Body
Overview
In summer 2020, OIT disabled basic authentication to Microsoft 365. Access to Microsoft 365 requires modern authentication which is capable of two-factor authentication. Basic authentication protocols include IMAP, POP, & ActiveSync.
Clients with Support support for 2FA and Modern Auth
These email clients support two-factor authentication with Office 365.
Email clients, such as Thunderbird, will only work if configured to use OAuth2.0.
Why OIT Made This Change
OIT made this change to make email more secure. Basic authentication doesn’t require two-factor authentication which leaves the user and the university vulnerable. Because of that, it gives hackers an easy way to exploit an account once they have your password. Remember, two-factor authentication doesn’t prevent your password from being compromised; it only requires another piece of information for authentication to better secure access to resources.
Technical Details
The following applications and services are impacted due to basic authentication being disabled.
Application/Service
|
Common Use
|
Exchange Active Sync (EAS)
|
Used by some email clients on mobile devices.
|
Autodiscover
|
Used by Outlook and EAS clients to find and connect to mailboxes in Exchange Online
|
IMAP4
|
Used by IMAP email clients.
|
MAPI over HTTP (MAPI/HTTP)
|
Used by Office 2013 and later.
|
Offline Address Book (OAB)
|
A copy of address list collections that are downloaded and used by Outlook.
|
Outlook Service
|
Used by the Mail and Calendar app for Windows 10.
|
POP3
|
Used by POP email clients.
|
Reporting Web Services
|
Used to retrieve report data in Exchange Online.
|
Outlook Anywhere (RPC over HTTP)
|
Used by Office 2016 and earlier.
|
Authenticated SMTP
|
Used by POP and IMAP clients to send email messages.
|
Exchange Web Services (EWS)
|
A programming interface that's used by Outlook, Outlook for Mac, and third-party apps.
|