Exchange Online: Enabling Apple Mail App Clients for Modern Authentication

[German]Quick note for administrators who manage Apple devices with older iOS versions in an Exchange Online environment. Make sure that these devices are prepared for Modern Authentication, otherwise there will soon be communication problems. No later than October 1, 2022, Microsoft plans to turn off Basic Authentication on Exchange Online.


Advertising

Microsoft is intending to end Basic Authentication on it's cloud products (see also Disabling Exchange Online Basic Authentication in 2021). And in 2022 Microsoft will change things.

Office365 Authentification in iOS 12+

The days I came across above tweet reminding that Apple Mail clients need to upgrade to support Modern Authentication. The details can be read in this blog post. Starting in October 2022, Basic Authentication is expected to be turned off in all Exchange Online tenants.

The poster writes here that he received Message Center notifications MC284549 and MC284559 on September 12. These informed him that Microsoft had disabled Basic Authentication for POP3, IMAP4, Remote PowerShell, Exchange Web Services (EWS), the Offline Address Book (OAB), Exchange ActiveSync (EAS), SMTP AUTH and MAPI.

Basic Authentification
(Source: office365itpros.com)


Advertising

Everything is still working, he said. With Microsoft's decision that they will "permanently disable basic authentication in all tenants, regardless of usage, starting October 1, 2022," things are probably getting into a flow. In a year at the latest, basic authentication for Exchange Online will be turned off, even if an organization wants to keep it for some reason. You should be prepared for this shutdown, especially since the process could happen as early as early 2022 for individual services. Details can be found in the linked articles.

Addendum: Martin P. has send me the following message from Microsoft via email.

Updated September 27, 2021: We have updated the content for additional clarity. Thank you for your feedback.

We're making some changes to improve the security of your tenant.  We announced in 2019 we would be retiring Basic Authentication for legacy protocols, and in early 2021 we announced we would begin to retire Basic Authentication for protocols not being used in tenants, but not disable Basic Authentication for any in-use protocols until further notice.

Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that).

We previously communicated this change via several Message Center posts: MC191153 (Sept. '19), MC204828 (Feb. '20), MC208814 (April '20) and MC237741 (Feb. '21) and you can always read the latest information about our plans to turn off Basic Authentication here.

Beginning early 2022, as we roll out the changes necessary to support this effort, we are also going to begin disabling Basic Auth for some customers on a short-term and temporary basis.
We selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using our self-service tools.

During this time all clients and apps that use Basic Auth in that tenant will be affected, and they will be unable to connect. Any client or app using Modern Auth will not be affected. Users can use alternate clients (for example, Outlook on the Web instead of an older Outlook client that does not support Modern Auth) while they upgrade or reconfigure their client apps.

How this will affect your organization: If you receive a Message Center post between now and October 2022, informing you that we are going to disable Basic Auth for a protocol due to non-usage, or you get one saying we know you are using Basic Auth, but we intend to proactively disable it for a short period of time, and you don't want us to disable specific protocols, you can use the new self-service feature in the Microsoft 365 admin center to opt-out and request that we leave specific protocols enabled until October 2022. We added this feature to help minimize disruptions as you transition away from using Basic Auth.
We will disable Basic Authentication beginning October 2022, and once that happens, users in your tenant will be unable to access their Exchange Online mailbox using Basic Authentication.


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Cloud, Software and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.