Starting on October 1st, 2022, Microsoft will be removing the ability to connect into Office 365 using legacy authentication methods. This affects the native mail application on both iPhone and Android, as well as several other connection methods like printers, scanners, and line-of-business applications.
Some folks aren’t comfortable with change, but this is a very good thing as Microsoft continues to promote and provide more secure tools for businesses.
What does this mean for mobile device users?
People with “older” Android or iPhone devices that connect to Office 365 for email may require some form of an upgrade. From Microsoft, the recommended app for this is the modern and OS-appropriate Microsoft Outlook.
Here is a link to install the latest version:
https://www.microsoft.com/en-us/microsoft-365/outlook-mobile-for-android-and-ios
The links below provide step by step instructions on how to configure your mobile device:
- Android: https://support.microsoft.com/en-us/office/set-up-email-in-the-outlook-for-android-app-886db551-8dfa-4fd5-b835-f8e532091872
- iOS: https://support.microsoft.com/en-us/office/set-up-an-outlook-account-in-the-ios-mail-app-b2de2161-cc1d-49ef-9ef9-81acd1c8e234
These changes only take about five (5) minutes to execute, and it is well worth your time to do it now, rather than wait, forget, and lose access to email.
Here are some other notes and bullets relevant to the various deployments impacted:
- Office 365 environments with tenants created after 10/22/2019 default to basic authentication already disabled (yay, nothing to do here)
- IOS version 15.6+ supports modern authentication for the ‘Mail’ app
- Across most platforms, a deployment hack that works well: removing and reinstalling your profile (which upgrades the authentication method in the background)
- Consider this a proper time to upgrade to a modern mobile device
What does this mean for other devices and line-of-business applications?
Network scanners, printers, line-of-business applications, and other devices that send emails using/connect to Microsoft 365 may be impacted by disabling basic authentication. Some fairly old school connectivity via SMTP, POP3, and IMAP defaulted to using basic authentication; these types of deployments will stop working once that protocol is disabled.
Check all your custom and 3rd-party applications! Writing code at the last minute won’t serve you well.
Take the time to review your environment (servers, printers, scanners, 3rd party applications/utilities, homegrown applications, etc.) to understand the impact and potential required changes. If you have the expertise, you can review Azure Active Directory logs to identify usage of the legacy authentication methods within your network. If you are clueless as to where to start, if you get email notifications, triggers, tasks, or documents from any source, that source is a good place to start.
If you subscribe to IMS help desk services, we are already reviewing your configurations. If you aren’t our partner, you can still get help from us by contacting an account executive, technical account manager, or scheduling a consultation.
Extending beyond modern authentication
Going with modern deployments is definitely one way to continue a proactive stance on security, but that should not be a business’ last precaution. Modern authentication will be the basic, default protocol, but there are still better ways to protect and secure your communications, employees, and data. Modern security best practice deploys multiple layers of security (not just improved authentication methodology). Multifactor authentication (MFA), identity access and management (IAM), conditional access, proper password policies, and the like go beyond authentication and add process and procedure that develop additional layers of security.
Additional resources
- https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
- https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
- https://techcommunity.microsoft.com/t5/exchange-team-blog/microsoft-and-apple-working-together-to-improve-exchange-online/ba-p/3513846
- https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
