Basic Authentication getting dead for Exchange online API’s
Since the existence of the office 365 whenever we need to get connect the API’s of Exchange online even PowerShell, we have been using Basic Authentication. Basic Authentication means that the client application passes the username and password with every request. It’s quite simple to setup and use, at the same time it is contains more risk to the users making attackers armed with today’s tool and methods to capture the credentials of end-users.
As we know, Microsoft has already introduced the Modern Authentication, based upon OAuth 2.0 for authentication and authorization. Modern Authentication is considered as more secure than Basic Authentication as it uses Microsoft’s MFA. Last year, Microsoft decommissioned Basic Authentication on Outlook REST API and announced that on October 13th, 2020 they will be stop supporting Basic Authentication for Exchange Web Services (EWS) to access Exchange online.
Hence retire Basic authentication on October 13th, 2020 will discontinue Basic Authentication for Exchange Active Sync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (POP), Internet Message Access Protocol (IMAP), and Remote PowerShell (RPS) in Exchange online. Which means the new or existing applications using one or more these API’s/ Protocols will not be able to use Basic Authentication when connecting to office 365 mailboxes from their endpoints. Although this will not affect SMTP AUTH.
For the further information on how to enable Exchange online PowerShell Modern authentication, will be posting on coming blog.