MC467901: Basic Authentication Deprecation in Exchange Online – Autodiscover Protocol

In the coming weeks, we’re going to turn off Basic authentication for the Autodiscover protocol in Exchange Online.

Timeline and Scope

As we have communicated multiple times over the past few years and with multiple Message center posts, we began to turn off Basic authentication for several protocols in our worldwide multi-tenant service on October 1, 2022.

Next, we intend to block Basic auth to the Autodiscover service, which is typically used by Outlook, Exchange ActiveSync, and Exchange Web Services apps to help them automatically configure and connect.

Once Basic auth is disabled in your tenant, there’s no reason to keep Autodiscover Basic auth enabled, so we plan on disabling it to further protect your tenant. We will do this during the next few months. If you re-enabled Basic auth in your tenant, or took the option to request more time, we’ll turn off Autodiscover after that extension has expired.

What should I do to prepare for this change?

Once Basic auth for is permanently disabled, there’s no additional impact from disabling Basic auth for Autodiscover. We will only disable Autodiscover in your tenant when Basic auth for all other protocols has been permanently disabled.

As with all the other impacted protocols, we’re not turning off the protocol itself, only the ability to authenticate to the protocol using nothing more than a username and password.

To understand more about this change please read our blog (Basic Authentication Deprecation in Exchange Online – What’s Next).

Message ID: MC467901
Published: 2022-11-17
Updated: 2022-11-17
Product: Exchange, Outlook
Platform: Online, Web, World tenant