%20security%20-%20Identity%20protection%20-%20they%20do%20now%20have%20a%20report%20called%20Legacy%20Authentication%20-%20is%20this%20what%20they%20created%20for%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20this%20still%20on%20track%20for%20Oct%202020%20%3F%26nbsp%3B%20%26nbsp%3B%20We%20are%20finding%20out%20a%20lot%20of%20vendors%20have%20to%20re-write%20their%20applications%20to%20support%20this%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1105749%22%20slang%3D%22en-US%22%3ERe%3A%20Improving%20Security%20-%20Together%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1105749%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20been%203%2B%20months%20since%20this%20announcement%2C%20and%20still%20no%20comprehensive%20reporting%20tool%20to%20show%20affected%20users.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20lack%20of%20a%20reporting%20tool%2C%20we've%20been%20cobbling%20together%20reports%20in%20Sentinel%2C%20with%20data%20from%20AAD%20Sign-in%20logs%20and%20Exchange%20Mailbox%20Logon%20events%20from%20the%20Office%20audit%20log.%20Outside%20of%20IP%2C%20UPN%20and%20binning%20the%20timestamps%20to%2060sec%2C%20there%20really%20isn't%20good%20way%20to%20correlate%20these%20logs%20together.%20This%20is%20unfortunate%2C%20since%20the%20Exchange%20logon%20events%20have%20far%20more%20detail%20(iOS%20version%20and%20HW%20identifiers)%20from%20the%20ClientInfoString.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAs%20a%20higher%20ed%20institution%2C%20the%20spring%20semester%20is%20our%20best%20chance%20reach%20our%20faculty%20in-person%20to%20remediate%20their%20devices%20before%20summer%20break%2C%20particularly%20with%20a%20deadline%20for%20legacy%20auth%20that%20overlaps%20our%20fall%20back-to-school.%20I%20can't%20stress%20that%20we%20need%20comprehensive%20reporting%20on%20legacy%20auth%2C%20and%20we%20really%20needed%20it%20in%20November.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESentinel%20Queries%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2Fchrisbues%2Fkqlmagic%2Fblob%2Fmaster%2Flegacyauth.kql%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2Fchrisbues%2Fkqlmagic%2Fblob%2Fmaster%2Flegacyauth.kql%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E

For many years, client apps have used Basic Authentication to connect to servers, services and endpoints. It is enabled by default on most servers and services and it’s super simple to set up. Basic Authentication simply means the application sends a username and password with every request (often stored or saved on the device).

Simplicity isn’t at all bad in itself, but Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials (particularly if not TLS protected), which in turn increases the risk of credential re-use against other endpoints or services. Multi-factor authentication (MFA) isn’t easy to enable when you are using Basic Authentication and so all too often it isn’t used.

Simply put, there are better and more effective alternatives to authenticate users available today, and we are actively recommending to customers to adopt security strategies such as Zero Trust (i.e. Trust but Verify) or apply real time assessment policies when users and devices are accessing corporate information. This allows for intelligent decisions to be made about who is trying to access what from where on which device rather than simply trusting an authentication credential which could be a Bad Actor impersonating a user. 

With these threats and risks in mind, we’re taking steps to improve data security in Exchange Online.

What We’re Changing

Last year we announced we are turning off Basic Authentication for Exchange Web Services on October 13, 2020. Today, we are announcing we are also turning off Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP and Remote PowerShell at the same time – October 13, 2020.

We want your help in getting users to move away from apps that use Basic Authentication, to apps that use Modern Authentication. Modern Authentication (which is OAuth 2.0 token based auth) has many benefits and improvements that help mitigate the issues present in Basic Authentication. For example, OAuth access tokens have a limited usable lifetime and are specific to the applications and resources they are issued for so they can’t be re-used. Enabling and enforcing MFA is also very simple with Modern Auth.

Please note this change does not affect SMTP AUTH – we will continue supporting Basic Authentication for the time being.  There is a huge number of devices and appliances that use SMTP for sending mail, and so we’re not including SMTP in this change – though we are working on ways to further secure SMTP AUTH and we’ll share more on that in due course. Nor does this change affect Outlook for Windows or Mac assuming they are already configured and using Modern Auth (and they really should be).

