We will randomly select tenants, send 7-day warning Message Center posts (and post Service Health Dashboard notices), then we will turn off Basic Auth in the tenant. To be clear, we will start on October 1 this is not the date we turn it off for everyone. We’ve disabled Basic Auth in millions of tenants that weren’t using it, and we’re currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Auth enabled, you are at risk from attack.Īs we communicated last year in blog posts and Message Center posts, we will start to turn off Basic Authentication in our worldwide multi-tenant service on October 1, 2022. Since there are a lot of customers still using Basic Auth, we wanted to re-state the scope and implications of this change, and to answer some of the common questions we get.Īs a reminder, Basic Auth is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing. Since we announced the Octodeadline last year we’ve seen great progress from customers and partners as they move their clients and apps from basic to Modern Authentication. In about 150 days from today, we’re going to start to turn off Basic Auth for specific protocols in Exchange Online for those customers still using it. Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
0 Comments
Leave a Reply. |