Microsoft Warns the End of Basic Auth in Exchange Online Is Almost Here

Microsoft announced back in 2019 that Basic Authentication in Exchange Online would be turned off this year, and the company strongly recommended customers to switch to Modern Authentication as soon as possible.

Now the software giant is warning that the deadline is just around the corner, as the company would start turning off Basic Authentication in Exchange Online for all tenants on October 1.

Microsoft says millions of users have already made the switch to Modern Authentication, and of course, the company is warning of the security implications of sticking with the old security tech.

“Securing email has never been more critical. Email remains essential for sales, productivity, and confidential communication in business, and using Basic Authentication puts companies at greater risk of data breaches and disruption of email. There are 921 password attacks every second, almost doubling the frequency of attacks from 2021. In addition, the FBI’s Internet Crime Complaint Center (IC3) received 19,954 business email compromise (BEC) and email account compromise (EAC) complaints with adjusted losses at nearly USD2.4 billion,” Microsoft explains.

The company also explains that it conducted its own research and found out that many attacks actually try to take advantage of Basic Authentication, so upgrading to Modern Authentication is an easy way to remain protected.

“Our own research found that more than 99 percent of password spray attacks leverage the presence of Basic Authentication. The same study found that over 97 percent of credential stuffing attacks also use legacy authentication. Customers that have disabled Basic Authentication have experienced 67 percent fewer compromises than those who still use it,” the company explained.

The deprecation of Basic Authentication in Exchange Online will begin on October 1, so customers still have approximately one month to implement Modern Authentication before the deadline is reached.