Just to let you know that Microsoft will soon stop supporting Basic Authentication, which is a way of logging on to your mail when using a mail client. Anyone connecting to Exchange Online or Office365 mail account will need to have an updated way of authenticating, using Microsoft’s Modern authentication.
While this change is officially planned for 1st October 2022, we understand that MSFT have already begun switching off Basic Auth for a number of their customers. This means that some of our customers are already reporting that they can’t log on to their mobile mail.
Basic Authentication is an older version of the password exchange for Microsoft platforms, and a less secure mechanism. It is being replaced with the Microsoft implementation of Modern Authentication (OAuth), which is the newer and more secure version of authentication to Microsoft platforms.
- Our Secure Mobile mail client can already support Modern Authentication, so customers just need to reconfigure their Workplace policy.
- For other mail clients it will be necessary to modify the device policy, on the ActiveSync settings page.
- On the platform side, there may be further actions to take, including disabling Basic Auth / configuring Modern Auth, on the mail platform (Exchange Online or Office365), or on Azure AD.
Customer action required
This is a list of the potential steps needed depending on mail platform and clients used.
Provided you are using a Microsoft platform and your users are logging on to mail via mobile devices, the changes below will probably be needed at some stage.
- Platform side: Azure AD – registering MaaS360 Secure Mobile Mail client as an app
- If you need to modify settings on for example Exchange Online, please see Microsoft document below.
You will also need to change the settings on your MaaS360 device and/or Workplace policies, to support this change.
MaaS360 Mail - change Workplace policy settings for Secure Mobile Mail client
Other mail client (non-Microsoft Outlook) – change device policy settings to configure native mail clients (iOS native mail, Android mail for up to And.7 or Gmail for And.8+)
Microsoft Outlook mobile client, managed via MaaS360 (in App Catalog and distributed)
If you already use, or are planning to use AppConfig, there is a field Secure Authentication type in the configuration that you can change. If you need more information about this check out my previous blog: https://community.ibm.com/community/user/security/blogs/eamonn-omahony/2021/01/29/appconfig-and-oemconfig
- Official notification of deprecation of Basic Auth in Exchange Online.
While this document does recommend Outlook as the exclusive mail client, as above our mail client can also support Modern Auth.
- The blog below gives a very good overview of the change.
- Microsoft documentation on configuring modern authentication
Any questions or comments, let me know.