Microsoft Says Goodbye to Basic Auth and Hello to Modern Authentication

October 27, 2020

Basic Authentication has been the standard for years to connect servers, services and endpoints. By default it is enabled on most servers and services because it is so simple to set up and implement. Applications use basic authentication to send a username and password with every request (often saved on the device) which makes it easier for attackers to capture these credentials. Especially, if TLS protection is not enabled. This in turn, increases the risk that credentials will be tested against other endpoints and services as well. Unfortunately, multi-factor authentication (MFA) isn’t as simple to implement from basic authentication so it’s not used often.

Simply put, there are better and more effective alternatives to basic authentication available today including Zero Trust(i.e. Trust but Verify) or real-time assessment policies to determine who is trying to access data, from where and which device, to determine if there is an imposter.

Microsoft is taking these security threats to basic authentication seriously by rolling out new improvements to data security in Exchange Online, turning off Basic Auth and requiring Modern Authentication.

NOTE: This change only effects Exchange Online NOT the Exchange Server on-premise products. But Microsoft does recommend turning Basic Authentication off, on-premise as well in favor of MFA.

What is Changing

Basic Authentication for Exchange Web Services has been turned off on October 13, 2020. This includes Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP and Remote PowerShell at the same time – October 13, 2020.

Microsoft states:

“We want your help in getting users to move away from apps that use Basic Authentication, to apps that use Modern Authentication. Modern Authentication (which is OAuth 2.0 token based auth) has many benefits and improvements that help mitigate the issues present in Basic Authentication. For example, OAuth access tokens have a limited usable lifetime and are specific to the applications and resources they are issued for so they can’t be re-used. Enabling and enforcing MFA is also very simple with Modern Auth.

Please note this change does not affect SMTP AUTH – we will continue supporting Basic Authentication for the time being.  There is a huge number of devices and appliances that use SMTP for sending mail, and so we’re not including SMTP in this change – though we are working on ways to further secure SMTP AUTH and we’ll share more on that in due course. Nor does this change affect Outlook for Windows or Mac assuming they are already configured and using Modern Auth (and they really should be). ”

How This Could Impact You

This change might affect some of your users or apps:


In the next few months, Microsoft will be adding OAuth support to both POP and IMAP. However, if you want to keep using these protocols, you’ll need to update the app to one that supports Modern Auth. Microsoft, of course, recommends Outlook – which now has shared mailbox support for iOS and Android – A common reason people have been using POP and IMAP).

Exchange ActiveSync

If Basic Auth is being used, we believe the best mobile device client to use when connecting to Exchange Online is Outlook mobile. Outlook mobile helps you secure your users and your corporate data, and it natively supports Modern Authentication.

Microsoft is aware this change from Basic Auth to Modern Auth will potentially cause some disruption but firmly believe it is crucial to improve security and protect your data and your user’s data. At QSG we are ready to help you make the switch to Modern Authentication for your users and devices. Give us a call at 248-247-3000 or contact us to get started.

QSG IT Solutions

QSG Small Business Seminar

Interested in learning more about how QSG services can grow your business? Let us know!

Related Articles

How Stress Impacts Your Brain & Overcoming Burnout

How Stress Impacts Your Brain & Overcoming Burnout

As the days get "shorter" it can be harder to stay productive and positive into the Winter season. Many of us are spending more time than ever in our homes and the looming cold weather is sure to keep us there. So how do we combat the tiredness, fatigue, and...

Do blue light glasses really work?

Do blue light glasses really work?

Blue light glasses have been increasingly popular over the last few years. Now readily available by major retailers they're easy to come by whether you have prescription lenses or perfect 20/20 vision. Advertised to reduce eye strain and damage from blue light emitted...

Inside the Mind of a Hacker – Secrets they don’t want you to know

Inside the Mind of a Hacker – Secrets they don’t want you to know

As we close out Cyber Awareness month we wanted to give you an inside look into the mind of a hacker. We've outlined the 3 techniques that hackers don't want you to know and how QSG can keep your data secure. Want to see more inside a hacker's mind? Stay tuned as...

Stay Up to Date With The Latest News & Updates

Referral Program

Interested in recommending us to your friends and family? Take advantage of our referral program where you’ll both save!*

Join Our Newsletter

Subscribe to get the latest tech news, QSG solutions, and more to your inbox

Follow Us

Connect with us on social media