How This Impacts You

This change might affect some of your users or apps, so we wanted to provide additional information to help you in identifying and deciding upon an action plan.

Remote PowerShell

Firstly, how does this impact your own tenant administration? You probably use Remote PowerShell (RPS) to access Exchange Online, hopefully with the MFA module. If so, you might also consider switching some of your day to day usage to using PowerShell within Azure Cloud Shell. We are also making significant investments in RPS to make the MFA module work better and we’ll be sharing some more information on that in due course.

Finding impacted users

The next action you really need to be thinking about is assessing client impact. The first question you probably have is – so how do I know who’s using Basic Authentication in my tenant? Great question, and soon we’ll make a report available to help you easily answer that question for yourself. It’s a report that provides tenant admins with a simple way to determine who is using Basic Auth so you, the admin, can see how large of a task you have on your hands.

Once you understand what your users use, and know if they are using Basic or Modern Authentication, what can you do about it? Each of the impacted protocols have options.  

POP and IMAP

So let’s talk about POP and IMAP. We know there’s still some usage out there, not much, but some. We’re planning on adding OAuth support to both POP and IMAP in the next few months. If you want to keep using these protocols, you’ll need to update the app to one that supports Modern Auth. Or better yet – get the user to use a more modern client (did you know we’ve added shared mailbox support to the Outlook app for iOS and Android? That’s one reason some people have been using POP and IMAP), or get the application developer to start using OAuth.

Exchange ActiveSync

The client app you might have the most usage with probably uses Exchange ActiveSync. There are many users out there with mobile devices set up with EAS. If they are using Basic Auth (and many of them are), now’s the time to do something about that. What are your choices?

Without doubt, we believe the best mobile device client to use when connecting to Exchange Online is Outlook mobile. Trusted by over 100M users across the world, Outlook mobile fully integrates Microsoft Enterprise Mobility + Security (EMS) enabling conditional access and app protection (MAM) capabilities. Outlook mobile helps you secure your users and your corporate data, and it natively supports Modern Authentication.

There are of course other email apps for mobile devices that support Modern Authentication too, so that’s another option.

For users that don’t want an app, or for users that have a device for which there is no app, they could switch to the browser on their mobile device. Outlook on the Web is used by millions of users every month, it’s feature-rich and we have a version ideal for mobile browsers. You can access it on a mobile device by navigating to https://outlook.office365.com. We’ll know it’s a mobile device you are using so we have a special experience just waiting for you. Go try it.

Summary

We know the change from Basic Auth to Modern Auth will potentially cause some disruption. For some users, any time they have to do something different, it’s challenging for them, but we want to do this together to improve security and protect your data and your users data. Disabling Basic Authentication and requiring Modern Authentication with MFA is one of the best things you can do to improve the security of data in your tenant, and that has to be a good thing.

The last thing to make clear - this change only affects Exchange Online, we are not changing anything in the Exchange Server on-premises products. We think turning off Basic Auth on-premises is a great idea too, by the way, and here’s something we published recently on that subject.

We know this is big news and we’re here to help. Please do leave us comments or questions and we’ll do our best to help.

The Exchange Team

130 Comments
Senior Member
Great news! Wish we could have gotten modern auth IMAP sooner though... But surely, isn't it possible to add OAuth2 to SMTP as well?
Occasional Visitor

A bit disappointed at some of these changes to IMAP, particularly since I have yet to run across any non-interactive email program (i.e. for automated systems) that can use OAuth2.  Are there any plans to provide a workaround like per-application passwords, or manually re-enabling basic authentication on a per-account level?

Frequent Contributor

At last! I’ve been looking for a forced move to more secure authentication. A lot of customers will not like this - but it has to be done.

I really hope that by this time you will also have support for using service principals or app based auth so that we still have the possibility of doing automation with Exchange online. 

Senior Member

finally!!! great initiative

At the same time ( or earlier) can we switch OFF pop3 smtp imap and exo PowerShell for newly created users please? (enabled by default currently)

As admins can always switch them ON, on an "as required" basis.

I believe this will have the biggest impact in security in ExO.

 

Regular Visitor

@SpartanWaycomau, you can disable POP3 and IMAP for new mailboxes by default by disabling it on the mailbox plan. 

