Office 365 - Transition to Modern Authentication

Microsoft announced an upcoming security update that requires all Office 365 users to make a change on every device and email software that connects with UWM email, including all email applications on your mobile devices and tablets, desktop computers, laptops, and University line of business applications. To improve security and ensure usage of multifactor authentication (MFA), UWM will be fully moving to utilize Modern Authentication for Office 365 services and will disable support for Basic Authentication on Tuesday, March 30, 2021.

Why is this happening?

Modern Authentication and Basic Authentication are terms for connection methods between a client (for example, your laptop or your phone) and the Office 365 servers. Currently, UWM's Office 365 environment allows users to authenticate with Office 365 services using both Basic Authentication as well as Modern Authentication.

Additionally, Microsoft will be retiring Basic Authentication and has encouraged the full adoption of Modern Authentication. Basic Authentication does not offer optimal security as it allows UWM users to bypass multifactor authentication despite being enrolled and opens your Office 365 mailbox to cyberattacks like credential stuffing, brute force and password spray.

What are the impacts of this change?

This change will primarily impact access to email (Outlook) in Office 365 using apps that do not use Modern Authentication. This affects older mail clients that use IMAP, POP3 (such as Thunderbird), and ActiveSync connections (such as Android Mail and older versions of iOS Mail) as well as Outlook 2010 or older. 

Please note: If you are actively using one of the above mail clients and change to a supported mail client, it may take up to 24 hours for the old client to disconnect from Office 365. Also, macOS Mail and Calendar on macOS versions older than 10.14 do not support Modern Authentication.

There are many different email/calendar applications which support Modern Authentication. Select the specific application you wish to use below for specific setup guides.

What will happen if I do not switch to an app that uses Modern Authentication?

If you do not transition to an application that supports Modern Authentication prior to March 30th, 2021, you will no longer be able to access UWM Office 365 email and calendaring and will receive an error message. Moreover, if you set up your UWM account in macOS Mail and Calendar or iOS Mail and Calendar prior to upgrading to Mojave and iOS 11, respectively, you will need to delete and re-add your UWM account in those apps.

This is a example of an error message that will be shown when an account is configured using ActiveSync (e.g., Android Mail, or older macOS Mail and iOS Mail configurations):

These are examples of error messages that will be shown when an account is configured using IMAP (e.g. Thunderbird):

Additional Technical Information 

  • Since Basic Authentication is not protected by multifactor authentication, if your ePanther credentials are compromised, it can be used to access your mailbox or to send email from your account. 
  • All native Microsoft 365 applications support Modern Authentication. A few third-party client applications support Modern Authentication, including: Mac Mail and iOS Mail.
  • Outlook 2010 and older do not support Modern Authentication.
  • Android (Google) Mail and Calendar do not support Modern Authentication.
  • macOS Mail and Calendar on macOS versions older than 10.14 do not support Modern Authentication.
  • iOS Mail and Calendar on iOS versions older than 11 do not support Modern Authentication.
  • Microsoft has already discontinued support for Basic Authentication with the Outlook REST API.
  • OAuth 2.0 is the industry standard protocol for authorization and it is possible to use as a method for Modern Authentication in third-party apps that provide support for it, such as Thunderbird.

See Also:

Keywords:O365, Office 365, M365, Microsoft 365, basic authentication, modern authentication, imap, pop, activesync, mapi, mfa, multifactor authentication, your email access has been blocked, exchange, microsoft exchange, blocked, outlook   Doc ID:109670
Owner:Help Desk K.Group:UW-Milwaukee Help Desk
Created:2021-03-15 15:25 CDTUpdated:2021-09-01 09:46 CDT
Sites:UW-Milwaukee Help Desk
Feedback:  4   1