Retiring Basic Authentication for Legacy Protocols in Exchange Online

Microsoft previously announced in 2019 that it would be taking steps to retire basic authentication for legacy protocols in Exchange Online. In 2021, Microsoft also announced they would be disabling legacy authentication on tenants for protocols not being used, while leaving it enabled for those protocols that were still in use. Microsoft announced today that they will continue to fully disable legacy authentication for Exchange Online beginning October 1, 2022, regardless of actual usage. See MC286990, which should be available within the Message Center in your Microsoft 365 Admin Center, for more details.

Microsoft further writes: “If you receive a Message Center post between now and October 2022, informing you that we are going to disable Basic Auth for a protocol due to non-usage, or you get one saying we know you are using Basic Auth, but we intend to proactively disable it for a short period of time, and you don’t want us to disable specific protocols, you can use the new self-service feature in the Microsoft 365 admin center to opt-out and request that we leave specific protocols enabled until October 2022. We added this feature to help minimize disruptions as you transition away from using Basic Auth.

We will disable Basic Authentication beginning October 2022, and once that happens, users in your tenant will be unable to access their Exchange Online mailbox using Basic Authentication.

More information can be found here.

Leave a Comment