CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication (“Modern Auth”) before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA.
CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth.
Source: U.S. Cybersecurity and Infrastructure Security Agency