For the past couple of years, Microsoft has been warning customers that it is deprecating Basic Authentication in Exchange Online in favor of Modern Auth (OAuth 2.0). These warnings have come in waves as Microsoft has proceeded to disable the method in a staggered manner. Now, it appears that the company has issued its final public notification about the matter, with the holiday period kicking off next week in many countries.
In a new blog post, the Redmond tech giant has advised companies to prepare for Basic Auth being turned off for most protocols in January 2023. The protocols affected by this deprecation are MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. It is important to note that the protocol will not be disabled for SMTP AUTH, but Microsoft has recommended disabling it by yourself.
Organizations will still be informed seven days prior to the protocol being disabled for them. Once it is turned off, affected apps will begin throwing an HTTP error 401 for bad username/password. The only way for them to work after that will be to switch to Modern Auth.
Microsoft has noted that it will be impossible to turn on Basic Auth after it"s been disabled in January. You can find extensive guidance on this topic here.