Microsoft : The Deadline to Get Off Basic Auth is Approaching


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Don't say you weren't warned.

Three years ago, Microsoft announced that it was going to start weaning its software offerings off Basic Authentication for more modern and secure user authentication methods. Since then, the software giant has moved a number of customer-facing applications, including Outlook Desktop and Outlook Mobile App, to Modern Auth via security updates.

Now Microsoft is telling users that on October 1 it is going to start disabling Basic Auth for protocols in Exchange Online that have yet to be turned off, including MAPI, RPC, Offline Address Book, Exchange Web Services, POP, IMAP, Exchange ActiveSync, and Remote PowerShell. Millions of users already have moved away from Basic Auth over the past three years and Microsoft has disabled it in millions of tenants. However, many are still using it, despite additional reminders in September 2021 and again in May.
Redmond is giving those who have yet to move off Basic Auth a three-month reprieve of sorts. In a blog post this week, Microsoft said it is updating its plan for customers who don't know about, or are not ready for, the change. After Basic Auth is turned off October 1, customers will be able to use a self-service diagnostic to re-enable it for whatever protocols they need. This can only be done once per protocol, with the re-enablement starting once the diagnostic is run. That said, it will only last through the end of December. During the first week of January 2023, Basic Auth will be permanently turned off for all protocols.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.