Basic authentication switch off

What is happening?  

Microsoft is switching off Basic authentication for all Office 365 Customers by 31st December 2022. This will mean that those connecting to the Nexus365 email service using Basic authentication will no longer be able to do so and will need to ensure that they connect using the Modern authentication (OAuth 2.0) method.

Basic authentication is deemed a less secure method of authentication making it easier for attackers to capture user credentials. Modern authentication has been available for many years and offers a more secure authentication process.

When will this happen? 

Microsoft began switching off Basic authentication from 1st October 2022, although there was an extension given to some organisations, including the University of Oxford, up to 31st December 2022. Any changes to move away from Basic authentication should be made by this date.

Who is affected?  

Most Nexus365 users will be unaffected by this change as they will already be using Modern authentication.  

This will affect those using old software, often out of support with its vendor or legacy configurations when setting up clients when there was only an option of using Basic authentication.  

IT Services has been contacting those users who are using Basic authentication. The Nexus team have also been working with local IT teams who use systems relying on Basic authentication to move them over to Modern authentication.

If your email application was not compatible with multi-factor authentication (MFA), and you requested to use an app password to use it with Nexus 365, this will stop working when Basic authentication is switched off by Microsoft.

What you need to do

If you have been contacted by IT Services or are aware that you are using Basic authentication, there are a number of things that you can do depending on the client that you are using to access your Nexus365 email.  

Outlook

If you need to reconfigure your Outlook client to use Modern authentication please see the instructions for how to remove and recreate your Outlook profile.

If you are using an older Outlook client such as Outlook 2010 or Outlook 2013 pre-dating Service Pack 1, these will not be able to use Modern authentication. You will need to upgrade to a later supported version of Outlook. The Office 365 download is available free to Nexus365 users via the Office Portal, for Windows, Mac, Android, and iOS. 

iOS and macOS

Mac mail / apple mail clients on mobile devices or computers initially set up using Basic authentication will be affected. To ensure you are not affected when Basic authentication is switched off you are encouraged to update to the latest version of iOS (iOS 15.6 and above) and macOS (macOS 11 Big Sur and above). Apple have been working with Microsoft and the latest update will ensure a seamless automatic transition to Modern authentication if your device is configured using Basic authentication.

Please see instructions for macOS and iOS if you have not updated to the latest version and need to configure your email client.

Mobile devices

Mobile device email clients that connect using ActiveSync (EAS) and do not support Modern authentication will be affected. These clients should upgrade if the vendor offers a version that supports Modern authentication. If they do not support Modern authentication you will need to switch to mobile email client that does. Please see the iOS/Android instructions for configuring your email client.   

POP3 and IMAP4

Microsoft have updated POP and IMAP to support Modern authentication. If you are using a client that connects using these protocols and authenticates using Basic authentication, then you will need reconfigure the client to use Modern authentication. Please see instructions on configuring your email client using manual settings. If the client does not support Modern authentication you will need to look to move to a client that does support this.

App password users

It will no longer be possible to use App passwords once Basic authentication has been switched off. If you are using an App passwords with Nexus365 email you will need to look to reconfigure your clients to use Modern authentication or move to a client that does support this.

 

Please see the Instructions for How to configure your email client for any of the above should you need to set up a new client as part of this change.

In all cases Outlook on the Web (‘OWA’) is available from within any widely used web browser. This can be used by users if they are unable to reconfigure their affected client or device before the deadline.  

 

Can I check if I will be impacted? 

If you have been informed by IT Services that you are currently using Basic authentication and you are not sure where you are using this. There are several ways you can determine if you are using Basic authentication or Modern authentication.

A simple way to tell if a client app (for example, Outlook) is using Basic authentication or Modern authentication is to observe the sign in box that is presented when you log in. 

Modern authentication displays a web-based login page: 

Modern authentication Microsoft sign in screenshot

 
And Basic authentication will present a dialog credential modal box: 

Basic authentication Windows Security login screenshot

 

On a mobile device, you will see a similar web-based page when you authenticate if the device is trying to connect using Modern authentication. 


On Windows desktop devices, you can also check the connection status dialog box, by CTRL + right-clicking the Outlook icon in the system tray and choosing Connection Status. 

When using Basic authentication, the Authn column in the Outlook Connection Status dialog shows the value of Clear

Outlook connection status general tab screenshot showing Basic authentication used

 

Once you switch to Modern authentication, the Authn column in the Outlook Connection Status dialog shows the value of Bearer

Outlook connection status general tab screenshot showing Modern authentication used

Get support


If you cannot find the solution you need here then we have other ways to get IT support

GET IT SUPPORT