Microsoft Exchange Online users must ditch “basic authentication” or risk disconnection
Microsoft Exchange Online users have until Saturday, 1 October 2022, to move away from its “basic authentication” login method or risk having their services interrupted, according to a statement from the company.
Microsoft said that starting 1 October, it would begin randomly selecting tenants to disable their basic authentication access for various Exchange email services.
“Starting October 1st, we will start to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell,” it said.
The tech giant said it would notify impacted users through its message centre seven days before disabling the old authentication method and post a Service Health Dashboard notification to the tenants on the day of the change.
Microsoft stated that many customers are unprepared for or unwilling to change but said it was necessary to protect user data.
Those who don’t switch and are selected to be disabled will likely experience an outage.
The tech giant previously explained that over 99% of password spray attacks and more than 97% of credential stuffing attacks target accounts using basic authentication protocols.
“Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth,” it said.
Microsoft added that it would allow its Exchange Online customers to re-enable basic authentication for any of the protocols they require — limited to once per protocol — after they are disabled on 1 October 2022.
Now read: London police charge 17-year-old suspected to be behind Uber hack
Loading ...