Home  >   Articles   >  Basic Authentication Deprecation by Microsoft Exchange Online
Articles in this section

Basic Authentication Deprecation by Microsoft Exchange Online

This is for you if you are a Vtiger CRM user and use Office 365 business account to configure your inbox in the CRM.
A
Abdul Sameer
4 Apr, 2024 - Updated 8 months ago
Table of Contents

Introduction

Effective from October 2022, Microsoft will start to randomly select tenants and disable basic authentication access for specific protocols (MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell) in Exchange Online for its users.

Effectively, Microsoft will permanently disable all basic auth protocols during the first week of January  2023. There will be no possibility of using basic auth after that.
To avoid disruption of services, you can select and run diagnostics on the required protocols before the end of September 2022. Selected protocols (specified by you) will stay enabled for basic auth use until the end of December 2022. 

Why is Microsoft Disabling Basic Auth?

Microsoft is seeing that accounts are being hacked by leveraging basic authentication (basic auth). Microsoft is disabling basic auth to protect your data and accounts from being hacked. 

How does it Impact Vtiger Users?

Email is a vital service for many customers, and turning off basic auth could impact their business. 
As Vtiger CRM uses basic auth for Microsoft’s Exchange Online protocols, the deprecation of basic auth impacts  Inbox services. It stops the  Mail Sync tool from recording emails sent through the Inbox. This may cause difficulty keeping track of your team's emails with your leads.
 Vtiger is working on a custom authentication system that will be effective soon. Until then, we have a temporary solution for you.  You can use Microsoft’s self-service diagnostic to re-enable basic auth for the required protocols till the end of December 2022.

 
Note
  • Microsoft will not disable or change any SMTP AUTH settings.
  • Self-service diagnostic to re-enable basic auth is only allowed once per protocol.
  • Regardless of re-enablement, basic auth will be disabled permanently from January  2023.

Key Terminology

Exchange Online Exchange Online is the cloud version of the on-premise Exchange Server, an email server from Microsoft.
Basic Authentication  Basic authentication or basic auth in Exchange Online uses a username and a password for client access requests.
Protocols Exchange Server primarily used a proprietary protocol called MAPI to talk to email clients but subsequently added support for POP3, IMAP, and EAS. The standard SMTP protocol is used to communicate with other Internet mail servers.
Self-service Diagnostic This tool can be used by portal customizers to quickly resolve common issues and reduce the amount of time spent on diagnosing the issues.
Mail Sync Mail Sync is a powerful tool that allows you to connect your business inbox to Vtiger CRM. Once enabled, any email you send through that inbox will be recorded.

Re-enabling Basic Auth

You can re-enable non-opted protocols till the end of December 2022. Once the self-service diagnostic is run, basic auth will be re-enabled for these protocols. 

What are the Diagnostic Options

Following are the two self-service diagnostic options available to enable basic auth for the protocols:
  • Opting out protocols for basic auth
  • Re-enabling basic auth for protocols

Opting Out Protocols for Basic Auth

You will be able to select protocols that can be opted out only till the end of September 2022.
If you submit the opt-out request in September, Microsoft will not be disabling basic auth for these opted-out protocols in October, and you will be able to use them till the end of December 2022.
Follow these steps to run self-service diagnostics for opt-out selected protocols: 
  1. Click Diag: Enable Basic Auth in EXO to open diagnostic in the Microsoft 365 admin center if you’re a tenant Global Admin.
Or
  1. Log in to Microsoft 365 admin center
  2. On the home page, click Help & Support  on the bottom right corner of the screen. Microsoft's self-help system opens.
  3. In the Search field, type the phrase ‘Diag: Enable Basic Auth in EXO’.
  4. Click Search.
  5. Select the required protocol from Protocol to Opt Out drop-down.
  6. Enable the  Acknowledgement checkbox.
  7. Click Update.
Note: You can re-run the diagnostics for multiple protocols.

Re-enabling Basic Auth for Protocols


Starting from October 2022, the diagnostic will allow you to re-enable basic auth only for those protocols it was disabled for. 
If you missed opting out of the protocols during September 2022, and the protocol is disabled for basic auth, you can re-enable it until the end of December 2022.

 

Note: Diagnostics will run automatically when you re-enable the basic auth for a protocol.


Follow these steps to re-enable basic auth for the protocols:
  1. Click Diag: Enable Basic Auth in EXO to open diagnostic in the Microsoft 365 admin center if you are a tenant Global Admin.
Or
  1. Log in to Microsoft 365 admin center
  2. On the home page, click Help & Support  on the bottom right corner of the screen. Microsoft's self-help system opens.
  3. In the Search field, enter ‘Diag: Enable Basic Auth in EXO’.
  4. Click Search.
  5. Select the required protocol from Protocol to Enable drop-down.
  6. Enable the Acknowledgement checkbox.
  7. Click Update.
Note: You can re-run the diagnostics for multiple protocols.
 

Blocking Basic Auth 

If you re-enable basic auth for a protocol and don’t need it anymore, you can block it yourself instead of waiting for Microsoft to do it in January  2023. The quickest and most effective way to do this is to use Authentication Policies that block basic auth connections at the first point of contact to Exchange Online. 
Or
Follow these steps to block basic auth yourself:
  1. Log in to the Microsoft 365 admin center. 
  2. Go to Settings.
  3. Click Org Settings
  4. Click Modern Authentication.
  5. Uncheck the boxes to block basic auth for the protocols you no longer need.
Note: These checkboxes will be disabled when the basic auth for protocols is disabled permanently. They will also be removed after January 2023.
 

Related Articles

Was this article helpful?
1  out of  1  found this helpful.
Comments 0
Be the first to comment
© Copyright 2023 Vtiger. All rights reserved.