No more Basic Authentication for Exchange Online – what does that mean for us?
Microsoft recently announced that they are turning off Basic Authentication in Exchange Online on October 13, 2020. This means a year for customers to adapt. But what does this mean in reality? In short, no more Basic Auth for:
- Remote PowerShell
This also means you will not be able to use app passwords (which we never recommend anyway).
What are the alternatives? Move to more modern applications that support Modern Authentication. The absolutely best alternative is to simply switch to Outlook on all mobile devices – then you are all set.
We think ActiveSync will be the biggest blocker. iOS 11 and later actually support Modern Authentication for their built-in ActiveSync client but we suspect you will need to remove and re-add the configuration. Android, as far as we know, still does not support Modern Authentication so we’ll see if they add support it in the future. We do however still think Outlook Mobile is a much better choice since it enables so many other features.
For Remote PowerShell, make sure you use the module that supports MFA and I’m sure most of us already do since you should never ever have admins without MFA enabled.
If you have some requirement to keep using POP/IMAP, Microsoft will enable OAuth support in the next few months and once that happens, you will need to switch to a client that supports Modern Authentication (OAuth).
SMTP is not affected at this time and I understand since there’s a huge number of devices not supporting Modern Auth like printers and 3rd party applications.
Not official nor mentioned but I think we will see enforced MFA or Passwordless for all users in Office 365 in the future. This is just one step in Microsoft’s strategy to eliminate passwords: