Microsoft have announced that they will be disabling basic Authentication based connections to Exchange online. Basic Authentication means that the client application passes the username and password with every request. Although simple to setup and use, Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials and increases the chance of credential re-use against other endpoints or services. The announcement by Microsoft is that they will be disabling basic authentication by end of October 2020. This means that new or existing applications using one or more of these API’s/protocols will not be able to use Basic Authentication when connecting to Office 365 mailboxes or endpoints and will need to update how they authenticate.

What you Need to do

You will need to perform the following action to ensure your application now supports OAuth 2.0 when connecting to Exchange online mailbox:

• If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication.

• Reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication

The deadline for making changes to you application to support OAuth 2.0 is by end of June 2021.