Basic Authentication in Exchange Online will be discontinued as of October 2022

Sicherheit (Pexels, allgemeine Nutzung)[German]It was already announced September 2021 that the Basic Authentication in Exchange Online will be deactivated. The cutoff date for this disablement to begin is October 1, 2022. As of May 3, 2022, Microsoft has now reiterated this cutoff date, writing that in approximately 150 days we will begin disabling Basic Authentication for certain protocols in Exchange Online for those customers still using it.


The following tweet links to the Techcommunity post Basic Authentication Deprecation in Exchange Online – May 2022 Update with the details.

Basic Authentication in Exchange Online ends in October 2022

Microsoft's reason for this move is that Basic Auth is still one of, if not the most common way that Exchange Online users are compromised. And these types of attacks are arguably on the rise. Since the initial announcement to turn off Basic Auth in October 2022, Microsoft says this authentication method has been disabled in millions of tenants that were not using it. In addition, Microsoft is currently disabling unused protocols in tenants that still use Basic Auth.

Beginning Oct. 1, 2022, Microsoft will begin disabling Basic Auth in Exchange Online. Microsoft plans to randomly select tenants that still use it. They will then get a 7-day warning in the Message Center (and post notices in the Service Health Dashboard) that Basic Auth will be turned off in the tenant after the deadline. Microsoft expects this shutdown to be complete for all tenants by the end of 2022. Administrators whose users are still using Basic Auth with Exchange Online should prepare for the transition by Oct. 1, 2022, and have it replaced by the deadline if possible.

Specifically, Microsoft will disable Basic Auth for the MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP and Remote PowerShell protocols. SMTP AUTH, on the other hand, will not be disabled if it is still in use. On millions of tenants that do not use the SMTP AUTH protocol, Microsoft has already disabled it. Redmond recommends disabling the protocol at the tenant level and re-enabling it only for those user accounts that still need it.


The Techcommunity post Basic Authentication Deprecation in Exchange Online – May 2022 Update provides more details on the transition and disabling of basic authentication (Basic Auth) in Exchange Online.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Cloud, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *