Basic Authentication Deprecation in Exchange Online
Issue
Microsoft has announced the deprecation of Basic Authentication for specific protocols.
Does this affect in any way the import connector for KTA?
Solution
Microsoft are removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.
Though this change took effect in October 2022, basic authentication can be reenabled for a one time extension until the end of the year, thus providing extra time to configure new methods. Basic Authentication Deprecation in Exchange Online – September 2022 Update - Microsoft Tech Community
This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication. For example, OAuth access tokens have a limited usable lifetime, and are specific to the applications and resources for which they are issued, so they cannot be reused. Enabling and enforcing multifactor authentication (MFA) is also simple with Modern authentication.
For KTA 7.8: using MS Graph would be recommended as this already uses OAuth 2.0.
Note: MS Graph import source in KTA 7.8 uses ROPC grant by default. So if we enter credentials, we will get a token from Azure AD server and we will use that to connect to the mailbox (instead of password). So, the disabling of basic authentication has no effect on MS Graph.
For KTA 7.9: the OAuth 2.0 servers feature is implemented and usable for import sources(IMAP, POP3 and MS Graph).
The following articles can also be shared:
Level of Complexity
Easy
Applies to
| Product | Version | Build | Environment | Hardware |
|---|---|---|---|---|
| KTA | 7.8+ |
References
Add any references to other internal or external articles
Article # 3049518