Switch to Modern Authentication in Microsoft Exchange before Oct. 1
OMES Cyber Command encourages organizations to utilize CISA’s guidance on switching from Basic Authentication in Microsoft Exchange Online to Modern Authentication before Microsoft begins permanently disabling Basic Authentication on Oct. 1, 2022. Basic Authentication is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Authentication before Oct. 1 and enable MFA.
CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Authentication. For more information, CISA recommends reviewing Microsoft’s Deprecation of Basic Authentication in Exchange Online documentation and the associated Exchange Team blog post, Basic Authentication Deprecation in Exchange Online.