[German]A few days ago, Microsoft made an announcement that it wants to better secure "Outlook for private users" in future. The mention of Outlook is a bit of a misnomer. The aim is to improve the security of online e-mail accounts such as Outlook.com, Hotmail.com and Live.com for private users. Authentication using a user name and password is to be replaced by two-factor authentication.
Advertising
Basic authentication will be switched off
In the business environment, Microsoft has long since abolished so-called Basic Authentication (see my article Reminder: Basic Authentication in Exchange Online will be switches off in 2023). The email inboxes there have been switched to Modern Authentication. The changeover had already been announced in October 2022, but doesn't seem to have really affected many customers until 2024.
Now Microsoft is also taking on private customers who use an online email account at Outlook.com, Hotmail.com and Live.com. In a tech community article Keeping our Outlook Personal Email Users Safe: Reinforcing Our Commitment to Security, Microsoft employee David Los outlined the planned changes as early as June 11, 2024.
The message is that Microsoft wants to make sure that private online accounts (referred to as Outlook) for emails, documents, calendars and contacts are protected against unauthorized access, manipulation or loss. Therefore, Basic Authentication will also be disabled for private accounts (such as Outlook.com, Hotmail.com and Live.com). The following schedule applies:
- August 19, 2024: The light version of Outlook Web App will be discontinued and can no longer be used.
- September 16, 2024: The shutdown of Basic Authentication.
- End of 2024: There is a reminder about the end of support for the mail and calendar apps.
From September 16, all Outlook users of personal Microsoft e-mail accounts (e.g. Outlook.com, Hotmail.com, Live.com) will be required to switch to modern authentication methods. The previously used basic authentication method using a user name and password to log in to the user account is no longer supported.
Advertising
This means that all e-mail clients that do not support Modern Authentication will no longer be able to access the mailboxes of e.g. Outlook.com, Hotmail.com, Live.com from the effective date. If necessary, clients such as Outlook, Thunderbird, Apple Mail or the various mobile device May apps must be updated to the new version.
Microsoft justifies this by saying that the long-standing Basic Auth standard makes it easy for attackers to intercept a person's login data. This increased the risk of stolen credentials being reused to gain access to a person's email or personal data. Email-based cyberattacks have greatly increased over time, which is why Microsoft requires modern authentication for all Outlook online account customers for security reasons.
The Techcommunity article also contains some information on the minimum operating system requirements for logging into Outlook online accounts in future. Anything older than Windows 10 will be excluded from the Microsoft world. Furthermore, certain browser versions will be required as a minimum for accessing the online account. In this context, the light version of the Outlook web application will also be discontinued from mid-August – and the mail and calendar apps from Windows will follow at the end of 2024.
Similar articles:
Basic Authentication in Exchange Online will be discontinued as of October 2022
Reminder: Basic Authentication in Exchange Online will be switches off in 2023
Advertising
