For example, OAuth access tokens have a limited lifetime and are specific to the applications and resources for which they are issued. That means they cannot be reused by would-be attackers.

Time to say goodbye to Basic Authentication

The world of IT security continues to evolve in the face of increasingly sophisticated threats and tenacious bad actors. Unfortunately, attackers have been able to exploit Basic Authentication and capture user credentials for their nefarious purposes. The world is moving toward ubiquitous use of multifactor authentication, but enforcement can often be difficult or impossible when an application is still using Basic Authentication.

Microsoft is removing Basic Authentication from Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. There will be no change for Microsoft applications already using Modern Authentication including SharePoint, OneDrive, and Microsoft Teams.

Modern Authentication and MigrationWiz

For MigrationWiz, the sunsetting of Basic Authentication has minimal implications. Modern Authentication will be the default method of authentication. The change means better security during migrations including the ability to deploy zero trust security strategies.

Microsoft has details about the deprecation of Basic Authentication on their website. Recently they announced that tenants can re-enable Basic Authentication once between October 1 and December 31, 2022. At BitTitan we want to ensure all partners and customers have the information they need to continue managing secure, fast, and smooth migrations. Contact us if you have questions about how this change will impact your upcoming projects.