Zoom Calendar and Contacts Integration with Office 365 Will No Longer Support Basic Authentication Starting September 25, 2022
On Sunday, September 25, 2022, Cornell will begin requiring that all Zoom account integrations with Office 365 calendars use the more secure OAuth 2.0 standard. This change is being made in anticipation of Microsoft’s upcoming deprecation of Basic Authentication (“Basic Auth”) on all Office 365 accounts. Basic Auth was a simpler method of connecting to email and was significantly more vulnerable to malicious attacks on Cornell NetIDs and passwords. Microsoft is phasing out Basic Auth on October 1, 2022, to significantly improve the security of all email systems and accounts.
Please note that this change specifically affects the Calendar and Contacts Integration in a user’s Zoom profile. This integration, when enabled, allows a user’s Zoom desktop client to display meetings and contacts from their Outlook calendar.
What Users Can Expect
Users who have not enabled Calendar and Contact Information in their Zoom profile will not be affected by this change.
Most users who have enabled Calendar and Contact Information should already be using the modern OAuth 2.0 method, which has been the default option for some time. These users can expect no effects when the change takes place on September 25, 2022.
Long-time Cornell Zoom users whose Zoom accounts predate OAuth 2.0, or users who deliberately opted not to use OAuth 2.0 when they enabled a Calendar and Contact Integration, however, are advised to proactively re-configure their Calendar and Contact Integration now to use OAuth 2.0.
After the upcoming change takes place, failing to re-configure an integration still using Basic Auth will result an error in the Zoom desktop app when the integration cannot connect with Microsoft Exchange to get calendar information. Below is an example of a typical expected error (with personal information redacted for privacy), reading Your calendar service has been disconnected from your account. The link, Configure Your Settings, will take the user to their Zoom profile to properly configure the integration.
How to Find the Calendar and Contacts Integration Option
To determine whether the Calendar and Contacts Integration is enabled and using OAuth 2.0:
- Sign into the Cornell Zoom website, https://cornell.zoom.us.
- Click Profile in the left-side menu (or, on mobile, select it from the top dropdown menu).
Scroll down to the Other section. Under the heading Calendar and Contacts Integration:
- If a button labeled Configure Calendar and Contacts Integration is present, then the integration has not yet been enabled and the upcoming change will not affect the user.
- If the Office 365 blue icon is shown next to the user’s Cornell email address, then an integration with Microsoft Office 365 has been enabled.
If an integration with Office 365 is enabled, to check whether OAuth 2.0 is being used, click Edit, choose Office 365, then click Next.
- If the checkbox Authorize with OAuth 2.0 is already checked, then the user will not be affected by the upcoming change. Click Cancel to return to the Zoom profile.
- If the checkbox Authorize with OAuth 2.0 is not checked, then check it now. The user will be prompted to select their Cornell email address, then to sign in with Cornell credentials, and finally to grant the integration permission to access their account.
- After authentication is complete, the user will be returned to their Zoom profile.
For further details on using the Zoom calendar and contacts integration feature, visit Zoom's documentation How to use the calendar integration, or How to update the Office 365 integration settings for the Zoom client.
For details on the phase-out of Basic Authentication by Microsoft, visit Basic Authentication Deprecation in Exchange Online.