Passwords. Just when you thought there was nothing more to say, we’re back at it.  We can thank Microsoft’s announcement to end Basic Authentication for that.

Basic Authentication is all about how you log into Office 365 and Outlook.  So, while it’s not technically a password change, it will impact the way you and your entire law office enter your passwords in the future. That is why Microsoft’s plan to end (BA) in relation to Exchange Online e-mail services makes many nervous. This was not only a big move for the company, but it was definitely a major upset for those that relied on the ease of use for the once-beloved “simple password” system.

Basic authentication is what you’ve always used. You supply a username and password — simple. However, it’s this portion of the simple security measures that Microsoft plans to get rid of by the end of this year.

While this is undoubtedly the end of an era, the impact that it can have on your law firm and its cyber-security can be significant. Here is a snapshot of what it means for your firm.

Exchange Online and Basic Authentication

Over the last five years, many firms have embraced Exchange Online.

The simple process of supplying a username and password for general access was heaven for most firms. It probably even made you feel that your information was safe and secure. However, with the introduction of modern authentication measures (the new kid on the block for Microsoft), accessing stored information has taken on a new form. It will provide a more secure way for you to access your information and a more sophisticated way of protecting you from hackers.

So, what is the biggest change from BA to modern? If you’ve gotten use to using Basic Authentication and switch to Modern Authentication, the chances that Outlook will probably stop working is extremely high. Another thing to keep in mind is that if you got in the habit of scanning documents to yourself at your copier (multi-function printer), that will probably stop, too.

Modern authentication in Exchange online brings cloud security to the forefront and enables authentication features like multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. This means that information will connect over the internet to the Exchange Online environment rather than directly to the on-premises Exchange environment.

In layman’s terms, many on-premises applications and scripts will have to use the cloud to connect to a user’s mailbox, which is a quite significant change from the previously used “password” protocol.

This will require vendors of third-party applications that integrate with Exchange Online to support Modern Authentication. This may require new versions of, or patches to, existing applications, which might require other components to be upgraded or reconfigured.

Will this change come all at once? According to Microsoft, the company will give those who were using BA a minimum of twelve months’ notice before dismantling the service and eventually blocking all use of BA.

The bright side: it gives everyone some more time to adjust, it still means that firms will need to reconfigure any applications that integrate with Exchange Online to use Modern Authentication instead.

How can you check to see if you have any older protocols currently in use at your firm? I recommend checking the Azure AD sign-in Logs to detect them. And if you need a more expert eye to help, Honeycrisp is here to serve you and keep your most important files secure.


Luke Kumanchik

Entrepreneur, programmer, backyard farmer & Dungeon Master Extraordinaire.