MC441534: Basic Authentication – Monthly Usage Report – September 2022

We’re making some changes to improve the security of your tenant. We announced in 2019 that we would be retiring Basic Authentication for legacy protocols, and in September 2021, we confirmed that we would begin to disable Basic Authentication for in-use protocols beginning October 2022.

We previously communicated this change via Message Center: MC191153 (Sept. ‘19), MC204828 (Feb. ‘20), MC208814 (April ‘20), MC237741 (Feb. ‘21) and MC286990 (Sep. ’21).

You can always read the latest information about our plans to turn off Basic Authentication here.

Based on our telemetry, there may be some users in your tenant currently using Basic Authentication and we expect these users to be affected when these changes take place.

In the month of September, we detected the following usage:

• Exchange ActiveSync: 89
• POP: 0
• IMAP: 0
• Outlook Windows: 0
• Outlook for Mac/Exchange Web Services: 0
• Exchange Remote PowerShell: 0

Please note these numbers only reflect the count of unique users who have successfully authenticated to these services in the specified month, they do not reflect successful access to mailboxes or data (for example, a user may authenticate using IMAP, but may be denied access to the mailbox due to configuration or policy).

If you want to block users or apps being able to authenticate at all using legacy protocols, we recommend using Authentication Polices.

To investigate this usage further, we recommend you use Azure AD Sign-in Reports which can provide detailed user, IP and client details for these authentications.

Message ID: MC441534
Published: 2022-10-15
Updated: 2022-10-16
Platform: Android, Developer, iOS, Mac, mobile, Online, Web, World tenant