Effective from October 2022, Microsoft will start to randomly select tenants and disable basic authentication access for specific protocols (MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell) in Exchange Online for its users. Effectively, Microsoft will permanently disable all basic auth protocols during the first week of January 2023. There will be no possibility of using basic auth after that.
To avoid disruption of services, you can select and run diagnostics on the required protocols before the end of September 2022. Selected protocols (specified by you) will stay enabled for basic auth use until the end of December 2022.
Why is Microsoft Disabling Basic Auth?
Microsoft is seeing that accounts are being hacked by leveraging basic authentication (basic auth). Microsoft is disabling basic auth to protect your data and accounts from being hacked.
How does it Impact Vtiger Users?
Email is a vital service for many customers, and turning off basic auth could impact their business.
As Vtiger CRM uses basic auth for Microsoft’s Exchange Online protocols, the deprecation of basic auth impacts Inbox services. It stops the Mail Sync tool from recording emails sent through the Inbox. This may cause difficulty keeping track of your team's emails with your leads.
Vtiger is working on a custom authentication system that will be effective soon. Until then, we have a temporary solution for you. You can use Microsoft’s self-service diagnostic to re-enable basic auth for the required protocols till the end of December 2022.
Note:
|
Exchange Online | Exchange Online is the cloud version of the on-premise Exchange Server, an email server from Microsoft. |
Basic Authentication | Basic authentication or basic auth in Exchange Online uses a username and a password for client access requests. |
Protocols | Exchange Server primarily used a proprietary protocol called MAPI to talk to email clients but subsequently added support for POP3, IMAP, and EAS. The standard SMTP protocol is used to communicate with other Internet mail servers. |
Self-service Diagnostic | This tool can be used by portal customizers to quickly resolve common issues and reduce the amount of time spent on diagnosing the issues. |
Mail Sync | Mail Sync is a powerful tool that allows you to connect your business inbox to Vtiger CRM. Once enabled, any email you send through that inbox will be recorded. |
You can re-enable non-opted protocols till the end of December 2022. Once the self-service diagnostic is run, basic auth will be re-enabled for these protocols.
What are the Diagnostic Options
Following are the two self-service diagnostic options available to enable basic auth for the protocols:
- Opting out protocols for basic auth
- Re-enabling basic auth for protocols
You will be able to select protocols that can be opted out only till the end of September 2022.
If you submit the opt-out request in September, Microsoft will not be disabling basic auth for these opted-out protocols in October, and you will be able to use them till the end of December 2022.
Follow these steps to run self-service diagnostics for opt-out selected protocols:
- Click Diag: Enable Basic Auth in EXO to open diagnostic in the Microsoft 365 admin center if you’re a tenant Global Admin.
Or
- Log in to Microsoft 365 admin center.
- On the home page, click Help & Support on the bottom right corner of the screen. Microsoft's self-help system opens.
- In the Search field, type the phrase ‘Diag: Enable Basic Auth in EXO’.
- Click Search.
- Select the required protocol from Protocol to Opt Out drop-down.
- Enable the Acknowledgement checkbox.
- Click Update.
Note: You can re-run the diagnostics for multiple protocols. |
Starting from October 2022, the diagnostic will allow you to re-enable basic auth only for those protocols it was disabled for.
If you missed opting out of the protocols during September 2022, and the protocol is disabled for basic auth, you can re-enable it until the end of December 2022.
Note: Diagnostics will run automatically when you re-enable the basic auth for a protocol. |
Follow these steps to re-enable basic auth for the protocols:
- Click Diag: Enable Basic Auth in EXO to open diagnostic in the Microsoft 365 admin center if you are a tenant Global Admin.
Or
- Log in to Microsoft 365 admin center.
- On the home page, click Help & Support on the bottom right corner of the screen. Microsoft's self-help system opens.
- In the Search field, enter ‘Diag: Enable Basic Auth in EXO’.
- Click Search.
- Select the required protocol from Protocol to Enable drop-down.
- Enable the Acknowledgement checkbox.
- Click Update.
Note: You can re-run the diagnostics for multiple protocols. |
If you re-enable basic auth for a protocol and don’t need it anymore, you can block it yourself instead of waiting for Microsoft to do it in January 2023. The quickest and most effective way to do this is to use Authentication Policies that block basic auth connections at the first point of contact to Exchange Online.
Or
Follow these steps to block basic auth yourself:
- Log in to the Microsoft 365 admin center.
- Go to Settings.
- Click Org Settings.
- Click Modern Authentication.
- Uncheck the boxes to block basic auth for the protocols you no longer need.
Note: These checkboxes will be disabled when the basic auth for protocols is disabled permanently. They will also be removed after January 2023. |
Was this article helpful?
1out of1found this helpful.