New resources for moving to Modern Authentication

Applies to: Exchange Online

Back to the Microsoft Lifecycle Policy home page

Published: March 2, 2020

In September of 2019, Exchange Online announced its deprecation of Basic Authentication, prior to removal on October 13, 2020. Basic Authentication relies on sending usernames and passwords – often stored on or saved to the device – with every request, increasing the risk of attackers capturing users’ credentials, particularly if not TLS protected.

Users are encouraged to move to Modern Authentication (Modern Auth). To help with this, Microsoft has released new resources and reports:

  1. Azure AD Sign-In Report: This improved report helps tenant admins identify which users or applications are at risk. The report is part of the Azure Active Directory admin center, called Sign-ins. This report will be available to all customers very so on and provides a 7-day rolling report of client login activity.
  2. POP, IMAP, and SMTP: Modern Authentication support for POP and IMAP in Exchange Online will be available soon. Go here to learn more.
  3. Outlook for Windows and Mac: Outlook for Windows and Mac will be impacted by the removal of Basic Authentication. However, newer versions of these products have Modern Authentication enabled by default. Go here to see if your version of Outlook is already using Modern Auth.

Go here to learn more about these updates, or see Message Center posts 191153 and 204828. 

The information on this page is subject to the Microsoft Policy Disclaimer and Change Notice. Return to this site periodically to review any such changes.