Basic Authentication and Exchange Online AMA

Yes, in theory that'll start happening on Nov 1, i.e. blocking of older/unsupported Outlook versions/builds (it takes time to deploy any such changes globally in service). Outlook users should be using minimum required versions/builds or best, the latest versions/builds to connect to their Exchange Online mailboxes in M365, as mentioned in the blog post linked below. With that said, getting to older builds of Outlook 2013 and 2016 users will take some time, as we plan to start with Outlook 2007 & 2010, as those two versions have been out of support since 2017 & 2020 respectively. https://techcommunity.microsoft.com/t5/microsoft-365-blog/new-minimum-outlook-for-windows-version-requirements-for/ba-p/2684142

Hey Andrew - you're right that the device will stick to Basic even through upgrades if it was initially set up with Basic, unless you remove and re-add the account. We are working on a solution with Apple (and Google) as it happens, but I can't share more than that at this time. In the meantime, and in case that doesn't work out, the solution of removing and re-adding the account is the way to go.

Hi Stefano, we do know that we have a gap in our documentation on this and are working on filling it, that said we have seen usage with Azure Application Proxy (AAP) and OWA/ECP and it has worked but we have not seen AAP and Outlook working in this scenario.

Hi Jamie, this is for connectivity in general. POP and IMAP are not included in the report, unfortunately because no logging exists that exposes the encryption protocol version used for POP & IMAP clients. To capture this information, you may need to capture network trace logs from your server. See https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-server-tls-guidance-part-2-enabling-tls-1-2-and/ba-p/607761 for documentation on this.

All versions of Outlook which uses Basic auth. Following blog post should help: https://techcommunity.microsoft.com/t5/exchange-events/basic-authentication-and-exchange-online-ama/ev-p/2810758

Hi Gavin, Please take a look at this documentation - https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps Step 2 in the appendix is about assigning API permissions to access Exchange Online for an application created in Azure AD.

https://docs.microsoft.com/en-us/graph/auth/auth-concepts and https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access could be very helpful here

Yes, there will be Message Center posts (notifications) for those tenants, who will experience temporary disabling of Basic auth.

You can now go directly to the Basic Auth self-help diagnostic by simply going to http://aka.ms/DiagEnableBasicAuthinEXO or you can open the Microsoft 365 admin center and click the green Help and support button in the lower right hand corner of the screen. The full information is located here: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

Hey everyone, I am Rob a Support Engineer with the Exchange Customer Support Team happy to help answer your questions.

Hey everyone, I'm Luberth from the Microsoft Graph CPx team. Here to learn from my team and if possible share my knowledge at the same time

Hi everyone, I'm Navin Gupta, PM in Exchange PowerShell Team. Here to answer what I can !

Hey Massimo, you can also use Auth Policies to do this - https://docs.microsoft.com/en-us/powershell/module/exchange/new-authenticationpolicy?view=exchange-ps You can set up a policy to block just POP and IMAP if you want to. You can also do this in Microsoft Admin Center - Org Settings, Modern Auth, the checkboxes there.

Adding some notes here. I have a few companies (5000-10000 mailboxes each) without CA because they don't have AADP1. Any additional test to evaluate the impact in advance?