Security News > 2022 > June > CISA warns orgs to switch to Exchange Online Modern Auth until October
CISA has urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform to expedite the switch from Basic Authentication legacy authentication methods without multifactor authentication support to Modern Authentication alternatives.
Basic Auth is an HTTP-based auth scheme used by apps to send credentials in plain text to servers, endpoints, or online services.
According to CISA's guidance, this can be done either by creating an authentication policy for all Exchange Online mailboxes from M365 Admin Center's Modern Auth Page or a Conditional Access policy in Azure Active Directory using the AAD Admin Center.
"Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA.".
Microsoft first announced that it would disable Basic Auth in Exchange Online for all protocols in all tenants in September 2021.
A Guardicore report published in September 2021 further highlights the importance of moving Exchange Online users away from basic auth.