Photo by Nothing Ahead on Pexels.com

Announcement

Microsoft has made it clear that they will stop basic authentication for many office 365 services starting Oct 01, 2022. You have less than 100 days to achieve this.

  1. Announcement
  2. What is Basic Auth ?
  3. Protocols affected with the change
  4. Monthly Message from Microsoft in Message Center
  5. Find users consuming basic authentication

What is Basic Auth ?

When you access exchange online powershell or other services accessing Exchange Online and specify user ID and password or you get this type of auth prompt, you are using Basic Auth and if you get redirected to Microsoft or your SSO provider to provider, that’s modern auth. This is the simple explaination but there are other ways as well when basic auth isn’t shown in such interactive way.

Basic Authentication Prompt
Modern Authentication Prompt

Protocols affected with the change

  • Outlook [MAPI over HTTP, Offline Address Book, Outlook Anywhere (RPC over HTTP)]
  • EWS – Free busy across different org, EWS API, Calendaring solutions like Zoom Room accessing free busy info using basic auth instead of OAuth 2.0
  • RPS – Remote Powershell, Scripts running using basic auth.
  • POP3
  • IMAP4
  • Exchange ActiveSync – Mostly native mail clients and iOS profile configured before iOS 12
  • Autodiscover & SMTP is excluded in this change

Basic Auth Usage Stats

Monthly Message from Microsoft in Message Center

If you have have basic auth consumed in your tenant then Microsoft sends a monthly notification in message center with the basic authentication usage of individual protocol, report looks similar to this.

You can check Azure Sign in logs to find out the end users.

Find users consuming basic authentication

  • Login to Azure (portal.azure.com), then navigate Azure Active Directory, Sign-in Logs and filter logs with “Client App” and choose the individual protocols under “Legacy Authentication Clients” section.
  • You can export the report in CSV, it has limit of 100k entries in a csv, so you can choose shorter time window, if entry exceeds.

Direct Link of Sign In Logs : https://bit.ly/3usqGPb

Thank you for reading, In my next article, I will explain about plan to switch individual protocols to Modern Authentication.