Skip to content

Microsoft's New Changes Are Music to Our Ears

2 min read

Last Friday Microsoft announced that they are getting rid of Basic Authentication in Exchange Online and we think this is excellent news. For years, their client apps have used Basic Authentication, where the application sends a username and password with every request, to connect to servers, services and endpoints.


In 2018 they announced they were turning off Basic Authentication for Exchange Web Services on October 13, 2020. But writing on the Exchange Team blog on Friday, Microsoft announced that they were also going to turn off Basic Authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP and Remote PowerShell on October 13, 2020.

"Simplicity isn’t at all bad in itself, but Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials (particularly if not TLS protected), which in turn increases the risk of credential re-use against other endpoints or services. Multi-factor authentication (MFA) isn’t easy to enable when you are using Basic Authentication and so all too often it isn’t used.

"Simply put, there are better and more effective alternatives to authenticate users available today, and we are actively recommending to customers to adopt security strategies such as Zero Trust (i.e. Trust but Verify) or apply real time assessment policies when users and devices are accessing corporate information. This allows for intelligent decisions to be made about who is trying to access what from where on which device rather than simply trusting an authentication credential which could be a Bad Actor impersonating a user." image

Bridgeway Managing Director Jason Holloway says: “It’s great to see such an influential organisation come to realise the inherent dangers of basic authentication and the improved productivity and security afforded by modern authentication. Zero Trust and password-less authentication are here to stay. The challenge is of course enabling this for a modern, mobile workforce needing to access multiple cloud services (not just O365) and legacy on-premise solutions. Whilst that requires more effort, it also delivers even greater benefits. It’s where we can add significant value too.”

The changes happening here might well affect some of your users or apps, and Microsoft have provided some additional information on Remote PowerShell, POP and IMAP, Exchange ActiveSync and how to assess client impact - regarding the latter they say they are going to make a new tool available.

However, Bridgeway's experts are here to help you navigate the changes smoothly and safely. We already work with organisations that are adopting a Zero-Trust, password-less approach to their information security and we 'd be more than happy to discuss how we can help you too.

Please get in touch now via Live Chat or call 01223 979 090 and speak to a member of our team. Alternatively, email


Latest Blogs

Visit the blog

Overcoming the Most Pressing Challenges CISOs Face Today

It’s no secret that CISOs have some of the toughest roles in any organisation, especially with the...

Read More

How to Calculate a Return on Investment (ROI) of Cyber Security

Cyber security is a minefield for many, not just in terms of its intricacies and ever-changing...

Read More

6 Ways Cyber Security Can Be Improved at Your Company

We know the old ways of working, well, don’t work — and they call for innovative, forward-thinking...

Read More

7 Business Growth Benefits of Cyber Security You Should Know

All organisations understand that cyber security is now an essential expense, helping companies cut...

Read More

The Pros and Cons of a Cost-Benefit Analysis Approach to Cyber Security

The cost-benefit analysis approach to cyber security is perhaps the most popular in helping prove...

Read More

Let's Talk

Get on a first-name basis with the Bridgeway team. Let’s chat about your organisational objectives and any critical cyber security concerns you need to cover.

Let's talk