Consequently, the app will display a client-side HTTP 401 error: bad username or password.Īpps using Modern Auth for the same protocols will not be affected, so it is essential to anticipate the deactivation period to prevent our apps (scripts, integrations, etc.) to stop providing service affecting production.īasic Auth is one of the most common (or the most common) ways in which customer account compromises occur and these types of attacks are on the rise, according to the Exchange team.īasic authentication is used for protocols such as POP, SMTP, IMAP, and MAPI where MFA (Multi-factor authentication) could not be configured and this causes them to be exploited by cyber attackers as a way into the organization. The procedure is detailed in the following post from the Exchange team.īasic Auth will be disabled for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) and Remote PowerShell.Īccording to the Exchange team, if you are using a user app, script, integration, etc, that is using Basic Auth for any of the affected protocols, you will not be able to connect to it. Each selected tenant will be notified of the change by an alert within the previous 7 days via Message Center and Service Health Dashboard.
Starting October 1, 2022, Microsoft will begin to disable Basic Auth progressively on a random basis for all tenants still using it and the change is expected to be implemented for everyone by the end of the year. It is important to remember this since there are less than two months left and using Basic Auth during the deactivation could result in an HTTP 401 error: bad username or password in production environments. Microsoft's Exchange team announced in September last year that on October 1, 2022, Microsoft was going to permanently deactivate Basic Auth for all tenants still using it and that, after deactivation, they would switch to Modern Auth (a more secure authentication method).
0 kommentar(er)
