IT NEWS: Microsoft Basic Authentication Disabled 10/1/2022
Effective October 1, 2022, Microsoft will begin turning off Basic authentication as planned for Outlook, Exchange Web Services (EWS), Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP), and Remote PowerShell (RPS). WPI cannot delay decommissioning.
Basic authentication means the application sends a username and password with each request, and those credentials are also often stored or saved on the device, which is a serious security vulnerability. Also, in most cases, Multi-Factor Authentication (MFA) is not possible with Basic authentication. Most modern 3rd party email clients support modern authentication (OAUTH).
SMTP Auth will not be disabled.
Impacted services include, but are not limited to:
- Any email client that uses POP or IMAP
- Native email clients on iOS or Android
- Outlook 2016 for Mac and Outlook 2013/2010 for Windows
- Versions older than Thunderbird 78
- Non-GUI clients (e.g., Pine)
More information and instructions from the WPI Hub on connecting to WPI email:
- How to Forward Mail
- WPI Email on an Android Device
- WPI Email on an iPhone/iPad
- Basic authentication decommissioning
Microsoft’s full announcement from September 2021 Update
Questions? Contact the IT Service Desk at firstname.lastname@example.org