To start with the good news, Autodiscover is not a target protocol for disabling. I also hear from organizations that are concerned about Autodiscover and what the impact of disabling Basic Authentication might have. Additionally, their mailboxes are on pre-Exchange 2016 CU3, and until their mailbox gets moved to Exchange 2016 CU3+ or Exchange Online, integration with an application such as Teams will be affected. ![]() Also, if at some point they do decide to go hybrid, their options will be affected as they will need to go through Exchange 2016 to have the best experience. If they have Exchange Hybrid configured, things like cross-premises federation might break. With Exchange Online no longer supporting Basic Authentication, this might have consequences for organizations running Exchange on-premises if their version does not support modern authentication, e.g., Exchange Server 2010. One could ask serious questions when an organization runs a business-critical application on an older operating system, with both likely not having received significant security patches for over a few years now. Despite Exchange 2010 reaching end of life in October 2020, I still meet customers hosting their mailboxes on Exchange 2010 (and I'm sure there might even be organizations running on older versions of Exchange). One might expect that most organizations running Exchange on-premises are running a supported version of Exchange server, especially after security-related issues such as Hafnium and ProxyShell in 2021. Interoperability with Exchange On-Premises In this article, I will try to address some of these concerns. So, with the doomsday counter ticking away for Basic Authentication, what are the consequences for Exchange related workloads organizations might wonder. On a side note, per end of 2020, newly created tenants already have basic authentication disabled by means of security defaults – if those organizations require Basic Authentication for some reason, they will also need to reconfigure security defaults which by default is an all or nothing option for all protocols. But with the end of support for Basic Authentication, so will this temporary workaround. After entering "Diag: Enable Basic Auth in EXO" in the problem search query, the request will be checked, and Basic Authentication will get enabled. Until then, organizations can still (re-)enable Basic Authentication when they have a need, using the self-help system in the Microsoft 365 admin center. Organizations do need to anticipate on this change for the first of October 2022. ![]() Mind the 'start' in start date, as flicking the switch for millions of tenants takes time before it becomes effective on your tenant. After initially postponing turning Basic Authentication off to the second half of 2021, the most recent – and final – start date for permanently turning the lights off for Basic Authentication is now set to October 1st, 2022, as per the article " Deprecation of Basic authentication in Exchange Online" and MC286990 in the Message Center. Then the world had other matters to deal with, and Microsoft extended the timelines. The original date for disabling of Basic Authentication was October 13th, 2020. When combined with Azure AD for authentication, Modern Authentication also supports features such as Multi-Factor Authentication or Conditional Access. ![]() It's modern successor, modern authentication or OAuth2, uses a token and claim based mechanism contrary to sending accounts and passwords, and is the preferred authentication method. This is part of an overall movement to deprecate the less secure Basic Authentication, which is unfit to face the security challenges of the modern world, being subject to things like password spray attacks. Back in September 2019, Microsoft announced it would start to turn off Basic Authentication for non-SMTP protocols in Exchange Online on tenants where the authentication protocol was detected as inactive.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |