Microsoft has announced that “effective October 1, 2022, they will begin to permanently disable Basic Authentication in all tenants, regardless of usage, with the exception of SMTP Auth.”

What does this mean for you? The most common issue experienced by customers… Outlook work email addresses will stop working on mobile devices, and other devices. But that’s not all!

For those new to Microsoft 365, Basic Authentication allows users to connect to a mailbox using only a username and a password. The reason behind stopping this is that it will prevent accounts from being brute-force or falling victim to password spray attacks. The policy does not affect Exchange Server on-premises.

Basic Authentication makes it easier for attackers to capture user credentials, which increases the risk of those stolen credentials being reused against other endpoints or services. Furthermore, the Enforcement of Multifactor Authentication (MFA) is not simple or in some cases, possible when Basic Authentication remains enabled.

Basic Authentication is an outdated industry standard. Threats posed by it have only increased since originally announced that Microsoft was going to turn it off.

Imperium Data actively recommends that customers adopt security strategies or apply real-time assessment policies when users and devices access corporate information. These alternatives allow for intelligent decisions about who is trying to access what from where on which device rather than simply trusting an authentication credential that could be a bad actor impersonating a user.

If you have questions or concerns Imperium Data is here to help! Contact us to set up a consultation.