Outlook 2010 doesn’t support modern authentication at all. Outlook 2013 can be configured to support modern authentication, but it requires a few registry edits and an up-to-date client. Modern authentication is only supported out of the box for Outlook 20. I strongly urge you to update your in-house applications to support OAuth 2.0 and contact your third-party vendors. Microsoft is planning to add support for modern authentication to these protocols, but no timeline has been announced. POP and IMAP are protocols that are widely used by various applications to send and receive mails. It is strongly advised to start migrating these workloads to Modern Authentication too, as this improves security a lot. So as of now, Microsoft is turning off support for basic authentication for the following protocols:īasic Authentication for SMTP Auth is still supported, as Microsoft acknowledges that this is still widely used. All other workloads (Sharepoint Online, Skype for Business Online, Exchange on-prem) will still have support for basic authentication (however, I recommend to migrate all workloads to modern auth). What is happening?įirst off, it is important to note that Microsoft is only turning of basic auth for Exchange Online. Modern Authentication has been enabled by default in Office 365 since 2016 and is the way forward. The alternative for basic (sometimes also referred to as legacy) authentication is modern authentication. Basic Authentication is often used by attackers to perform password spray attacks. This makes it an insecure way of authenticating. Basic Authentication doesn’t support sending the device information that’s needed for some Conditional Access policies nor does it support multifactor authentication.
During this authentication, the clients sends it’s username and password to the server everytime. Beginning October 2020, basic authentication will be disabled in tenants that don’t use it.īut what does this mean? What is basic authentication? Basic authentication is the old way for a client to authenticate to a server.New tenants will have basic auth disabled by default (through security defaults).Deprecation is postponed to second half of 2021.Update: Because of COVID-19 Microsoft has made some changes to the timeline: A reader recently asked me what this meant for them and I thought => let’s make a blog post for this! There are still a lot of admins who are unaware of this change and what effect this will have on their organization. Last month Microsoft announced that basic authentication is being turned off on October 13, 2020.
0 kommentar(er)
