Microsoft changes the authentication procedure for its services
Until now: Simple authentication
Until now, many companies have only protected their mailboxes with a simple authentication (“Basic Auth”). This method does not offer sufficient security and will be discontinued by Microsoft in the foreseeable future. In the future, it will be replaced by the authentication method known from Microsoft 365 (“Modern Auth”).
“Basic Auth” means that user name and password are entered by the user or transmitted by the application for each login process. This makes it easier for potential attackers to get hold of the data and misuse it with other services – especially if TLS protection is missing. Multi-factor authentication (MFA) is also difficult to implement with “Basic Auth”.
New: Modern authentication
As modern authentication for Microsoft 365 accounts, projectfacts now uses OAuth 2.0. It has three decisive characteristics:
- The tokens are application-specific
- The user can determine which areas the token is valid for
- The application no longer comes into contact with the user’s access data
The limited reusability makes potential misuse much more difficult. In combination with multi-factor authentication, this method offers a significantly better security standard and is therefore recommended to companies.
The changeover timetable
Originally, “Basic Auth” was to be discontinued as early as October 2020 for Exchange ActiveSync (EAS), POP, IMAP and Remote PowerShell. As a result of the pandemic, the schedule has been postponed until further notice. Nevertheless, Microsoft is sticking to the changeover; affected customers will receive a corresponding notice in the Message Centre 30 days in advance. Microsoft is already deactivating “Basic Auth” for protocols that customer companies are not currently actively using. You can find more detailed information on the planned course of the changeover in this Microsoft article.
Microsoft 365 Login with projectfacts
In projectfacts you can already set up e-mail accounts with the new authentication standard. To do so, go to the configuration in the menu item “Messages” or “Tickets”. There you can set up new e-mail accounts under the tab “Mail Accounts”.
A dialogue opens in which you can specify the authentication type for receiving and sending e-mails separately. Here you will find the option “Microsoft 365” in each of the “Authentication” fields. After saving, the newly created mail account is displayed and a login button for Microsoft 365 appears. Clicking on it takes you to the login dialogue and you can log in as usual if you are authorised for the mailbox.
Note: For “Shared Mailboxes”, enter the mail address of the shared mailbox as the user name.