Since the past couple of years, Microsoft has been causing a lot of waves by reminding customers that it is disabling the Basic Auth mechanism for Exchange Online customers. Although support is being gradually phased out, Microsoft has now issued what appear to be among its final reminders before deprecation officially kicks off in October 2022.
Microsoft has clarified that it will start disabling Basic Auth in its multi-tenant service worldwide. What this means is that not everyone will have it disabled by October 1, 2022. What"s interesting in this approach is that the company will randomly reach out to tenants from the aforementioned date and give them a seven-day warning before their Basic Auth is completely turned off. Organizations will not be able to request an exemption, and this means that it is best to be ready by October 1, because if your company is randomly selected at the start, you won"t be able to request an extension and be pushed back to the queue.
It is important to note that Basic Auth"s replacement is Modern Authentication and the former is being deprecated for these protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, and Remote PowerShell. SMTP AUTH has already been disabled for all tenants who are not using it but is still on for those who are using it. That said, Microsoft has recommended organizations to disable it at a tenant level and enable it only for people who need it.
Overall, Microsoft has encouraged all firms to migrate to Modern Authentication for their apps and services but there are also more detailed guidelines in the blog post here for those who need them.