 

Get-CASMailboxPlan -Filter {ImapEnabled -eq "true" -or PopEnabled -eq "true" } | set-CASMailboxPlan -ImapEnabled $false -PopEnabled $false
Senior Member

@Tony Federer thank you for that.

We've been disabling it in the user provisioning scripts for all our customers tenancies for 18 months....

My point is that it should be disabled by default, which is not.

Microsoft is making leaps and bounds in security, which is very refreshing, as we've been constantly drumming about these issues. Would be good to get this one done as well.

 

Thanks for all the comments so far. 

 

@NeedsCoffee  - we mentioned in the post we have plans for SMTP AUTH - we're working hard on those and will announce more when we're ready. 

@silverts and @Jan Ketil Skanke  - same answer as above. Yes, we have plans. Will announce what when we're ready. Work still to be done. 

@SpartanWaycomau - we agree and while this post is all about October next year we are going to be changing defaults for new customers sooner. We can't easily change something like this for existing customers like you without notice, that's part of our terms of service with you. But we do want new customers secure by default and we are considering turning off Basic for customers we know don't use it. We are also going to be sending tenant admins Message Center posts specific to their own tenant's usage. So look out for that. 

Senior Member

@Greg Taylor - EXCHANGE 

Understand and agree. Awesome you guys are doing this and taking into consideration . We all want both security and reputation being upheld. Thank you for listening and acting.

:thumbs_up:

 

Occasional Visitor

Thanks for this post, @Greg Taylor - EXCHANGE. Do you have any further info on this KB article regarding disconnected mailboxes after enabling modern auth? This could cause us some problems in our organisation where the resolution of recreating the profile could be painful.

Hey @Michael Peebles  - the builds that contain the fix are in the KB, so the best advice is simply to make sure those are the builds you have deployed before enabling MA. 

Occasional Visitor
1. https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Azure-Cloud-Shell-Now-Supports-Exchange-On... says "if you don’t touch the machine for more than 20 minutes (approx.) we will reclaim the session. We anticipate that the current timeout should work for most ad-hoc management scenarios but if you intend to execute long-running scripts then Cloud Shell is not the best tool for the job" How do we overcome this? What is the alternative solution for long-running scripts? 2. Will there be support for App password or Azure AD Application credentials in RPS?
Occasional Visitor

So when will IMAP be included so can use GMail account without having to allow legacy clients

Occasional Visitor

Thank you for the information and update. Have a query with regards to Skype for Business side changes if any (required) with respect to this change, as Lync.exe will interact with EWS/EXO regardless of the user placed over SfB On-Prem or Online if his exchange is Online. Pls let know. 

Frequent Visitor

Hi, I have a query with f1 licence, the people that use this licence will use modern authentication? Or what mechanism will connect to exchange online?

  • Thanks.
New Contributor

Please fix the sync frequency for Outlook for Android first.

https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook-mso_amobile-mso_o365b/set-sync-f...

 

I don't need the mobile Outlook notifications when I am sitting in the office and have the desktop Outlook open.

Occasional Visitor

 

@silverts - yes, absolutely yes. We personally use an automated e-mail fetching system that integrates into our core business, we use IMAP with an app password for it and that breaking will leave us at a standstill, and it's not OUR app so it's not something we can code an update to. Being at the mercy of other app developers to update an (admittedly aging) app, before the deadline. Ouch.

 

@Greg Taylor - EXCHANGE - I know you said there is plans, but just reinforcing the fact that we need to allow an override for this to use an app password on a per-account basis or something, there's lots and lots of uses for IMAP/POP right now using basicauth, not just a little bit. Many businesses may be using an older application that will NOT get an update, and for them an immediate transition to a new app may not be an option for them, yet they've already fully committed to using Exchange Online, so this change effectively breaks their businesses. 

 

New Contributor

We use EAS only.  No access to OWA.

 

Whats the options with EAS with MDM?

