Microsoft Starts Disabling Basic Authentication on October 1st, 2022

By Jeyakumar Durai (JD)
Cloud Architect

Microsoft has announced that October 1st, 2022, is the deadline for the deprecation of “Basic Authentication” usage in M365 tenants. There will be a tenant “Message Center” notification posted seven days prior to October 1st informing customers that “Basic Authentication” will be disabled on any services configured to use it.

What if “Basic Authentication” is not disabled on all services and applications by October 1st, 2022?

Though the original announcement from Microsoft said that administrators will not be able to re-enable “Basic Authentication” post October 1st, 2022, the latest announcement states that administrators would be able to “opt-out” from “Basic Authentication” disablement in the month of September or given the ability to “re-enable” “Basic Authentication” on tenant services starting October 1st, 2022, until January 1st, 2023.

If M365 administrators would like to take advantage of this “extended period” to review and depreciate the use “Basic Authentication”, administrators will need to run the diagnostics in the admin portal to “opt-out” from the “Basic Authentication” deprecation. “Running Diagnostics” to “opt-out” of disabling “Basic Authentication” will be available starting in September 2022 on all tenants. If Administrators fail to “opt-out” in September and Microsoft disables  “Basic Authentication,” administrators can still re-enable the “Basic Authentication” protocols until January 2023.

Important note: Microsoft has archived all historical “opt-out” and “re-enable” “Basic Authentication” requests. Administrators will need to submit a new request to opt-out or to re-enable “Basic Authentication” in their tenants again starting September 2022 even if such a request was issued in the past.

How to opt-out from Microsoft disabling the “Basic Authentication” in the tenant?

  1. Open the “Help & Support” from your M365 Admin portal home page.
  2. Type Diag: Enable Basic Auth in EXO and click the arrow button next to it. (Do not hit the “Enter” key here as it will not work)
  3. Once the Diagnostics is complete, select the Protocols from the drop-down that you want to keep “Enabled” and click on “Update”

What if you have not used the “opt-out” option in the month of September and “Basic Authentication” is disabled on October 1st, 2022?

  1. Open the “Help & Support” from your M365 Admin portal home page.
  2. Type Diag: Enable Basic Auth in EXO and click the arrow button next to it. (Do not hit the “Enter” key here as it will not work)
  3. Once the Diagnostics is complete, select the protocols/services to re-enable from the drop-down and click on “Update Settings.” Please note that re-enabling “Basic Authentication” in the tenant may take few hours to reflect.

Both “opt-out” and “re-enable” requests are valid only until January 1st, 2023. After January 1st, 2023, Microsoft will permanently disable “Basic Authentication” in all tenants without the option for administrators to re-enable.

Though the three month “extended period” from Microsoft does provide some breathing room for administrators to review the effect of deprecating “Basic Authentication.” Taking into consideration the upcoming Holiday season, we highly encourage all clients to act as soon as possible and migrate away from “Basic Authentication.”

For additional information please reference this blog which outlines procedures and what to look for when disabling “Basic Authentication” on services in your tenant.

Helient strongly recommends taking the necessary steps to verify “Basic Authentication” usage on services and applications in your organization and upgrade/enforce “Modern Authentication” prior to the October 1, 2022, deadline.

If you would like more information or assistance, please contact our industry-leading experts at service@helient.com.