Note: Basic Authentication switch off date
Microsoft have confirmed that Basic Authentication was switched off for all Nexus users on the 25th January 2023
What is happening?
Microsoft is switching off Basic authentication for Nexus365 Customers on 25th January 2023. This will mean that those connecting to the Nexus365 email service using Basic authentication will no longer be able to do so and will need to ensure that they connect using the Modern authentication (OAuth 2.0) method.
Basic authentication is deemed a less secure method of authentication making it easier for attackers to capture user credentials. Modern authentication has been available for many years and offers a more secure authentication process.
When will this happen?
Microsoft began switching off Basic authentication from 1st October 2022, although there was an extension given to some organisations, including the University of Oxford, up to 25th January 2023. Any changes to move away from Basic authentication should be made by this date.
Who is affected?
Most Nexus365 users will be unaffected by this change as they will already be using Modern authentication.
This will affect those using old software, often out of support with its vendor or legacy configurations when setting up clients when there was only an option of using Basic authentication.
IT Services has been contacting those users who are using Basic authentication. The Nexus team have also been working with local IT teams who use systems relying on Basic authentication to move them over to Modern authentication.
If your email application was not compatible with multi-factor authentication (MFA), and you requested to use an app password to use it with Nexus 365, this will stop working when Basic authentication is switched off by Microsoft.
What you need to do
If you have been contacted by IT Services or are aware that you are using Basic authentication, there are a number of things that you can do depending on the client that you are using to access your Nexus365 email.
If you need to reconfigure your Outlook client to use Modern authentication please see the instructions for how to remove and recreate your Outlook profile.
If you are using an older Outlook client such as Outlook 2010 or Outlook 2013 pre-dating Service Pack 1, these will not be able to use Modern authentication. You will need to upgrade to a later supported version of Outlook. The Office 365 download is available free to Nexus365 users via the Office Portal, for Windows, Mac, Android, and iOS.
iOS and macOS
Mac mail / apple mail clients on mobile devices or computers initially set up using Basic authentication will be affected. To ensure you are not affected when Basic authentication is switched off you are encouraged to update to the latest version of iOS (iOS 15.6 and above) and macOS (macOS 11 Big Sur and above). Apple have been working with Microsoft and the latest update will ensure a seamless automatic transition to Modern authentication if your device is configured using Basic authentication.
Please see instructions for macOS and iOS if you have not updated to the latest version and need to configure your email client.
Mobile device email clients that connect using ActiveSync (EAS) and do not support Modern authentication will be affected. These clients should upgrade if the vendor offers a version that supports Modern authentication. If they do not support Modern authentication you will need to switch to mobile email client that does. Please see the iOS/Android instructions for configuring your email client.
POP3 and IMAP4
Microsoft have updated POP and IMAP to support Modern authentication. If you are using a client that connects using these protocols and authenticates using Basic authentication, then you will need reconfigure the client to use Modern authentication. Please see instructions on configuring your email client using manual settings. If the client does not support Modern authentication you will need to look to move to a client that does support this.
App password users
It will no longer be possible to use App passwords once Basic authentication has been switched off. If you are using an App passwords with Nexus365 email you will need to look to reconfigure your clients to use Modern authentication or move to a client that does support this.
Please see the Instructions for How to configure your email client for any of the above should you need to set up a new client as part of this change.
In all cases Outlook on the Web (‘OWA’) is available from within any widely used web browser. This can be used by users if they are unable to reconfigure their affected client or device before the deadline.
Can I check if I will be impacted?
If you have been informed by IT Services that you are currently using Basic authentication and you are not sure where you are using this. There are several ways you can determine if you are using Basic authentication or Modern authentication.
A simple way to tell if a client app (for example, Outlook) is using Basic authentication or Modern authentication is to observe the sign in box that is presented when you log in.
Modern authentication displays a web-based login page:
And Basic authentication will present a dialog credential modal box:
On a mobile device, you will see a similar web-based page when you authenticate if the device is trying to connect using Modern authentication.
On Windows desktop devices, you can also check the connection status dialog box, by CTRL + right-clicking the Outlook icon in the system tray and choosing Connection Status.
When using Basic authentication, the Authn column in the Outlook Connection Status dialog shows the value of Clear.
Once you switch to Modern authentication, the Authn column in the Outlook Connection Status dialog shows the value of Bearer.