Contributor

(did you know we’ve added shared mailbox support to the Outlook app for iOS and Android? That’s one reason some people have been using POP and IMAP)

This hasn't actually hit GA yet and is limited to TestFlight participants only.  There hasn't been any info about what the hold-up is, but hopefully in the next few months we'll see it.  https://www.microsoft.com/en-us/microsoft-365/roadmap?featureid=32571

Occasional Contributor
Will IMAP/POP's implementation of OAuth2 work with SAML-based IdP federation, or will it require ADFS?
Senior Member

While i like this in principal, as a manufacturing company this is going to be very disruptive.  When you have a bunch of physical tools/devices deployed that have very basic configuration options, and each tool costs millions of dollars, its a hard sell to management to get them to replace it.  I would like to second the app password/bypass for specific account approach that some others have already mentioned.

Senior Member

@Eric Watkins @CoryCTI

While I personally accept the argument, with all due respect, this is not solely an Exchange matter, it's an  Identity and Authentication one. I don't think this will happen anytime soon on a per-protocol or per-user basis.

As far as I know, you cannot selectively switch on or off MA at user level, but at the endpoint and organisation.

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-mo...

Contributor

Does this mean that App Passwords will no longer be usable on native Android mail / contacts / calendar app? 

 

If so, please make sure Outlook for Android can do complete, automatic, in the background, two-way sync with our contacts stored on Exchange Online, similar to the way it works with Outlook 2016/2019 for Windows Desktop. 

 

It is vital that we be able to update contacts on our mobile devices and have them sync to the cloud reliably and transparently, and that contacts modified on other mobile or desktop devices update on all devices.

@bhoobalan - we are working on a solution for scripts/automation. 

@anameihavetoenter - Don't understand your question. 

@Venkata_R - Lync client doesn't support Modern Auth afaik, but nor should it be trying to connect to EXO for any users which I assume are homed on-prem. 

@David Abad - F1 users can use OWA (this change has no impact on that), Outlook for iOS/Android and POP/IMAP. Outlook for iOS/Android already support Modern Auth and uses it already, so POP/IMAP are the two to think about - if you want to keep using them then you'll need to find a client that support POP/IMAP with OAuth. 

@CoreyCTI and @Eric Watkins - Sorry, but we're not adding app passwords for IMAP. We're providing 13 months notice of this change, you need to start reaching out to the developers of those apps. 

Gary Smith - there are plenty of solutions in the market - or you could try switch to Outlook mobile - it is a great client. 

@Philip Kluss - good point, thanks. Soon

@Jesse Thompson - it won't depend upon ADFS. 

@Steven Seligman - correct, no more app passwords. OAuth ftw. What you are asking for should already work in Android. Sync of contacts from your mailbox, to Outlook on your device, to your local contacts store - and vice versa.  

Senior Member

@Greg Taylor - EXCHANGE 

Good, solid, firm answer.

Love it. Something needed to be done and looks like you guys are doing it.

I think (and no doubt you ran the numbers in the impact assessment) 99% of organisations are going to be better off thanks to this.

Yes, there will be pain-points, but so has evolution.

 

Occasional Visitor

@Greg Taylor - EXCHANGE  - Thank you for the reply and feedback. We have enabled MA support for SfB online (not directly related to this topic) and also we have implemented ADAL support as described here - https://docs.microsoft.com/en-us/skypeforbusiness/troubleshoot/hybrid-exchange-integration/allowadal..., however, we still see Lync.exe making EXO connects over Basic Auth as reported from the sign-in logs from Azure AD. Requesting to provide insights if there are any specific actions needed to support this cutover at EXO.

Senior Member

@The_Exchange_Team This are great news for optimizing the security of out O365 Tenants. 

@Greg Taylor - EXCHANGE , we have migration scenarios where the EXO IMAP Migration is not suitable and we have to do a similar IMAP Migration Method which is triggered from the customer on-prem service. Are there plans for this kind of o365 migrations to allow legacy IMAP Auth temporarly?

 

Hi, will also PST Export Tool support modern auth prompt with MFA?
Occasional Visitor

@The_Exchange_Team

 

Can you clarify, for those of us with SMTP/IMAP apps today, what can we do right now to begin to test a new configuration and talk to app developers??

 

From what I've seen apps already support OAUTH flows for SMTP/IMAP to support gmail, but no support for O365 is present because MS hasn't enabled any protocols server side.

 

.. and splitting the delivery date of IMAP and SMTP enablement is going to be horrible. I think in practice app makers will wait until MS enables OAUTH on both before doing anything. A split configuration is just an awful user experience. Meaning we will probably only have a few months before the deadline when completed, released, software is available to migrate!! I hope MS can now seriously expedite delivering OAUTH on both protocols.

