Recently, Microsoft announced the end of support for Legacy Authentication and Azure AD Connect depreciation. In this article, you can find more information about the deadlines and how to deal with this end of support.
Easi can help to create a report, so you are aware if Legacy Authentication is still in use and in which part of your tenant. Do not hesitate to contact us for any information or help you may need.
If you require assistance with the Azure AD Connect upgrade, we're also here to help you with that!
Legacy authentication depreciation
From October 1st, 2022, Microsoft will start to permanently disable basic authentication in all Exchange Online tenants, regardless of usage, with the exception of SMTP authentication.
The overall scope of the program includes Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote Powershell, MAPI, RPC and OAB.
First of October 2022 Microsoft will start the operation, this is not the date that it will be disabled for everyone. They will randomly select tenants and they will warn the tenant administrator 7 days before that the operation will be done on his tenant.
The operation should be finished by the end of the year.
SMTP authentication
SMTP authentication will not be disabled. This means that printers, scanners and other devices and appliances can continue to send mail through the O365 tenant. SMTP Authentication is however already disabled for the tenants that are not using it.
If SMTP authentication is enabled in your tenant, Microsoft will not disable it. It is however recommended to disable SMTP Authentication at the tenant level and to enable it only for the user accounts that need it.
You can find a procedure for this here: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
Mobile Access
Microsoft recommends using Outlook for iOS and Android when connecting to Exchange Online.
Other common Mail applications already published a new version with Modern Authentication or are planning an update. (eg.: Apple Mail app)
Outlook clients
Outlook 2007 and Outlook 2010 cannot use Modern authentication and will eventually be unable to connect.
Outlook 2013 requires a registry setting to enable Modern Authentication, but once configured, Outlook 2013 can use Modern Authentication with no issues.
All later Outlook versions have Modern Authentication enabled by default.
All Outlook versions require however a registry setting to force Modern Authentication. More information can be found here: https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/modern-authentication-configuration
Azure AD Connect depreciation
Starting 31 August 2022, Microsoft will not support Azure AD Connect versions prior to version 2.0.
Version 2.0+ is only supported on Windows Server 2016 and higher operating systems.
After this date, Azure AD Connect functionality will eventually stop working.
Retiring Azure AD Connect 2.x versions
Microsoft will begin retiring past versions of Azure AD Connect Sync 2.x 12 months from the date they are superseded by a newer version.
This policy will go into effect on 15 March 2023, when Microsoft will retire all versions that are superseded by a newer version on 15 March 2022.
Impact for your business
If you are running Azure AD Connect on a Windows Server version prior to Server 2016, you need to upgrade this server and the Azure AD Connect software.
Another option is to install a new Windows Server and to migrate the Azure AD Connect software to this new server.
If you are running Azure AD Connect version 2.0.89 or lower, you also need to upgrade this version to the latest available before 15th of March 2023.
You also have to make sure to regularly check for new versions so the version in use never becomes outdated.