Skip to main content
Keep your business open during COVID-19Learn More
Call us
Phone numbers and hours
Help Center

Explore our online help resources

We are experiencing high volume today, and as a result, you may experience longer than usual wait times.
BlogHelp

Microsoft 365 from GoDaddy Help

Microsoft is deprecating Basic authentication

Basic authentication is an outdated industry standard that’ll be deprecated starting January 2023. Its use makes it easier for attackers to capture user credentials, which increases the risk of those stolen credentials being used to fraudulently gain access to other endpoints or services.

The ability to use Basic authentication in Exchange Online is being removed from the following protocols:

  • Exchange Active Sync (EAS)
  • POP
  • IMAP
  • Remote PowerShell
  • Exchange Web Services (EWS)
  • Offline Address Book (OAB)
  • Outlook for Windows and Mac

What do I need to do?

You can always use Outlook on the web to access your email. It won’t be affected by the Basic authentication deprecation.

However, in your email clients, you’ll need to switch to modern authentication, or OAuth2.0. Modern authentication is more secure and supports multi-factor authentication, or MFA, that uses modern methods like one-time text messages and authenticator apps. This might include:

  • Outlook: Upgrade to Outlook 2013 or later for Windows or Outlook 2016 or later for Mac. If you’re already using Outlook 2013, you can enable modern authentication by configuring specific registry keys.
  • Mobile email clients from Apple, Samsung, etc.: Move to Outlook for iOS or Android or another mobile app that supports modern authentication. If you’re using Apple Mail on an iOS, iPadOS, or macOS device, you can enable modern authentication.
  • Third-party clients using POP or IMAP: Move to modern authentication when it’s supported by your client.

See Microsoft’s specific recommendations for impacted protocols under “Protocol recommendation.” You can also block the use of Basic authentication by turning on security defaults.

More info