Microsoft disables Basic Authentication for Exchange Online
Basic authentication outdated industry standard
Basic authentication is an outdated industry standard. Its threats have only increased further in recent years. Today, there are better and more effective alternatives to user authentication. At Universal we strongly recommend our customers to apply security strategies such as Zero Trust (never trust, always verify) and implement additional security policies for users and devices when accessing corporate resources. These alternatives enable intelligent options to decide about who tries to access what, from what location and which device, rather than simply relying on a username and password that could be used by a malicious person to impersonate a legitimate user.
Legacy protocol in Exchange Online
Microsoft removes the ability to use basic authentication in Exchange Online for:
- Exchange ActiveSync (EAS)
- Remote PowerShell
- Exchange Web Services (EWS),
- Offline Address Book (OAB)
- Outlook for Windows, and Mac
- In addition, SMTP AUTH is disabled in all tenants in which it is not used.