@Jason_Gunthorpe - we'll have some new on SMTP AUTH soon, so hold on a bit longer for that. We understand you need both, but given OAuth 2.0 and how we use it in O365 is well understood, it should be possible to begin contemplating what this change means, even if it can't be tested today. 

@Petr Vlk - no plans to do that. 

@jakobschaefer - are you referring to an IMAP migration into EXO, pulling from on-prem/somewhere else? I don't think this change impacts that, as the auth flow is in the opposite direction there. EXO is using Basic to authenticate to your remote IMAP target, you aren't using Basic to auth to EXO. I'll check though. 

Occasional Visitor

@Greg Taylor - EXCHANGEcan you at least commit which standard Microsoft will follow in the implementation? Will MS be using Google's AUTH=XOAUTH2 scheme? RFC7628's AUTH=OAUTHBEARER? Something else?

Senior Member

@Greg Taylor - EXCHANGE: For Example: Right now we´re in a migration from a solution which only is accessible via IMAP. Unfortunately there are technical reasons why we can´t use the regular o365 imap migration which pulls the mails via imap to EXO. We have to make use of another tool (IMAPSync) which exports the mail via IMAP (with special settings) and pushs it into exo. In the future, when this security improvement in EXO is implemented, i couldnt use this or similar tools anymore, because IMAP supports no Modern Auth Methods.

Senior Member

@jakobschaefer 

As @Greg Taylor - EXCHANGE  pointed out, it appears that you're reading IMAP from a non ExO system for migration to 365... so not sure how auth changes will impact that, as it will be outbound from ExO auth to an IMAP system, not inbound to ExO

So @Greg Taylor - EXCHANGE, how to exactly export PST from eDiscovery after this enforcement? It downloads ClickOnce app to download results with the basic auth seems. Will it stops works also? If yes, we need some solution to export such data and build the hybrid for that is little bit unfortunately.

 

And other example is the recovery process. eDiscovery running couple of minutes, but Restore-RecoverableItems runs like hours or days to restore the same. 

Senior Member

@SpartanWaycomau , sorry, but no :). I read it from the non EXO via IMAP, "caching" the items, and then i connect to EXO via IMAP again to migrate the items into EXO. This is imapsync https://github.com/imapsync/imapsync it´s a very helpfull tool for handling easy imap migrations. But this is just an example for a IMAP Migration Method.

@Jason_Gunthorpe - we'll tell you as soon as we can.

@jakobschaefer - so you're using a system in the middle, pulling from the source, and pushing to O365? If so, then yes, that app/tool will need to add OAuth support. 

@Petr Vlk - I'll double check and come back. 

Frequent Contributor

@The_Exchange_Team Does this mean that you also will (automatically) switch all old tenants Exchange Online configuration to use Modern Authentication from Basic Authentication? I mean all those tenants created many years ago that defaulted to Basic Authentication and tenant admins who never have bothered to change to Set-OrganizationConfig -OAuth2ClientProfileEnabled $true.

Jonas, we've been doing some of that already, and letting customers know via Message Center posts if their tenant is getting switched. It depends on whether those customers use Federated auth or not. If customers do not (they use just cloud identities or PTA or PHS etc.) then we're switching them. We're not switching those using Fed Auth yet. 

 

It's really important customers make this change, there are a lot of benefits - we're continuing to push for this in various ways. IT Pros like those reading this blog can help, let's get off Basic Auth. 

Frequent Contributor

I agree. I do that for all customers even though they don't see the reason when I have the permissions to do it. But we have some customers who manage their own tenants and have more better things to do (according to them) and it's good to know their tenant will be switched whether they want or not - then I don't have to take that struggle :)

Senior Member

This may be a dumb question but will this affect MAPI??

 

Clarification within this article would be beneficial.

 

 

New Contributor

Can you give a timeframe on the reporting tool for basic auth? We'd like to get ahead of this, and are getting hit with credential harvesting on basic auth endpoints, like ActiveSync.

