Security News > 2022 > December > Microsoft will turn off Exchange Online basic auth in January
Microsoft warned today that it will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security.
"Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope," The Exchange Team said on Tuesday.
"Soon after basic auth is permanently disabled, any clients or apps connecting using Basic auth to one of the affected protocols will receive a bad username/password/HTTP 401 error."
CISA also urged government agencies and private sector organizations using Microsoft's Exchange cloud email platform in June to speed up the move from legacy auth methods without multifactor authentication support to modern auth alternatives.
These protocols will be disabled for basic auth use permanently during the first week of January 2023, with no way of re-enabling it again.
Microsoft says it has already disabled basic auth in millions of tenants that weren't using it and toggled off unused protocols within tenants still using it to protect them from attacks exploiting this insecure login scheme.