If your organization doesn’t use the affected protocols, this fact will be picked up by Microsoft’s analysis and you’ll receive message center notifications to say that Microsoft is going to disable basic authentication for one or more protocols. You’ll get a 12 month notice of deprecation when Microsoft restarts its basic authentication removal program.
#Mapi outlook duplicate remover software
This might involve client upgrades, software changes, and perhaps firmware upgrades to devices which connect to Exchange Online (notably to use SMTP AUTH).
If your organization uses the affected protocols, you need to build a plan to reduce and then remove the usage for basic authentication. As noted in July 2020, Microsoft has already disabled SMTP AUTH for new tenants (don’t these folks send email via PowerShell?) and is now including SMTP AUTH in the overall program rather than handling it separately. Many PowerShell scripts use the Send-MailMessage cmdlet to send messages via SMTP AUTH. SMTP AUTH is the client submission protocol used by applications or devices to submit outbound email to Exchange for processing.
However, Microsoft says they will provide at least 12 months’ notice to tenants before blocking basic authentication for protocols in active use. Eventually, the period of tolerance for basic authentication will lapse and Microsoft will move into a more active closedown phase. Extended Notice Before Blocks Descendįor an undefined period, basic authentication will not be disabled when it is in active use by tenants. Tenants will receive a message center notification in the Microsoft 365 admin center 30 days before a protocol is blocked. Microsoft notes that many organizations don’t realize what protocols are in active use, so they will measure the use of basic authentication within tenants and use that information to disable basic authentication for unused protocols. Instead of a big-bang turn-off on a nominated date, Microsoft will disable basic authentication for protocols when tenants do not use this capability “to prevent potential misuse”. Microsoft says that they will consider disabling basic authentication for AutoDiscover in the future, once the battle to eliminate basic authentication for the other protocols is won. The logic here is that AutoDiscover only ever informs clients where to go to access user data the protocol can never access user data, so it is of little use to attackers. Microsoft is not including AutoDiscover in the protocol set. There is no good reason for Outlook clients to connect to Exchange Online using anything but modern authentication. This change closes off potential vulnerabilities in Microsoft’s own client to align better with the work already done to support modern authentication IMAP4 and POP3 clients. Outlook desktop clients (Windows) already consume EWS to access information like free/busy data and MailTips. MAPI over HTTP supports both basic or modern authentication. MAPI over RPC is known as Outlook Anywhere and uses basic authentication. MAPI (Messaging Application Programming API): The API Exchange Server is built on.The set of protocols has increased to include: Leaving tenants who use basic authentication alone for the moment and giving 12 months’ notice for deprecation when the basic authentication removal program restarts.Disabling basic authentication when it’s not used.Expanding the set of protocols covered in the program.The Covid-19 pandemic interfered with the ability of many organizations to do the necessary preparation for the deprecation and in April 2020, Microsoft was forced to push the date out to mid-2021. Microsoft’s original plan was to remove support for basic authentication using these protocols in October 2020. After clients replace basic authentication with modern authentication for connections, attackers have a lot less attack surface to target. The logic for choosing these protocols is that they are the set most exploited by attackers. Exchange Web Services (EWS – following an earlier announcement in July 2019).At that time, Microsoft said they would remove support for: Microsoft has been pushing to remove basic authentication for quite a while, with announcements at the Ignite 2019 conference setting the stage. By now, everyone should be convinced that using basic authentication for connections to Exchange Online is a bad idea.
0 kommentar(er)
