Following months of warnings to customers, Microsoft finally started deprecating Basic Authentication in Exchange Online last month. However, as we had learned earlier, customers can still re-enable Basic Auth until the end of this year as they plan migrations to Modern Authentication (OAuth 2.0). Today, Microsoft has detailed another Exchange protocol that it plans to deprecate next.
In a blog post, the Redmond tech giant has revealed that with Basic Authentication being killed off in Exchange Online, there"s practically no reason to keep Autodiscover enabled. For those unaware, Autodiscover is the protocol that"s used by Outlook, Exchange ActiveSync, and other Exchange Web Services (EWS) clients and custom code to find a service location endpoint. You can read more about its architecture and functionalities in Microsoft"s documentation here.
Autodiscover now finds itself on the chopping block but Microsoft has emphasized that it is not killing the protocol itself, just the ability to authenticate over it through legacy methods like username and password.
Starting from today, customers with no Basic Auth usage will have Autodiscover disabled. This will be a staggered process but no tenant on Modern Auth will be excluded. As Basic Auth is completely killed off next year for customers who requested an extension until the end of 2022, Autodiscover will be disabled within weeks. Unlike the extension process for Basic Auth, there will be no way to re-enable Autodiscover once that happens, so plan your deprecation process accordingly.