Starting October 1st, 2022, Microsoft is moving into a new era of security: It’s the end of Basic Authentication. The simple login by username and password will be removed, and it will now be necessary to migrate to modern authentication. Although these changes are very positive in terms of security, they will require some adaptations from organizations. Let’s see together how this major change will impact your environment through this article.
Basic Authentication, Modern Authentication, and Multifactor Authentication
Until then, Microsoft used basic authentication to allow the user to access their entire Microsoft environment.
This method of authentication consists of using a username, often the user’s email address, and a password. Once this information is provided, the user has access to their entire Microsoft environment.
Now the user must comply with modern authentication. The password is no longer saved on the user’s device and is no longer sufficient to access the entire environment.
This consists of giving more granular access to the user. He is no longer given access to everything with a password, but rather to a specific item for a defined period of time.
Multi-factor authentication is a component of modern authentication. Multi-factor authentication can take different forms.
On the one hand, multi-factor authentication may require the user to use 3 methods to log in. Thus, the user will have to connect with something that he has in his possession (ex.: his telephone), something that he knows (ex.: his password) and something that he is ( e.g. fingerprint or facial recognition). These 3 cumulative channels can be a multi-factor authentication method.
On the other hand, multi-factor authentication can also be performed on different devices. For example, the user attempts to log in by writing down their password on their computer, then they must approve the login attempt on their smart phone for access to be granted on their computer. It is also a multi-factor authentication method!
Why and what are the changes
Why these changes
These changes are being made primarily because 99% of attempts to compromise an account are denied by implementing Modern Authentication. It goes without saying that Microsoft decided to make these changes in order to considerably increase security in its environment.
What to expect
Although these changes are very positive for users, Microsoft has tried to roll them out gradually to allow everyone to prepare for this new feature.
Therefore, starting October 1, 2022, Microsoft is disabling all unsafe protocols except for those that request an exception. Starting January 1, 2023, Microsoft will enable all secure protocols, without exception.
If no exceptions are requested for October 1, some systems may no longer be functional if they do not have Modern Authentication. They may be reactivated temporarily. If no work is done in your environment for January 1, 2023, these systems without modern authentication will no longer be functional. Some work in your environment will be required to get everything back up and running. Here is Microsoft’s guidance on this.
As we have seen through this article, Microsoft will gradually transition to a new era of security by January 2023. In order to ensure a more secure environment, Microsoft will abandon Basic Authentication in favor of Modern Authentication, which which will require a bit of adaptation so that your environment remains operational.
In order to ensure the proper functioning of your services, we recommend that you follow Microsoft’s instructions on this subject as mentioned above. If you are a customer of MS Solutions, a communication on this subject has been sent to you within the framework of the nature of the contract that we have with you.