Security News > 2021 > September > Microsoft will disable Basic Auth in Exchange Online in October 2022
Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users.
"Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage," the Exchange Online Team said earlier this week.
Microsoft already began disabling basic auth in June for tenants who weren't using it and also explained how customers could re-enable protocols inadvertently affected.
To disable Basic Authentication in Exchange Online before Microsoft fully decommissions it, you need to create and assign auth policies to individual users using the steps detailed on the Exchange Online support website.
"Disabling Basic Authentication and requiring Modern Authentication with MFA is one of the best things you can do to improve the security of data in your tenant, and that has to be a good thing," Microsoft said two years ago when it revealed modern auth will be enforced across Exchange Online tenants.
After modern auth is toggled on, enabling and enforcing MFA will become more straightforward, with improved data security in Exchange Online as a direct and immediate result.