""

Blog | 29 July 2022

Microsoft disabling Basic authentication in October 2022 – What to know and how to be ready

Matt Owen profile picture

Matt Owen

Architect

From October 2022, Microsoft will begin to permanently disable Basic authentication in all tenants, regardless of usage. Here’s what you need to know to be ready for the change.

As of 1 October 2022, Microsoft will be disabling Basic authentication on customer Azure tenants.

The removal of Basic authentication will be progressively rolled out across random tenants from this date onwards. Unfortunately, there’s no way to identify when a particular tenant will be updated.

Any customers using Basic authentication to connect applications or services to Exchange Online will be affected by this change. If you haven’t updated your applications to Modern authentication, they will fail to connect once Basic authentication is removed from the tenant.

Microsoft is recommending that customers using Basic authentication switch to Modern authentication (aka. OAuth 2.0) as soon as possible to avoid any outages when the switch-over happens.

This blog will give you an overview of what Basic authentication is, where you are likely to be using it, and how to mitigate connection issues by migrating to Modern authentication.

 

Kocho employee on headset smiling
tag icon

Need help?

Unsure what to do next? Get in touch!

Make sure you’re ready for Basic authentication to be disabled. We can help you:

  • Identify which of your systems will be affected
  • Safely update your MIM portal and related scripts
  • Prevent disruption and move to Modern authentication

What is Basic authentication?

Basic authentication, also called proxy authentication, is an HTTP(S)-based authentication mechanism that applications use to send stored credentials in Base64 format to servers, endpoints, or online services. Base64 is a data encoding scheme, not an encryption scheme, and can be simply reversed to reveal the supplied credentials.

Due to the lack of security in Base64 encoding, attackers can capture the transmitted credentials via MitM (man-in-the-middle) type attacks or guess them using common techniques such as dictionary-based password attacks.

As the credentials used for Basic authentication are stored and used directly by the requesting applications, attackers can steal these credentials using various tactics, such as social engineering or malware injection.

Why is Microsoft disabling Basic authentication?

Basic authentication was defined formally back in 2015 and since then has been adopted as one of the Internet’s most widely used authentication schemes due to its simplicity.

It can be used to secure access to any resource that is accessible over HTTP(S). Its popularity, combined with a lack of proper encryption or security, has made it a frequent target for attackers who wish to gain access to secured resources.

These days, there are better and more effective ways to authenticate users. Microsoft have been promoting alternative authentication and authorisation methods under the group terminology of Modern authentication.

Microsoft’s Modern authentication encompasses, but is not limited to, multi-factor authentication (MFA), Client Certification Authentication, plus their own implementation of the standard Open Authentication protocol (OAuth).

When will Basic authentication be disabled?

Microsoft starts disabling Basic authentication across random tenants from 1 October 2022. This random approach will continue until all tenants have had Basic authentication disabled.

Additionally, any tenant not currently using SMTP AUTH-based authentication will have this option disabled. Tenants currently using SMTP AUTH-based authentication (for example, via systems or mail servers sending automated emails into Exchange Online via SMTP) will not be affected.

What will it affect?

The disabling of Basic authentication in Exchange Online will affect the following Exchange Online services:

  • Microsoft Outlook
  • Exchange Web Services (EWS)
  • Remote PowerShell for Exchange (RPS)
  • Post Office Protocol for Exchange (POP)
  • Internet Message Access Protocol for Exchange (IMAP)
  • Exchange ActiveSync Service (EAS)

If your solution contains any applications, services, or scripts that connect to these services using Basic authentication they will need to be updated to support Modern authentication before 1 October 2022.

What do I need to do about it?

The first thing we would recommend is to run a discovery exercise to identify affected (and potentially affected) areas.

If you’re using Microsoft Identity Manager (MIM), you’ll need to update the MIM Portal to use Application Based Authentication. Any post-processing scripts using Basic authentication will also need to be updated.

Important: We wouldn’t recommend attempting to update the MIM Portal and post-processor scripts yourself, as there are potential dangers that could result in a complete re-install of the Portal. Please get in touch with us if this is something you need support with.

Once you’ve tested the updates and everything is working as it should, you can then begin user acceptance testing (UAT) and migrate the changes into production.

Key takeaways

  • Microsoft will be disabling Basic authentication in Azure from 1 October 2022.
  • This change will affect ALL customers using Azure.
  • Tenants using Basic authentication will be targeted at random from October – so you’ll need to be ready by that date.
  • You need to migrate all applications and scripts to Modern authentication as soon as possible.
  • Failure to migrate will result in a loss of connectivity to key apps and services.

 

tag icon

Join the mailing list

Ready to ‘Become greater’?

When you sign up to our mailing list, you’ll get the best content, expert resources, and exclusive event invites sent directly to your inbox.

Matt Owen profile headshot

Author

Matt Owen

Matt Owen is a Kocho architect with around 30 years’ experience helping clients navigate the choppy waters of on-premises identity and cloud integration.

Butterfly overlay image

We’re here to help you on your journey towards becoming greater. Get in touch to find out how.