Microsoft 365 (Information) Transition to Modern Authentication

To improve security and ensure usage of multifactor authentication (MFA), UWM has changed our tenant to use Modern Authentication for Microsoft 365 services.

  

Why is this happening?

Modern Authentication and Basic Authentication are terms for connection methods between a user (for example, your laptop or your phone) and the Microsoft 365 servers. Currently, UWM's Microsoft  365 environment allows users to authenticate with Microsoft  365 services using both Basic Authentication as well as Modern Authentication.

Additionally, Microsoft will be retiring Basic Authentication and has encouraged the full adoption of Modern Authentication. Basic Authentication does not offer optimal security as it allows UWM users to bypass multifactor authentication despite being enrolled and opens your Microsoft  365 mailbox to cyberattacks like credential stuffing, brute force and password spray.

What are the impacts of this change?

This change will primarily impact access to email (Outlook) in Microsoft 365 using apps that do not use Modern Authentication. This affects older mail users that use IMAP, POP3 (such as Thunderbird), and ActiveSync connections (such as Android Mail and older versions of iOS Mail) as well as Outlook 2010 or older. 
 
Please note: If you are actively using one of the above mail users and change to a supported mail user, it may take up to 24 hours for the old user to disconnect from Office 365. Also, macOS Mail and Calendar on macOS versions older than 10.14 do not support Modern Authentication.

There are many different email/calendar applications which support Modern Authentication. Select the specific application you wish to use below for specific setup guides.

 

What will happen if I do not use an app which supports Modern Authentication?

If you have not transitioned to an application that supports Modern Authentication, you will no longer be able to access UWM Microsoft 365 email and calendaring and will receive an error message.
Moreover, if you set up your UWM account in macOS Mail and Calendar or iOS Mail and Calendar prior to upgrading to Mojave and iOS 11, respectively, you will need to delete and re-add your UWM account in those apps.
This is a example of an error message that will be shown when an account is configured using ActiveSync (e.g., Android Mail, or older macOS Mail and iOS Mail configurations):
These are examples of error messages that will be shown when an account is configured using IMAP (e.g. Thunderbird):

Additional Technical Information 

  • Since Basic Authentication is not protected by multifactor authentication, if your ePanther credentials are compromised, it can be used to access your mailbox or to send email from your account. 
  • All native Microsoft 365 applications support Modern Authentication. A few third-party user applications support Modern Authentication, including: Mac Mail and iOS Mail.
  • Outlook 2010 and older do not support Modern Authentication.
  • Android (Google) Mail and Calendar do not support Modern Authentication.
  • macOS Mail and Calendar on macOS versions older than 10.14 do not support Modern Authentication.
  • iOS Mail and Calendar on iOS versions older than 11 do not support Modern Authentication.
  • Microsoft has already discontinued support for Basic Authentication with the Outlook REST API.
  • OAuth 2.0 is the industry standard protocol for authorization and it is possible to use as a method for Modern Authentication in third-party apps that provide support for it, such as Thunderbird.

See Also:



Keywords:O365, Office 365, M365, Microsoft 365, basic authentication, modern authentication, imap, pop, activesync, mapi, mfa, multifactor authentication, your email access has been blocked, exchange, microsoft exchange, blocked, outlook   Doc ID:109670
Owner:Help Desk K.Group:UW-Milwaukee Help Desk
Created:2021-03-15 15:25 CDTUpdated:2023-07-13 15:39 CDT
Sites:UW-Milwaukee Help Desk
Feedback:  4   1