You Microsoft recently announced their plans to retire Basic Authentication for several legacy protocols used to access Exchange Online. If you’ve stumbled across this post researching the news, you’re likely wondering what exactly this means to you and your organization.
Below is the breakdown of affected protocols:
- Exchange Web Services (EWS)
- Exchange ActiveSync (EAS)
- Remote Powershell (RPS)
The deprecation of these protocols will occur on October 13, 2020. If this widespread change is like any past ones made in Office 365, you can expect a slow roll-out to tenants starting on this date. Meaning, it likely will not be an immediate kill switch, but you should be prepared by this date.
The Future of Mobile Client Authentication
What exactly will this change affect? The primary user-facing change will be seen with mobile clients. Microsoft licenses the use of ActiveSync (EAS) to many mobile device vendors, in order to enable connectivity from their built-in mail clients to Exchange, such as the Mail app in iOS. The burden will be on mobile device OS vendors to upgrade their clients to support modern authentication. In the case of Apple and iOS, starting with iOS 11, modern authentication is supported.
First, survey the devices and OS versions in use in your environment to ensure that only up-to-date operating systems are in use. To take it one step further and eliminate the dependency on OS vendors, enforce the use of the Outlook mobile app across your organization. Not only will this guarantee the continued flow of email at the time of cut off, but it also will ensure the use of a fantastic app that Microsoft is continuously improving.
Time to Move Away from IMAP4 and POP3
While Microsoft plans to update POP3 and IMAP4 connections to support modern authentication, I recommend moving away from them completely. You should identify critical applications that require these protocols and find out what options you have to move away from them. For those using email clients that rely on them for sending messages, now is the time to take these options out of their hands.
The SMTP protocol will not change, so this may be one option for you.
Identifying the Weak Links
Depending on your environment, this change may seem like its laid a daunting task on your lap. What is the best way to get the full picture? You might not know about that executive who is still using Thunderbird as their primary email client. Luckily, Microsoft will release a tool to help identify what is using basic auth to connect to mailboxes. Microsoft has not announced its release date yet, but it should be available well before the 10/13/20 deadline.
Let Sikich Help!
If you need help with transitioning your clients or have not yet made the jump to Office 365, please reach out and let Sikich help guide you through the process!