*For this entry exists the more relevant or more recent entry MC499030
check before: 2022-11-16
Product:
Azure Active Directory, Entra, Entra ID, Exchange, Microsoft 365 Apps, OneDrive, Outlook, SharePoint, Windows
Platform:
Online, Web, World tenant
Status:
Change type:
Admin impact, Retirement, Updated message, User impact
Links:

Details:
Updated March 3, 2023: We have updated rollout timeline below. Thank you for your patience.
Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so we have decided to deprecate it from all tenants.
We will retire this feature in Office Apps version 2209+. Instead, we recommend moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth.
This retirement will not affect Exchange Online and Exchange on-premises. Customers using basic authentication to connect to Exchange on-premises/Exchange Online can continue to use basic authentication without any changes to Exchange.
There is a separate effort to retire Outlook connecting to Exchange Online using Basic Authentication. Please see Exchange Online - September 2022 Update.
Windows files share access is not affected. The underlying authentication layer for file share is NTLM, and there is not change to NTLM. More information is here - Microsoft SMB Protocol Authentication - Win32 apps | Microsoft Learn.
Access to files stored on SharePoint on-premises server that are using basic authentication will be blocked. However, files stored on SharePoint Online, OneDrive for Business are not affected. Customers who currently store files on web servers that use Basic authentication can move those files to SharePoint Online, OneDrive for Business, or SharePoint Server on-premises as a solution.
Note: This change is only impactful for organizations with on premises servers. If you do not have on premises servers, you can safely disregard this message.
[When this will happen:]
We will be rolling this change beginning early January 2023 and expect to complete by late April (previously February).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2022-11-02
updated:
2022-11-17
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
More Info URL
XXXXXXX ... free basic plan only
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here

change history
Date | Property | old | new |
2023-03-04 | MC Last Updated | 11/16/2022 20:25:27 | 2023-03-03T21:28:10Z |
2023-03-04 | MC Messages | Updated November 16, 2022: We have updated this message with additional information for clarity. Thank you for your patience.
Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so we have decided to deprecate it from all tenants. We will retire this feature in Office Apps version 2209+. Instead, we recommend moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth. This retirement will not affect Exchange Online and Exchange on-premises. Customers using basic authentication to connect to Exchange on-premises/Exchange Online can continue to use basic authentication without any changes to Exchange. There is a separate effort to retire Outlook connecting to Exchange Online using Basic Authentication. Please see Exchange Online - September 2022 Update. Windows files share access is not affected. The underlying authentication layer for file share is NTLM, and there is not change to NTLM. More information is here - Microsoft SMB Protocol Authentication - Win32 apps | Microsoft Learn. Access to files stored on SharePoint on-premises server that are using basic authentication will be blocked. However, files stored on SharePoint Online, OneDrive for Business are not affected. Customers who currently store files on web servers that use Basic authentication can move those files to SharePoint Online, OneDrive for Business, or SharePoint Server on-premises as a solution. Note: This change is only impactful for organizations with on premises servers. If you do not have on premises servers, you can safely disregard this message. [When this will happen:] We will be rolling this change beginning early January 2023 and expect to complete by early February. | Updated March 3, 2023: We have updated rollout timeline below. Thank you for your patience.
Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so we have decided to deprecate it from all tenants. We will retire this feature in Office Apps version 2209+. Instead, we recommend moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth. This retirement will not affect Exchange Online and Exchange on-premises. Customers using basic authentication to connect to Exchange on-premises/Exchange Online can continue to use basic authentication without any changes to Exchange. There is a separate effort to retire Outlook connecting to Exchange Online using Basic Authentication. Please see Exchange Online - September 2022 Update. Windows files share access is not affected. The underlying authentication layer for file share is NTLM, and there is not change to NTLM. More information is here - Microsoft SMB Protocol Authentication - Win32 apps | Microsoft Learn. Access to files stored on SharePoint on-premises server that are using basic authentication will be blocked. However, files stored on SharePoint Online, OneDrive for Business are not affected. Customers who currently store files on web servers that use Basic authentication can move those files to SharePoint Online, OneDrive for Business, or SharePoint Server on-premises as a solution. Note: This change is only impactful for organizations with on premises servers. If you do not have on premises servers, you can safely disregard this message. [When this will happen:] We will be rolling this change beginning early January 2023 and expect to complete by late April (previously February). |
2023-03-04 | MC End Time | 03/31/2023 09:00:00 | 2023-05-31T09:00:00Z |
2022-11-17 | MC Messages | Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so we have decided to deprecate it from all tenants.
We will retire this feature in Office Apps version 2209+. Instead, we recommend moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth. Note: This change is only impactful for organizations with on premises servers. If you do not have on premises servers, you can safely disregard this message. [When this will happen:] We will be rolling this change beginning early January 2023 and expect to complete by early February. | Updated November 16, 2022: We have updated this message with additional information for clarity. Thank you for your patience.
Microsoft 365 Apps are disabling server sign-in prompts using Basic authentication in Office Apps. We are making this change because basic authentication is a legacy authentication method that sends a username and password with each request. As a result, an attacker can access these credentials and use them to access resources. Continued use of Basic Authentication is a big security concern, so we have decided to deprecate it from all tenants. We will retire this feature in Office Apps version 2209+. Instead, we recommend moving to a more secure authentication method, preferably Modern Authentication, and enabling multi-factor authentication based on OAuth2.0 token-based auth. This retirement will not affect Exchange Online and Exchange on-premises. Customers using basic authentication to connect to Exchange on-premises/Exchange Online can continue to use basic authentication without any changes to Exchange. There is a separate effort to retire Outlook connecting to Exchange Online using Basic Authentication. Please see Exchange Online - September 2022 Update. Windows files share access is not affected. The underlying authentication layer for file share is NTLM, and there is not change to NTLM. More information is here - Microsoft SMB Protocol Authentication - Win32 apps | Microsoft Learn. Access to files stored on SharePoint on-premises server that are using basic authentication will be blocked. However, files stored on SharePoint Online, OneDrive for Business are not affected. Customers who currently store files on web servers that use Basic authentication can move those files to SharePoint Online, OneDrive for Business, or SharePoint Server on-premises as a solution. Note: This change is only impactful for organizations with on premises servers. If you do not have on premises servers, you can safely disregard this message. [When this will happen:] We will be rolling this change beginning early January 2023 and expect to complete by early February. |
2022-11-17 | MC Title | Basic Authentication retirement in Microsoft 365 Apps | (Updated) Basic Authentication retirement in Microsoft 365 Apps |
2022-11-17 | MC Last Updated | 11/02/2022 00:09:20 | 2022-11-16T20:25:27Z |
2022-11-17 | MC MessageTagNames | User impact, Admin impact, Retirement | Updated message, User impact, Admin impact, Retirement |
2022-11-17 | MC prepare | You should move the servers using Basic authentication to another authentication method.
Please click Additional Information to learn more. https://docs.microsoft.com/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online | You should move the servers using Basic authentication to another authentication method.
Please click Additional Information to learn more. https://docs.microsoft.com/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online https://learn.microsoft.com/windows/win32/fileio/microsoft-smb-protocol-authentication https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 |
Last updated 6 months ago