It’s not big news that Microsoft is going to disable Basic Authentication in October 2022. Thanks to
What I didn’t get at that time, Microsoft is already randomly disabling Basic Authentication for customers/tenants; of course only if Basic Authentication isn’t used at all.
The process is: We’ll randomly select customers with no usage in any, or all affected protocols, send them a Message Center post informing them that in 30 days we’re going to turn off Basic Auth. 30 days later, we’ll turn it off and send another Message Center post to confirm it was done. Customer protected... check!
Not that bad if you don’t use Basic Authentication, but I did run into a problem with that. I was able to successfully setup Veeam Backup for Office365 with Legacy protocols (Publicfolders )and after a week it suddenly stopped working; all Authentication failed with HTTP 401 or HTTP 403. After not being able to find any problems I contacted Veeam support and received the link above.
So according to the FAQ you can check via the Exchange Online PowerShell if your affected :”Get-OrganizationConfig -BasicAuthBlockedApps”. And Bingo, the result was “255” which means that something happened to the Basic Protocols.
We’ve added a new org level parameter that can be set to turn Basic Auth on or off for individual protocols within a tenant. Admins can view the parameter (-BasicAuthBlockedApps) using Get-OrganizationConfig. It’s not something you can change, and the values we store in there aren’t very user friendly, but luckily Exchange Online knows how to read and enforce them. A value of Null there means we’ve not touched your tenant. A value other than Null means we have, and the diagnostic is the way to determine what is disabled there.
Re-Enable Basic Authentication
With the self-help diagnostic phrase “Diag: Enable Basic Auth in EXO” you should be able to re-enable the disabled protocols/authentication, but in our case it didn’t show up in the Microsoft 365 admin center. So Microsoft Support was the next contact. They’ve had to change/push something in the backend in order to let the self-help diagnostic appear. And after that we were able to enable Basic Authentication and Veeam Backup worked again
If Microsoft decides to disable Basic Authentication for your tenant, you will receive a notification in the message center 30 days before they disable it. BUT! if during the 30 day windows you decided to use this authentication, it won’t stop the process and Microsoft will still proceed and disable it.
One finale note, which I discovered in the blog post from
IMPORTANT: Beginning early 2022, we will selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours. After this time, Basic Auth for these protocols will be re-enabled, if the tenant admin has not already re-enabled them using our self-service tools.