End of support for Basic Authentication access Office365

Hi,
Microsoft 29.02.2020 block lagency authentication ie. smtp/imap ( Microsoft legally replace Baseline Policies with Security Defaults, with no exception!)

Is Zamad planning to support MFA?

I am afraid that on 1 March my Zammad will stop.

the correct URL should be:
Office 365 Developer Blog

and the date when IMAP basic auth will be retired is there described as October 13th, 2020.

I hope that a solution for getting emails from Exchange Online to zammad is on the table …

Ulrich

Yes October 13th to everyone, but February 29th, 2020 to MS Partner, as I am. And I have a problem.

We have problems too… This should be addressed immediately.

BR wucherpfennig

Would this mean that the creation of e-Mail accounts via “channels -> E-Mail -> E-Mail account -> new” wouldn’t work anymore? That would be a bummer…

As much as I do understand it this should be the case for o365 accounts, yes

Quote from Microsoft Office365 Message Center:

As previously communicated in MC191153, beginning October 13, 2020, we will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Note: this change does not impact SMTP AUTH.

We have published an updated blog with more information about this change - Basic Auth and Exchange Online – February 2020 Update

There are several actions that you and/or your users can take to avoid service disruptions on client applications, and we describe them below and in the blog. If no action is taken, client applications using Basic Authentication for EWS may be unable to connect after October 13, 2020.

Any application using OAuth 2.0 and connecting using any of these protocols, will continue to work without change or interruption.

[What do I need to do to prepare for this change?]

You have several options on how to prepare for the retirement of Basic Authentication.

  • You can start updating the client applications your users are using to versions that support OAuth 2.0 today. For mobile device access, there are several email apps available that support Modern Authentication, but we recommend switching to the Outlook app for iOS and Android as we believe it provides the best overall experience for your M365 connected users. For desktop/laptop access, we encourage the use of the latest versions of Outlook for Windows and Outlook for Mac. All Outlook versions including, or newer than, Outlook 2013 fully support OAuth 2.0.
  • If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication, you can reach out to us on stack overflow with the tag exchange-basicauth if you need some help.
  • If you or your users are using a 3rd party application, which uses these protocols, you will either need to:
  • reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication

-or-

  • assist your users to switch to an application that’s built using OAuth 2.0

We have made a report that will help you identify any impacted users and client applications in your organization available to all tenants. The blog has details about using the report.

Please review the Blog to learn more about this retirement.

@MrGeneration You do not face this issue?

I received this message in the morning too. @wucherpfennig do you have an idea to work around the problem?

Well…

Redirect all incoming messages to an external imap inbox.
Distribute the messages there into subfolders.
Fetch them with zammad…

But this seems so wrong…

Exactly. I came up with the same way.
The second way, Microsoft recommends (if you don’t have MFA support in the service) to use Conditional Access. Guess what, this is extra paid for a P1 or P2 subscription (only there is CA).
And the cash flows…

I guess you have to get p1 for all users :smile: if not that would be a very cheap solution…

Anyway I am happy to read that it should work. But still it bugs me that nobody from the hosted service ran into this problem

@wucherpfennig of course i havnt P1.
Today everything has stopped. SMTP does not work, and it was supposed to be ok. People also have problems with it. Everything’s wrong. F*ck, my plans fell apart.

Small follow up from us:
We’ve seen this issue and are aware of it.

At this very moment I can’t provide any further details on when and how, but will keep you updated as soon as I do know.

What we’re not planning is to let our users drown in that mudd.

2 Likes

Thank you for your feedback. Glad to hear!