Microsoft has been warning customers for the past few years that it is discontinuing Basic Authentication in Exchange Online and replacing it with Modern Auth (OAuth2.0). Microsoft has been releasing warnings in waves and gradually disabling the method.
The company appears to have now issued the final public notice about the matter. In many countries, the holiday period will begin next week. Microsoft Exchange logo with a laptop icon and a grim reaper icon.
Redmond’s tech giant advised companies in a blog post to be prepared for Basic Auth being disabled for all protocols by January 2023.
This deprecation will affect MAPI, RPC, Offline Address Book, Exchange Web Services (EWS), and POP. IMAP, Exchange ActiveSync, (EAS), Remote PowerShell, and POP.
Microsoft recommends disabling the protocol yourself, even though it will not be disabled for SMTP AUTH. The protocol will be disabled for organizations seven days before they are notified. After the protocol is disabled, affected apps will throw an HTTP error 400 for a wrong username/password.
Modern Auth will allow them to function again. Microsoft has stated that Basic Auth will not be able to be turned on after January’s disablement.