As previously announced, on October 1, 2022, Microsoft will permanently disable Basic Authentication (“Basic Auth”) for Office 365 Exchange email. 

Basic Auth is a simple method of connecting to email and is vulnerable to malicious attacks that involve your Cornell NetID and password. Microsoft is making the change to significantly improve the security of email systems and accounts.

Two groups of users have been notified of this impending change:

• Individual users, who may be using Basic Auth with the IMAP and POP protocols, will need to reconfigure their email client before October in order to continue receiving Cornell email. These users should consider switching to an an approved Microsoft or Apple email client for Cornell email. Approved apps include Outlook for Windows or macOS, Outlook on the web, and mobile versions of Outlook for Android or iOS. (Other email clients and applications are not recommended or supported.) Users should then sign up for Two-Step Login, Cornell’s two-factor authentication service.
• Owners of resource or service accounts, who will need to update their email service to use a Modern Authentication method. These account owners and administrators should visit Resources for Transitioning to Modern Authentication for Office 365, which provides links to Microsoft and other websites to help configure accounts to use OAuth2 with several different methods, including Microsoft Graph, Java, and Python.

If accounts configured with Basic Auth are not updated to use a modern client or OAuth2, they will no longer be able to connect to email services after October 1.

Questions?

• If you think you will be affected by this change and are unsure what to do, contact the CIT Email and Messaging Team.
• For technical details about the coming change, visit Microsoft’s post, Basic Authentication Deprecation in Exchange Online.