Basic Authentication will end on October so I decided to make a guide on how to handle it

Brass Contributor

Basic Authentication which doesn't allow for MFA enforcement will be disabled on October 2022, this means smtp, pop,imap and Exchange ActiveSync (used a lot by iPhone) won't work anymore.

 

We helped a few tenants make the move and decided to create a guide , hope it helps:

How to successfully disable basic authentication on Microsoft 365 before end of life support

 

If there are any questions please feel free to post them.

 

Update: It seems Microsoft might be testing disconnecting some protocols beforehand for a brief period. So if you would like to check if your tenant was affected, open your tenant admin through this link which will pre-fill a support request (image here) and the solution is a test tool which will check which ones are disabled.

7 Replies

@BetterLicenses 

Many thanks for this help. :smile:  It begins to be clearer but still murky. Still better than Microsoft """explanations""".

 

So now, I followed your process and discovered that three users (myself included) and an automatic mailbox use the simple authentication. I see it is with "Office 365 Exchange Online". And now what ? I can't manage to understand what is wrong and how to fix it.

 

Thanks for any more explanations.

 

 

edit :

I think this is this point I do not understand :

"After providing instructions to users on how to migrate their devices to Modern Authentication your tenant should prevent those users from adding new devices through legacy authentication.". The tenant (me) does not know how to migrate the devices and not even what devices :xd:

@biomediqa 

Make sure on your Azure AD sign in logs you enable the Columns Operating System and Device Browser used for the sign in, it will help you understand from which software/device the legacy protocal is being used.

 

In the OS what does it say ? Are you using iOS ? if so then try removing your account and re-adding it because it still might be using Exchange Active Sync.

 

 

 

BetterLicenses_0-1654898918617.png

 

@biomediqa 

Forgot, on our website we have a Web App which will tell you what devices users are using and will send you either a daily or weekly reminder of new devices users signed in still on legacy protocols.

More info on a Reddit post

@BetterLicenses 

 

Many thanks for your useful advices.

I would have loved to use the web app but it seems that my M365 business licence is not expensive enough to allow it.

 

As, on the Microsoft Azure log,  the only people to have been signaled with basic authentication (me included) are the only people still with Office 2013, I have tested on my own PC the register modification forcing to use Modern Authentication : HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover value set to 1 (for the little story behind it, Office 2013 is the last version to NOT have it set by default).

I see now that I am no longer on the "shame list". I'll watch for a while and if my only problems come from it, I'll feel lucky.

 

Thanks again.

You have a Microsoft 365 business standard ? If so then you can install outlook 365 no need to use an old version, or you have basic ?

@BetterLicenses 

 

M365 business (including office 365 and allowing Outlook on the web) AND office 2013/2016/2019 allowing more complete softwares. Some people prefer the real one to the cloudy other.

@biomediqa 

just added a guide on how to handle different types of devices signing in through basic authentication, might be helpful:

how to migrate devices running legacy to modern authentication