{"id":3419,"date":"2019-09-20T07:00:12","date_gmt":"2019-09-20T14:00:12","guid":{"rendered":"https:\/\/developer.microsoft.com\/en-us\/office\/blogs\/?p=3419"},"modified":"2021-10-18T11:04:42","modified_gmt":"2021-10-18T18:04:42","slug":"end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers\/","title":{"rendered":"End of support for Basic Authentication access to Exchange Online API\u2019s for Office 365 customers"},"content":{"rendered":"<p>For many\u00a0years we\u2019ve supported Basic Authentication\u00a0based connections\u00a0to Exchange\u00a0Online.\u00a0Basic Authentication\u00a0means that the client application\u00a0passes\u00a0the\u00a0username and\u00a0password with every request.\u00a0Although simple to setup and use,\u00a0Basic Authentication makes it easier for attackers armed with today\u2019s tools and\u00a0methods to\u00a0capture users\u2019\u00a0credentials\u00a0and\u00a0increases the chance of\u00a0credential re-use\u00a0against other endpoints\u00a0or services.<\/p>\n<p>Over time, we\u2019ve introduced\u00a0Modern Authentication, which is based upon\u00a0OAuth 2.0 for authentication and authorization. Modern Authentication is\u00a0a more secure\u00a0method\u00a0to access data as\u00a0compared to\u00a0Basic Authentication.\u00a0Last year,\u00a0we\u00a0<a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/blogs\/outlook-rest-api-v1-0-basicauth-deprecation\/\">decommissioned<\/a>\u00a0Basic Authentication on Outlook REST API\u00a0and\u00a0<a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/blogs\/upcoming-changes-to-exchange-web-services-ews-api-for-office-365\/\">announced<\/a>\u00a0that on October 13th, 2020 we will stop supporting Basic Authentication for\u00a0Exchange Web Services (EWS)\u00a0to access Exchange Online.<\/p>\n<p>Today, we are announcing that on October 13th, 2020 we will stop supporting\u00a0and\u00a0retire\u00a0Basic Authentication\u00a0for Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP),\u00a0and Remote PowerShell (RPS)\u00a0in Exchange Online. This means that new or existing\u00a0applications\u00a0using one or more of these API\u2019s\/protocols will not be able to use Basic Authentication when connecting to\u00a0Office\u00a0365 mailboxes\u00a0or endpoints\u00a0and will need to update how they\u00a0authenticate.<\/p>\n<p>Please note this change does not affect SMTP AUTH\u00a0and\u00a0we will continue\u00a0to\u00a0support\u00a0Basic Authentication for\u00a0it\u00a0in Exchange Online\u00a0at this time.\u00a0With the\u00a0large\u00a0number of\u00a0solutions,\u00a0devices,\u00a0and appliances that use SMTP for sending mail\u00a0we\u00a0are working on ways to further secure SMTP AUTH and\u00a0will\u00a0continue to update you as we make progress.\u00a0This change\u00a0also\u00a0does not\u00a0impact\u00a0on-premises\u00a0versions\u00a0of\u00a0Exchange\u00a0Server\u00a0and only applies to Exchange Online.<\/p>\n<p>To make it easier to migrate your existing applications to use OAuth\u00a02.0, we are making significant investments\u00a0to our service\u00a0that\u00a0include OAuth 2.0\u00a0support\u00a0for POP, IMAP,\u00a0and background application\u00a0support\u00a0for\u00a0Remote\u00a0PowerShell\u00a0MFA module.\u00a0We will be sharing more information\u00a0on these new features\u00a0over the\u00a0coming\u00a0months.\u00a0For more information on OAuth 2.0 and\u00a0details on how to make the transition, please refer to the following articles:<\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/develop\/v2-overview\">Microsoft identify\u00a0platform\u00a0(v2.0) overview\n<\/a><a href=\"https:\/\/developer.microsoft.com\/en-us\/graph\/docs\/concepts\/auth_overview\">Getting started with OAuth2 for Microsoft Graph<\/a><\/p>\n<p>We understand changes like this may cause some inconvenience, but we are confident it will\u00a0enable\u00a0more secure experiences for our customers.\u00a0Thank you for\u00a0helping to\u00a0update\u00a0and\u00a0secure\u00a0your\u00a0integrations with Exchange Online and Office 365.\u00a0We\u00a0remain committed to empowering\u00a0developers to build innovative, secure\u00a0applications on Office 365\u00a0and we strongly\u00a0encourage\u00a0you embrace\u00a0Microsoft Graph\u00a0and OAuth 2.0\u00a0to access Exchange Online data and gain access to the latest features and functionality.<\/p>\n<p>Reach\u00a0out to us on stack overflow\u00a0with the tag\u00a0[exchange-basicauth]\u00a0if you have questions\u00a0around migrating away from Basic Authentication.<\/p>\n<p>The Exchange\u00a0Team<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today, we are announcing that on October 13th, 2020 we will stop supporting and retire Basic Authentication for Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP), and Remote PowerShell (RPS) in Exchange Online. This means that new or existing applications using one or more of these API\u2019s\/protocols will not be able to use Basic Authentication when connecting to Office 365 mailboxes or endpoints and will need to update how they authenticate.<\/p>\n","protected":false},"author":69107,"featured_media":25159,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3,11],"tags":[12],"class_list":["post-3419","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-graph","category-office-add-ins","tag-outlook"],"acf":[],"blog_post_summary":"<p>Today, we are announcing that on October 13th, 2020 we will stop supporting and retire Basic Authentication for Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP), and Remote PowerShell (RPS) in Exchange Online. This means that new or existing applications using one or more of these API\u2019s\/protocols will not be able to use Basic Authentication when connecting to Office 365 mailboxes or endpoints and will need to update how they authenticate.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/3419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/users\/69107"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/comments?post=3419"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/posts\/3419\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media\/25159"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/media?parent=3419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/categories?post=3419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/microsoft365dev\/wp-json\/wp\/v2\/tags?post=3419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}