Removing Basic Authentication from Exchange Online

Microsoft Removes Basic Authentication in Exchange Online

Cyber criminals are constantly developing new ways to target hybrid and remote workers. Being October the cyber security awareness month, Microsoft is looking to highlight to all users that it is imperative to adapt new protocols and move away from outdated, less safe practices, like Basic Authentication. Starting October 1, 2022, Basic Authentication will be turned off for all Exchange Online tenants. We encourage Exchange Online users to move to more modern and sophisticated protection methods, such as Modern Authentication. 

From Basic Authentication in Exchange Online to Modern Authentication

Sadly, we are living in the cybercrime era. Maintaining email and files attached has become a more challenging duty, since there are 921 password attacks every second. Basic Authentication is not enough to keep our data protected. Not only that, but the FBI’s Internet Crime Complaint Center had reported 19,954 business email compromise (BEC) and email account compromise (EAC) complaints with adjusted losses at nearly USD2.4 billion

As your business grows, it is important to keep your Exchange Online organization secure. OAuth 2.0 token-based authentication is more secure than Basic Authentication and enables features like multifactor authentication (MFA). This is especially beneficial for medium-sized businesses that do not have a dedicated security staff.

Although Basic Authentication is still widely used, research has found that it is a major vulnerability in terms of password spraying and credential stuffing attacks. In fact, disabling Basic Authentication has been shown to reduce the likelihood of compromise by 67%.

There are many benefits to updating your apps and configuration to use Modern Authentication. Not only does it make your business more secure, but it can also help protect against threats in mobile devices. Basic Authentication is still used by many devices, so it is important to make sure that your organization’s device is using Modern Authentication. Even Outlook Mobile uses Modern Authentication and works on both iOS and Android devices.

Secure your organization with Azure AD

A stronger, more secure method to ensure your organization’s integrity is by enabling a multifactor authenticator. With Azure Active Directory, you can protect your users from credential theft, while securing your resources against unauthorized access, as well as ensuring a seamless user experience for your employees. Book a meeting with one of our Azure AD experts today to learn the next steps to take.