Basic Authentication for Exchange Online is Ending

Envelope with Lock Graphic

Last fall, Microsoft announced a plan to end their Basic Authentication service within Exchange Online. Not sure what that means, or if it affects you? Keep reading to learn more.

What is Basic Authentication?

Basic Authentication is a password management tool that allows client apps to connect to servers, services, and endpoints. It is typically enabled by default on most servers and is easy to set up—the application simply sends a username and password with every request.

Microsoft originally planned to end their Basic Authentication service in the fall of 2020 but extended the deadline to October 1, 2022. The service termination will affect various email protocols. This includes Exchange ActiveSync, Post Office Protocol (POP), and Internet Message Access Protocol (IMAP)—as well as Remote PowerShell within the Exchange Online service. SMTP will not be affected since there are still many devices and applications that rely on this service to send an email.

Why is Microsoft ending the Basic Authentication service?

Simply put, the Basic Authentication service was pretty “basic,” which unfortunately can leave users vulnerable to brute force cyberattacks. A brute force attack is similar to trying every key on a key ring until the door unlocks. Hackers set up a computer to try a variety of username/password combinations until they find something that works. This is why password strength tools suggest using uncommon words and special characters rather than “password” or “12345.”

Hackers are getting craftier by the day, which means security services need to evolve and adapt as well.

What does this mean for you?

First and foremost, it’s important to ensure that your business has a solid cybersecurity strategy in place. Passwords are the weakest link, with weak or stolen passwords being listed as a cause of at least 80% of hacking-related data breaches. Additionally, it’s important to remember that Microsoft is not leaving their systems unprotected! The Basic Authentication service has evolved into Modern Authentication, which incorporates many new benefits and improvements. A primary benefit of Modern Authentication is the ability to use Multi-Factor Authentication (MFA), such as requiring a code sent to your cell phone in addition to your password.

If you’re using Outlook on Windows or Mac as your primary email client, you likely already have Modern Authentication in place. However, if you’re using any of the other Microsoft email services listed above, you may need to disable Basic Authentication and enable Modern Authentication.

BSC Solutions Group is Committed to Your Cyber Security

We’ve been providing organizations with the IT solutions they’re looking for since 1989. We know how confusing today’s network landscape can be—and we also know how important it is to have the right security measures in place. Visit our website to learn more about our solutions and services or reach out to us at 1-(800)-958-2341 to book a free consultation!