As cyber-attacks continue targeting remote workers and hybrid environments, Microsoft is taking active efforts to edify Exchange Online customers about the futility of relying on outdated security protocols and methods for maintaining security. In that vein, Microsoft has also decided to discontinue Exchange Online Basic Authentication services.
Why has Microsoft Shelved Exchange Online Basic Authentication?
This policy came into effect on October 01, 2022, for all tenants. However, Microsoft didn’t just leave its Exchange Online users hanging without any other authentication method to fall back on. They helped millions of users shift to Modern Authentication.
Microsoft focused on shutting down Exchange Online Basic Authentication to mitigate the chances of data breaches and email infiltration. Thorough research conducted by Microsoft revealed that over 99% of password attacks leveraged the weaknesses of Basic Authentication.
Today, there are 921 password attacks every second, which is almost double the frequency observed in 2021.
Besides, there were 19,954 BEC attempts recorded this year with FBI, resulting in losses amounting to around USD 2.4 billion.
Seeing this scenario unfold, Microsoft decided to shift to Modern Authentication, which works on OAuth 2.0 token-based mechanisms. This offers stronger protection and enables features like Multifactor Authentication (MFA).
This move was also supported by data that indicated that customers who had proactively disabled Basic Authentication to opt for something stronger faced a 67% lower cyber incident rate.
Microsoft believes this shift to Modern Authentication will especially benefit SMBs who are not in a position to maintain a dedicated security team.
So how can you go about shifting to Modern Authentication?
The first step you can take is to update all your apps to get the benefit of OAuth 2.0 features. Moreover, you can move to sophisticated apps like Outlook that automatically implement Modern Authentication. Outside of Microsoft, you also need to update all your systems and applications which require password-based authentication, since all the latest systems inherently implement Modern Authentication.
Your tenant admin should also check the Microsoft 365 Message Center regularly to check for indications that you’re still on Basic Authentication. Besides, Microsoft also supplies tenants with helpful documentation links that enlist deprecated security features and shift to the latest security mechanisms. You can also find guidelines on our blog on basic authentication deprecation.