Microsoft recently announced that it will disable some of its legacy email authentication protocols later this year. This change will affect users with older phones or those with email setups using one of these protocols.

Legacy, or basic, authentication allows users to connect to a mailbox using only a username and a password and is traditionally enabled by default on most servers or services. However, basic authentication makes it easier for attackers to capture user credentials, thus increasing the risk of those stolen credentials being reused against other endpoints or services.

Starting on October 1st, 2022, Microsoft will remove basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. The company will also disable SMTP AUTH if it is not being used.

Customers will have to transition from apps that use basic authentication to those utilizing modern authentication (OAuth 2.0 token-based authorization), which features numerous benefits and improvements that help mitigate the issues in basic authentication.

For mobile devices that are set up to use EAS and basic authentication, BinaryNetworks recommends using Outlook for iOS and Android when connecting to Exchange Online. These apps can be found in the iPhone and Android app store.

Outlook for iOS and Android fully integrates Microsoft Enterprise Mobility + Security (EMS), which enables conditional access and app protection (MAM) capabilities, and helps secure your users’ and corporate data, along with natively supporting modern authentication.

For BinaryNetworks customers who have Business Premium licenses, we have already disabled these legacy protocols.

If you have any questions about the information above, please contact your BinaryNetworks representative.