TY - GEN
T1 - End of Basic Authentication and Migration to Modern Authentication for Exchange Online
AU - Kasahara, Yoshiaki
N1 - Publisher Copyright:
© 2023 Owner/Author.
PY - 2023/3/20
Y1 - 2023/3/20
N2 - At Kyushu University, Information Infrastructure Initiative provides an email service named "Primary Mail Service"for students and staff members with Microsoft Office 365 Exchange Online. On September 20th, 2019, Microsoft announced the end of support for Basic Authentication for Exchange Online, which is considered vulnerable to identity leakages such as phishing and malware attacks. Microsoft would require users to use Modern Authentication such as Exchange protocol or OAuth 2.0 authorization with IMAP, POP, and SMTP. Historically we had instructed our users to use IMAP or POP and SMTP protocols for their email applications, including Microsoft Outlook and Mozilla Thunderbird, so disabling Basic Authentication would significantly impact our user population. In September 2021, Microsoft announced the end of September 2022 as the hard deadline for disabling Basic Authentication. Based on available information, we prepared migration documents from Basic Authentication to Modern Authentication and started to notify users to abandon Basic Authentication. Sending messages to users did not seem to be effective after a couple of notifications, so we tried to temporarily disable Basic Authentication to realize the remaining users through authentication failures. In this paper, we would like to share our experiences about the effect of retiring Basic Authentication for Exchange Online on our service and users.
AB - At Kyushu University, Information Infrastructure Initiative provides an email service named "Primary Mail Service"for students and staff members with Microsoft Office 365 Exchange Online. On September 20th, 2019, Microsoft announced the end of support for Basic Authentication for Exchange Online, which is considered vulnerable to identity leakages such as phishing and malware attacks. Microsoft would require users to use Modern Authentication such as Exchange protocol or OAuth 2.0 authorization with IMAP, POP, and SMTP. Historically we had instructed our users to use IMAP or POP and SMTP protocols for their email applications, including Microsoft Outlook and Mozilla Thunderbird, so disabling Basic Authentication would significantly impact our user population. In September 2021, Microsoft announced the end of September 2022 as the hard deadline for disabling Basic Authentication. Based on available information, we prepared migration documents from Basic Authentication to Modern Authentication and started to notify users to abandon Basic Authentication. Sending messages to users did not seem to be effective after a couple of notifications, so we tried to temporarily disable Basic Authentication to realize the remaining users through authentication failures. In this paper, we would like to share our experiences about the effect of retiring Basic Authentication for Exchange Online on our service and users.
UR - http://www.scopus.com/inward/record.url?scp=85151518028&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85151518028&partnerID=8YFLogxK
U2 - 10.1145/3539811.3579560
DO - 10.1145/3539811.3579560
M3 - Conference contribution
AN - SCOPUS:85151518028
T3 - Proceedings ACM SIGUCCS User Services Conference
SP - 32
EP - 35
BT - SIGUCCS 2023 - Proceedings of the 2023 ACM SIGUCCS Annual Conference
PB - Association for Computing Machinery
T2 - 50th ACM SIGUCCS User Services Annual Conference, SIGUCCS 2023
Y2 - 26 March 2023 through 29 March 2023
ER -