Microsoft Azure Basic and Modern Authentication

This article provides a discussion on Microsoft Azure Basic and Modern Authentication and the phasing out of Basic in favor of Modern authentication.

About modern authentication

Modern Authentication is a method of identity management that offers more secure user authentication and authorization. It’s available for Office 365 hybrid deployments of Skype for Business server on-premises and Exchange server on-premises, as well as, split-domain Skype for Business hybrids.

Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes:

Managing user identities with modern authentication gives administrators many different tools to use when it comes to securing resources and offers more secure methods of identity management to both on-premises (Exchange and Skype for Business), Exchange hybrid, and Skype for Business hybrid/split-domain scenarios.

Be aware that because Skype for Business works closely with Exchange, the login behavior Skype for Business client users will see will be affected by the modern authentication status of Exchange. This will also apply if you have a Skype for Business split-domain hybrid architecture, in which you have both Skype for Business Online and Skype for Business on-premises, with users homed in both locations.

The following notification is being sent by Microsoft to all Office 365, Microsoft 365 and Azure customers.

Basic authentication phase out in favor of modern authentication

In response to the unprecedented situation we are in and knowing that priorities have changed for many of our customers we have decided to postpone retiring Basic Authentication in Exchange Online (MC204828) for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.

[How does this affect me?]

We will continue to disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage starting October 2020. And of course you can start blocking legacy authentication today, you don’t need us to do anything if you want to get started (and you should).

We will also continue to complete the roll-out of OAuth support for POP, IMAP, SMTP AUTH and Remote PowerShell and continue to improve our reporting capabilities. We will publish more details on these as we make progress.

[What do I need to do to prepare?]

This change allows you more time to update clients, applications and services that are using Basic Authentication to use Modern Authentication.


Office 365 alerting