Blog
Office 365 Exchange Online: Microsoft retires Basic Authentication on Oct 1, 2022
As more skilled cybercriminals target hybrid and remote employees, Microsoft is striving to educate Office 365 Exchange Online users about the need of moving away from antiquated, insecure protocols like Basic Authentication. In consequence of it Microsoft, as announced, will stop supporting Basic Authentication for all tenants in Exchange Online as of October 1, 2022.
Microsoft has assisted millions of Exchange Online users in switching to Modern Authentication since 2019. Additionally, the company has collaborated with partners to assist their shared clients in removing Basic Authentication and implementing Modern Authentication.
Email security is still crucial for corporate productivity, sales, and sensitive communications, and employing Basic Authentication increases the risk of data breaches and email interruption for businesses. The number of password assaults has nearly doubled since 2021 to 921 per second. Additionally, 19,954 reports of business email breach (BEC) and email account compromise (EAC) with adjusted damages of about USD2.4 billion were received by the FBI's Internet Crime Complaint Center (IC3).
Moving your Exchange Online business to OAuth 2.0 token-based authentication (or Modern Authentication), which is more secure, provides enhanced security and the usage of features like multifactor authentication (MFA). Small and medium-sized enterprises that lack a dedicated security personnel may especially benefit from this.
More than 99 percent of password spray attacks, according to Microsoft’s research, take use of the availability of Basic Authentication. Over 97 percent of credential stuffing attacks also make use of legacy authentication, according to the same report. Customers who have turned off basic authentication have seen 67% fewer breaches than those who continue to do so.
Boost security and prevent disruption.
Using Modern Authentication in your apps and setup increases your company's security against a variety of attacks. Making ensuring your device has the most recent operating system or software update is one approach to convert it to utilize Modern Authentication as many mobile devices still rely on Basic Authentication. You may alternatively utilize an app that just employs Modern Authentication and is compatible with iOS and Android devices, like Outlook mobile.
All tenants still use Basic Authentication receive frequent usage data; thus, your tenant admin should frequently monitor the Microsoft 365 Message Center. The notifications provide links to helpful Microsoft Docs that describe how to spot and fix Basic Authentication use, such as Deprecation of Basic Authentication in Exchange Online. Microsoft’s advice to its clients is to stop using Basic Authentication and start using Modern Authentication.
Read the latest updates for the Basic Authentication Deprecation in Exchange Online from the Exchange Online team.
Download PDF