Microsoft Making Changes to Email Authentication

December 14, 2023

[avatar user="Jamie Poindexter" size="thumbnail" align="left" link="file" /] byJamie Poindexter|Oct 12, 2022|Jamie's Tech Corner,Our blogAre you having issues getting emails this week? If so, you are not the only one. Microsoft has begun pulling the plug on the basic authentication for it’s Office 365 email services. Basic auth has been around a long time. You will recognize it as the basic windows login box asking for a email and password when you are setting up a device to connect to email.

The replacement for this is modern authentication and looks like this:

The benefit to the modern method is security. No more insecure app passwords laying around since basic auth does not support MFA. Modern auth can send text or app popups to mobile devices to authenticate securely. The downside is some 3rd party apps do not support modern auth so they have stopped working or when they were initially setup they used basic auth so they need to be reconfigured to use the new method. That fix is simple, for IOS devices just remove the account and re add it as an exchange account and it will use the new UI that looks like the above screenshot. If the mobile device is not using the new method, you will want to check it’s up to date, or you can also install the Official Outlook app from the Play/IOS app store and access it that way. If you are using a app that does not support the modern auth and you are in a time crunch to get things working again it is possible to re-enable basic auth temporarily. You must be a global admin on the tenant and sign into the admin center. In the bottom right click on the “Help & Support” button.

Now in the search box enter this keyword – “Diag: Enable Basic Auth in EXO” and click search

This will trigger a diag tool like below

Click on run tests and wait for it to finish

You will then get a dropbox with the option to enable the protocol you need for the app/service

If you need multiple enabled, you can re-run the test and enable each one at a time.The caveat is this fix is only good till Jan 1st and then it will be forced back on and you will not be able to turn basic auth back on. This will at least give you some time to update or fix the devices that are using the old protocol.