Basic Authentication Deprecation in Exchange Online – Time’s Up

In early January 2023, we will permanently turn off Basic auth for multiple protocols for many Exchange Online tenants.

We want to thank you once again for all the hard work you’ve done to prepare your tenant and users for this change, and for your part in helping secure our service and your data.

How Will This Change Happen 

Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope (we are still not touching SMTP, but you should).

Soon after basic auth is permanently disabled, any clients or apps connecting using Basic auth to one of the affected protocols will receive a bad username/password/HTTP 401 error.

The only remediation for this is to update the client or app or use a different client or app that supports Modern authentication.

Frequently Asked Questions

Why are you making this change?
We’re making this change to protect your tenant and data from the increasing risks associated with Basic auth. The reasons to do this are many.

Wait! I still need to use Basic auth; how can I get it re-enabled in my tenant once it gets disabled in January?
You cannot; it has been permanently disabled. Calling support will not help either, as they cannot re-enable Basic auth for you.

Basic auth got disabled and my email client keeps prompting me for a password…do you have any guidance for me?
Read our blog post: Exchange Online email applications stopped signing in, or keep asking for passwords? Start here.

Where can I read more about this?
You can read our official documentation here.

Summary

It’s taken more than three years to reach this point, and we know it has taken a lot of effort from customers, partners and developers too. Thank you to everyone who has played their part in helping secure our customers’ data and tenants. Together, we’ve improved security!

The Exchange Team