Starting Aug. 5, basic Microsoft 365 authentication profiles to be disabled

Starting Friday, Aug. 5, all Purdue campuses will begin disabling Microsoft 365 protocols that are still using basic authentication. Most Purdue email users, including those who use Microsoft’s multi-factor authentication (MFA) , will not be affected by this change. 

To better protect Purdue's M365 accounts and ensure security measures are in line with Microsoft's best practices, several basic (legacy) authentication protocols will be disabled, beginning on Aug. 5 and completing on Sept. 19. This change should only impact a small subset of users still using older authentication methods. The protocols and their respective dates of being disabled are shown here: 

  • Aug. 5: Disable Legacy POP/IMAP. The legacy POP/IMAP authentication protocol is used by older, outdated email applications that connect to your Purdue (Exchange Online) email to send and receive. This change will not impact email applications using POP and IMAP with OAUTHv2 authentication. 
  • Sept. 6: Disable Exchange ActiveSync. This protocol is primarily used by legacy, mobile email applications. Most newer mobile devices should not be impacted. In the event you do experience issues, removing and then re-adding your email account in the application should resolve the issue. 
  • Sept. 19: Disable Outlook for Windows/Mac/Exchange Web Services and Exchange Remote PowerShell. Any users using versions of Outlook earlier than Outlook 2013 for Windows or Mac will need to ensure their client is up to date. Again, if you're already using MFA, then this change should not impact you. Additionally, users using the older Exchange Online Remote PowerShell (v1) to connect Exchange via PowerShell will need to switch to the newer, Exchange Online V2 PowerShell. 

If you think you may be using an application that has authenticated using one of the protocols to be disabled, you are encouraged to contact your campus IT customer service center for guidance to ensure there is no interruption in service. 

How do you know if you will be impacted? 

There are several ways to determine if you are using Basic authentication or Modern authentication. If you are using Basic authentication, you can determine where it is coming from and what to do about it. 

Authentication dialog 

A simple way to tell if a client app (for example, Outlook) is using Basic authentication or Modern authentication is to observe the dialog that's presented when you log in. 

Modern authentication displays a web-based login page: 

microsoftteams-image.png

Basic authentication presents a dialog credential modal box: 

microsoftteams-image-1.png

On a mobile device, you'll see a similar web-based page when you authenticate if the device is trying to connect using Modern authentication. 

You can also check the connection status dialog box, by CTRL + right-clicking the Outlook icon in the system tray and choosing Connection Status. 

When using Basic authentication, the Authn column in the Outlook Connection Status dialog shows the value of “Clear.”  

microsoftteams-image-2.png

Once you switch to Modern authentication, the Authn. column in the Outlook Connection Status dialog shows the value of “Bearer”. 

microsoftteams-image-3.png

Protect your University account and assets  

  • Use a strong password or passphrase for all accounts and do not reuse passwords on multiple accounts.  
  • Enable Microsoft MFA. Purdue University requires multi-factor authentication (MFA) for most systems. To learn more, visit itap.purdue.edu/mfa.
  • Report phishing attempts. Suspicious emails to your Purdue account should be reported by forwarding the message to abuse@purdue.edu 
  • Change your password. If you ever are concerned that you might have shared your password, change it as soon as possible. ITaP also will send an email alert automatically to faculty and staff whenever there is a change to their career account or direct deposit banking information.  
  • Call for help. If you or someone you know has been a victim of this type of email attack, please contact the ITaP Customer Service Center at 765-494-4000 or itap@purdue.edu. 
  • Need additional information about this change? Please visit Microsoft's information release here: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Last updated: July 19, 2022