Microsoft announced that on October 1, 2022, Basic Authentication would be permanently disabled in Microsoft 365 for all organizations. While Basic Authentication relies solely on a username and password and is simple and convenient, it poses serious security risks for users and the University.
While most UWindsor IT systems and software support Modern Authentication, some older systems and software versions still depend on the legacy Basic Authentication. One of these systems is Microsoft Exchange and Outlook (part of Microsoft Office). This change will affect anyone who may be using a mobile device that is still relying on the Basic Authentication to access email, or anyone who is still using an older and unsupported version of Microsoft Office.
Affected User Categories
If you have accessed Microsoft 365 services using Basic Authentication in the last 30 days, we sent you an e-mail message to let you know that you need to take action to avoid the loss of access. Users who will be affected by this change fall into one of these categories:
- iPhone and iPad Apple operating systems (iOS) users
Those who use the native mail app (including contacts and calendars apps) that has not been updated to Modern Authentication.
Actions:
Update the iOS before October 1, 2022. Follow the prompt to switch from Basic to Modern Authentication when installing iOS update to version 15.6. It may take up to two weeks for the notification. To speed up this process, go to Settings > Mail > Accounts, select the UWindsor account and then tap "Re-enter Password".
Alternatively, remove the University's Office 365 account from the device and then add it back by following the steps in this knowledge base article.
Or, install the Outlook app for free from Apple's App store (recommended).
Those who use the Android device’s native mail app configured to access mail, calendar or contacts.
Actions:
Due to the wide variety of Android devices, operating systems (OS) versions, and vendor customization, check to see if the Android mail/calendar/contacts app supports Modern Authentication.
Or, install the Outlook app for free from the Google Play Store (recommended), especially in the case where the phone’s vendor does not support Modern Authentication.
- Older versions of Microsoft Office users
Those who have Outlook 2007, 2010 and 2013 installed on their computer.
Action:
Replace the older version with the latest supported version of Outlook 365 (active employees and students) or use the web version of Outlook (alumni and retirees).
- Printers, copiers, and other applications that connect to Exchange Online with Basic Authentication
Devices that use Basic Authentication to access a mailbox and read mail will not work after October 1 unless they have a newer protocol called OAuth.
Action:
Administrators of these devices and apps will need to make configuration changes.
Note that sending emails using SMTP is not affected. IT Services informed those responsible for supporting these devices.
The following protocols using Basic Authentication will be turned off:
- IMAP4
- POP3
- Exchange Web Services
- MAPI
- RPC
- Remote PowerShell
- ActiveSync
- Office Address Book
Additional Resources