skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Security Issues  /  Advisories  /  O365 Basic Authentication Decommissioning

O365 Basic Authentication Decommissioning

November 11, 2020

Microsoft is ending support for Office 365 Basic Authentication on October 1, 2022. This change impacts any email clients relying on Basic Authentication to connect to Exchange email.

What is Basic Authentication?

Basic Authentication is an old authentication method in which the email client passes the username and password with every request. Basic Authentication makes it easier for attackers to capture a user's credentials. Microsoft will stop supporting and retire Basic Authentication for:

  • Exchange Active Sync (EAS)
  • Post Office Protocol (POP)
  • Internet Message Access Protocol (IMAP)
  • Remote PowerShell (RPS)

At the moment, this change does not affect SMTP AUTH, Microsoft will continue to support Basic Authentication for it in Exchange Online.

What is Modern Authentication?

Modern Authentication is the replacement for Basic Authentication. Modern Authentication is a more secure method to access information and it is based upon OAuth 2.0 for authentication and authorization. Modern authentication also supports Multi Factor Authentication. If you are already using Duo, you are already using Modern Authentication.

What email clients/setups are impacted and how can I prepare?

Outlook 2016 for Mac and Outlook 2013 and 2010 for Windows

Microsoft ended support for Office 2016 for Mac and Office 2010 for Windows on October 13, 2020. In addition, Microsoft is no longer working on new features for Outlook 2013 and connectivity to Exchange Online and its features may not be as reliable.

Recommendation: Eligible users should download and install Office via Microsoft 365. Once installed follow the Outlook configuration instructions. Please note that your email will need to be re-downloaded and re-indexed, depending on the size of your mailbox this may take some time.

Windows XP Users: Windows XP is no longer supported by Microsoft as of 2014. Because it is no longer supported, this operating system poses a security risk as it no longer receives security updates. New versions of Office are not available for Windows XP. IMSS encourages Windows XP users to move to a Windows 10 computer. If you have no alternative but to run Windows XP (for example, on an instrument controller), we recommend restricting its network access and NOT using it for routine computing such as email or web access.

Mac Mojave 10.14 and Office: Office 2016 Build 16.12.2 or later will continue to work. However, it is now end of life and it will not receive any security updates. Microsoft recommends updating to Office via Microsoft 365.

Mac Mail

Although Mojave and higher supports Modern Authentication, configurations of Mac Mail copied from older operating systems may be using Basic Authentication. To update to Modern Authentication:

  • Follow the instructions to connect to Exchange
  • Your email will need to be re-downloaded and re-indexed, depending on the size of your mailbox this may take some time
  • Delete your previous Mac Mail email configuration

Thunderbird

Update to Thunderbird 78 or later which supports OAuth2 authentication. Follow the configuration instructions provided by IMSS. Thunderbird 78 is supported for Windows 7, 8 & 10 and Mac 10.9-10.15.

NOTE: Support is not yet available for Exchange Calendar. The Exchange Calendar may be access via Outlook Web.

Native Email Clients on iOS or Android

If you are using the native email client on an iOS/Android tablet or mobile device and have been notified that you are using Basic Authentication, it is likely that you need to:

Option 1

  1. Update the OS on your mobile device or tablet, if needed
  2. Reconfigure the native email client to use modern authentication, following the Apple iOS or Android instructions

Option 2

  1. Update the OS on your mobile device or tablet, if needed
  2. Download and install Outlook Mobile
  3. Once installed log in with your access.caltech username (username@caltech.edu) and password

Non GUI Clients

At this time there is no Modern Authentication support for non GUI email clients like Mutt and Pine. These email clients will stop working when Basic Authentication is decommissioned. You may change to a supported email client and follow these configuration instructions or use Outlook Web.

Add ons

Add-on mail helper apps that do not support Modern Authentication will stop working when Basic Authentication is decommissioned.

Any email client that uses POP or IMAP

POP and IMAP will no longer be supported when Basic Authentication is decommissioned. POP and IMAP users must use a modern email client and follow the recommended email configuration instructions provided by IMSS.

POP Users: IMSS recommends that you contact the Help Desk (https://help.caltech, help@caltech.edu, or x3500) for assistance. Depending on which email client you are using you may need to create a new account configuration using Modern Authentication or you may need to switch to another email client.

It's important to find out which option will work best for you before making any modifications since email saved locally on your computer will not be available on the email server and will not be available when you install and configure a new email client. The Help Desk can help you best determine how to continue to access email saved locally.

IMAP Users: Changing or updating your email client configuration will require creating a new account configuration in your email client. Depending on your mailbox size it may take a while to download and re-index your email. Once the new account has been configured with Modern Authentication and you have confirmed access to your email, you can delete the previous IMAP account.

Outlook Web

If preferred, you may check your email in the browser via Outlook Web. Outlook web requires a current Operating System and browser (usually the latest version and two versions prior are supported.

Windows XP Users: Outlook Web Access is not supported for this Operating System as it is no longer supported by Microsoft. In addition, browsers on this OS can no longer be updated to the latest versions.  IMSS does not recommend using Windows XP on the campus network at all. If you have no alternative but to run Windows XP (for example, on an instrument controller), we recommend restricting its network access and NOT using it for routine computing such as email or web access.

Questions?

For any questions or help request, please contact the Help Desk at help@caltech.edu or x3500.