Microsoft Technology Update

Exchange Online – Basic Authentication Retirement

In case you have missed it, Microsoft announced a major change as it relates to Exchange Online [Office 365].

At the beginning October 13, 2020, Microsoft will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Note: this change does not impact SMTP AUTH.

Microsoft published an updated blog with more information about this change – Basic Auth and Exchange Online – February 2020 Update

There are several actions that you and/or your users can take to avoid service disruptions on client applications, and we describe them below and in the blog. If no action is taken, client applications using Basic Authentication for EWS may be unable to connect after October 13, 2020.

Any application using OAuth 2.0 and connecting using any of these protocols, will continue to work without change or interruption. 

What do I need to do to prepare for this change?

You have several options on how to prepare for the retirement of Basic Authentication.

  • You can start updating the client applications your users are using to versions that support OAuth 2.0 today. For mobile device access, there are several email apps available that support Modern Authentication, but Microsoft recommends switching to the Outlook app for iOS and Android as Microsoft believes it provides the best overall experience for your M365 connected users. For desktop/laptop access, Microsoft encourages the use of the latest versions of Outlook for Windows and Outlook for Mac. All Outlook versions including, or newer than, Outlook 2013 fully support OAuth 2.0.
  • If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication
  • If you or your users are using a 3rd party application, which uses these protocols, you will either need to:
  • reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication


  • assist your users to switch to an application that’s built using OAuth 2.0

DMS is proactively reaching out to existing and new customer to assess and mitigate any issues related to retiring the Basic Authentication. More planning and lead time will allow you to be prepared and make the required adjustments.

DMS can assist with the analysis of your current configuration and also with making the required adjustments. Contact us today to schedule a meeting with our team.