Microsoft Basic Authentication Deprecation – What This Means For You
Authenticate: au-then-tic-cate; /ôˈTHen(t)əˌkāt/ – a computer user or process having one’s identity verified.
Why Basic Authentication is Being Retired
Nearly 3 years ago, Microsoft indicated they would be firming up their stance on security by looking to sunset Basic Authentication and fully head towards a Zero Trust model. Basic Authentication has been around for years and has been used by many client applications to authenticate with servers, services, and endpoints. Easy to set up and usually enabled by default, Basic Authentication means the application sends a username and password with every request, which is also often stored or saved on the device.
However, its simplicity is its downfall.
When using Basic Authentication, and attempting to authenticate with a server, Threat Actors armed with today’s tools and methods can easily capture this information (especially when it is not protected behind encryption methods like TLS). This increases the likelihood of reusing the obtained credentials across other endpoints or services which would enable them to gain access to more of your data.
How Modern Authentication Works
Today there are better, more effective ways to authenticate with your servers, services, and endpoints. Modern Authentication uses several entirely different industry-standard protocols along with security tokens that administrators use to approve or revoke access to resources. Modern Authentication allows for multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and other third-party identity providers, like Duo.
Impact on Users
What does this mean for you, and will you be impacted? With your personal devices you use to access your work email, it is hard to say. If you are using an older mobile device access that does not have a currently supported operating system, you may be impacted. However, the best way to avoid any interruption would be to download and use the Microsoft Outlook for iOS and Android application. The Outlook mobile application supports Modern Authentication and is our preferred way to have you access your email.
Impact on Your Business
As far as any impact to your business? Shortly after the initial announcement, Microsoft disabled Basic Authentication on any newly created tenant. For any existing tenants, they’ve disabled where they could with minimal impact. But now, the pressure to change has increased, and they are relying on their partners (that’s us) to change as much as we can. For the most recent announcement, Microsoft has stated that any processes actively using SMTP AUTH (a type of Basic Authentication) will remain in place and not impacted. This is largely in part due to many businesses having older multifunction printers and copiers which do not support Modern Authentication when sending scans by email or across a network.
While Microsoft was nice to spare the removal of SMTP AUTH at this time, we would not be surprised if it goes away in the future as Microsoft presses forward towards Zero Trust. If you have not had the conversations with your copier vendors about updating your devices, today is a good day to start the conversation. Newer multifunction devices support Modern Authentication which allows for scanning to places like OneDrive and SharePoint.
How KiteTech Can Help
Kite Tech has been auditing all our tenants behind the scenes and minimizing any impact this may have. Thank you for your continued faith in us and working with us to keep your environment safe and secure.
If you have any questions, please feel free to reach out to your Client Experience Manager or email the Help Desk support line. As always we are here to help you navigate the ever-changing world of technology we live in.
If you’re not currently working with Kite Technology and would like to learn more about our Managed IT Services, please contact us to schedule a conversation. We would love the opportunity to learn more about your business and how we can help you achieve your goals.