As of October 1st, Microsoft will be turning off basic auth for specific protocols in Exchange online for customers who are still using them as Microsoft over the last few months has been encouraging users to move away from this.
Microsoft will be from October 1st picking tenants at random and disabling basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) and Remote PowerShell. You may have already received this message from the Message Centre to tell you about the above.
Please note: Microsoft will not be disabling or changing any settings for SMTP Auth.
What happens if you do not have the necessary things in place for this change?
Granted, Microsoft understands that not every business is ready for this change despite the constant posts across the different channels over the course of the last few months. Some customers may have been aware of this but not had the chance to implement any solution to avoid this outage, other customers may have missed this completely.
I haven’t managed to make any changes for this, what can my business do?
Don’t worry, once Microsoft switches off basic auth from October 1st, all customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they require, once per protocol. We will take you through the process below.
After this diagnostic has been run, basic auth will be re-enabled for those protocol(s). Selected protocol(s) will remain enabled for basic auth use until the end of December. Once January 2023 comes round, these protocols will be switched off for basic auth permanently and therefore you will not be able to use it again going forwards.
Microsoft, can you give me more time please as I want to avoid disruption to my business?
If you haven’t got the time to make the necessary changes and want to avoid any disruption to your business during this time of having basic auth disabled, you are able to run diagnostics throughout September, this means that when October 1st happens, Microsoft will not disable basic protocol(s) that you have outlined. It is important to note that Microsoft will disable basic for any non-opted out protocols, however you can re-enable them until the end of December by going through the following steps below if you need to.
Please note: This means that if you do not want basic for a specific protocol or protocols disabled in October, you will still be able to use the same self-service diagnostic during September. The process can be seen below.
So, what diagnostic options are available?
Many customers have already made use of the self-service diagnostic that has been mentioned on the Microsoft website here and here to get the basic auth back up and running for a protocol that had been already turned off.
As of September 1st, Microsoft stopped taking re-enable and opt out requests. If you are in the situation where you have previously opted out or re-enabled basic for some protocol, you will need to go through the below steps in September to highlight the fact that you wish Microsoft to leave something enabled for basic auth after October 1st.
In order to use the self-service diagnostic, you will need to go directly to the basic auth self-help diagnostic by hitting the below button (you will see that it brings up the diagnostic in the Microsoft 365 admin centre if you’re a tenant Global Admin):
Or you can go to the Microsoft 365 Admin center and select the green help & support button in the lower right-hand corner of the screen.