@Luke_Page - MAPI will not be affected - but that doesn't mean Outlook won't. Outlook uses MAPI and EWS (and OAB and AutoDiscover too of course), so if Outlook is still trying to use Basic then features that use EWS might be impacted. It's very important to get Outlook switched to Modern Auth therefore. 

 

@CHRISTOPHER BUES - as the article said, soon. 

Senior Member

 

@Greg Taylor - EXCHANGE, cheers for that.

 

I'm guessing the case is the same with RPC?

 

 

Senior Member

I understand the importance of security.I agree with that in the future.
But the deadline is not realistic.


So, we strongly request the withdrawal of the deadline.

We are a tenant administrator for 70,000 accounts.
And because it's a university, they allow their own email clients.
We have 2,000 IMAP/POP users.

 

What do you say to end users when there is no email client that can connect to Exchnage Online using OAuth + IMAP?

 

Don't set termination until Exchange Online supports IMAP/POP with OAuth and some popular email clients support it!

Senior Member

@昇 谷村 

How many security incidents related to this weak authentication is your SOC or OPS team dealing with please?

If anything (not calculating the data and further identity theft actions), think about the expense of effort.

Someone older and wiser once taught me: risk=cost.

Some people like us, security and forensics, would love to keep the status quo, but we observe a code of conduct to do what is right. I suggest you start educating your users now. There's plenty of time.

I got some tenancy of 120,000 . Rule them before they rule you.

RC

Occasional Visitor

I understand we should push app vendors to support OAuth, but like many people I have apps which use IMAP for mail flow.  JIRA is a good example, it is unlikely this will support Ouath.  What about printing devices which may not have firmware updates?  

 

Not having application/imap specific passwords is a significant limitation.  What is the logic behind that? Is it the implementation effort or is there real world data on the abuse of application specific passwords.  While there is risk of misuse/theft, most things are a trade off between security and usability.  Not having basic auth/app password support improves security, but I now I cannot use O365 mailboxes with a lot of systems.  Where an application vendor cannot update to support Oauth it means I need to setup an internal mail server, which seems a step backwards.  

 

"Sorry, but we're not adding app passwords for IMAP. We're providing 13 months notice of this change, you need to start reaching out to the developers of those apps. '     Given the impact of this change on your customers, it would be nice to have bit detail on why no app passwords.  13 months is not a long time in development cycles.

 

 

 

 

 

Occasional Visitor

@rajeev_Kap, from what I have been able to understand it looks like Microsoft expects a server application like Jira to use the OAUTH client credentials grant using an app password to get the OAUTH token. (see here https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow). This seems to have a nicer enrollment and security flow in general, but is a big disruption.

 

It is also fairly unclear how this should be setup to allow the daemon/server account to access a mail box.

 

We really need some migration documentation from MS for common use cases, ie  a Jira server that needs to ingest and send email is a good use case to describe.

 

I also hope MS staff will contribute patches to some of these popular open source projects to make them work, or at least offer up some free Azure accounts to open source for testing integration.

@Luke Page - yes. 

@昇 谷村 - client apps are adding OAuth support to IMAP. I know of at least one. 

@rajeev_Kap - server apps really need to move to Graph and OAuth - not IMAP. Graph gives those apps all they need in terms of access to mailboxes. App passwords are Basic Auth, still subject to all the same issues Basic Auth is. 

@Jason_Gunthorpe Graph is the path, and work is underway to help app developers understand how to integrate Graph and OAuth into apps. 

 

https://developer.microsoft.com/en-us/graph/ 

 

Contributor

@Greg Taylor - EXCHANGE- Can you comment on whether Samsung has committed to upgrading their native Contacts, Calendar, and Email apps for Android Pie and above, to conform with this Microsoft initiative by the October 2020 deadline?  If you don't know, do you have a Samsung resource that you can tap to try and find out?  You may be aware that Microsoft CEO Nadella participated in Samsung's unpacked event in August, and announced a strong integration initiative between the two companies going forward.

 

You previously replied to my question about robust two-way contact sync between O365/People and Android Outlook App with the following:  "What you are asking for should already work in Android. Sync of contacts from your mailbox, to Outlook on your device, to your local contacts store - and vice versa. "

 

I've been testing since your reply and have found many anomalies.

 

Thank you.

I can't comment on their timeline but I can tell you our dev teams are working together.