We have turned off SMTP AUTH for millions of tenants not using it, but if SMTP AUTH is enabled in your tenant, it’s because we see usage and so we won’t touch it. We’re turning off Basic Auth for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, and Remote PowerShell. You should therefore be ready by October 1. We expect to complete this by the end of this year. We will randomly select tenants, send 7-day warning Message Center posts (and post Service Health Dashboard notices), then we will turn off Basic Auth in the tenant. To be clear, we will start on October 1 this is not the date we turn it off for everyone. We’ve disabled Basic Auth in millions of tenants that weren’t using it, and we’re currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Auth enabled, you are at risk from attack.Īs we communicated last year in blog posts and Message Center posts, we will start to turn off Basic Authentication in our worldwide multi-tenant service on October 1, 2022. Since there are a lot of customers still using Basic Auth, we wanted to re-state the scope and implications of this change, and to answer some of the common questions we get.Īs a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Since we announced the Octodeadline last year we’ve seen great progress from customers and partners as they move their clients and apps from basic to Modern Authentication. In about 150 days from today, we’re going to start to turn off Basic Auth for specific protocols in Exchange Online for those customers still using it.
0 Comments
Leave a Reply. |