2023年3月20日
End of Basic Authentication and Migration to Modern Authentication for Exchange Online
Proceedings of the 2023 ACM SIGUCCS Annual Conference
- 記述言語
- 英語
- 掲載種別
- 研究論文(国際会議プロシーディングス)
- DOI
- 10.1145/3539811.3579560
- 出版者・発行元
- ACM
At Kyushu University, Information Infrastructure Initiative provides an email se
rvice named "Primary Mail Service" for students and staff members with Microsoft
Office 365 Exchange Online. On September 20th, 2019, Microsoft announced the en
d of support for Basic Authentication for Exchange Online, which is considered v
ulnerable to identity leakages such as phishing and malware attacks. Microsoft w
ould require users to use Modern Authentication such as Exchange protocol or OAu
th 2.0 authorization with IMAP, POP, and SMTP. Historically we had instructed ou
r users to use IMAP or POP and SMTP protocols for their email applications, incl
uding Microsoft Outlook and Mozilla Thunderbird, so disabling Basic Authenticati
on would significantly impact our user population. In September 2021, Microsoft
announced the end of September 2022 as the hard deadline for disabling Basic Aut
hentication. Based on available information, we prepared migration documents fro
m Basic Authentication to Modern Authentication and started to notify users to a
bandon Basic Authentication. Sending messages to users did not seem to be effect
ive after a couple of notifications, so we tried to temporarily disable Basic Au
thentication to realize the remaining users through authentication failures. In
this paper, we would like to share our experiences about the effect of retiring
Basic Authentication for Exchange Online on our service and users.
rvice named "Primary Mail Service" for students and staff members with Microsoft
Office 365 Exchange Online. On September 20th, 2019, Microsoft announced the en
d of support for Basic Authentication for Exchange Online, which is considered v
ulnerable to identity leakages such as phishing and malware attacks. Microsoft w
ould require users to use Modern Authentication such as Exchange protocol or OAu
th 2.0 authorization with IMAP, POP, and SMTP. Historically we had instructed ou
r users to use IMAP or POP and SMTP protocols for their email applications, incl
uding Microsoft Outlook and Mozilla Thunderbird, so disabling Basic Authenticati
on would significantly impact our user population. In September 2021, Microsoft
announced the end of September 2022 as the hard deadline for disabling Basic Aut
hentication. Based on available information, we prepared migration documents fro
m Basic Authentication to Modern Authentication and started to notify users to a
bandon Basic Authentication. Sending messages to users did not seem to be effect
ive after a couple of notifications, so we tried to temporarily disable Basic Au
thentication to realize the remaining users through authentication failures. In
this paper, we would like to share our experiences about the effect of retiring
Basic Authentication for Exchange Online on our service and users.
- リンク情報
- ID情報
-
- DOI : 10.1145/3539811.3579560
- DBLP ID : conf/siguccs/Kasahara23