In today’s cloud era, enabling seamless access across devices has been developed to promote better collaboration between teams and employees. Alongside this modern way of working, enhanced cloud security has been equally promoted.
Combining augmented security with accessibility, Microsoft has offered modern authentication—such as password-less and conditional access, multi-factor authentication, and smart cards—for a better cloud experience and to provide more secure authentication in a cloud-based world.
Further promoting safe cloud access, Microsoft even announced that they’ll be disabling basic authentication in the second half of 2021 and setting modern authentication as the default access setting for Outlook.
Are you ready for the shift? In this blog post, we’ll be going through 4 key things you should know before switching over.
1. Can your Outlook model support it?
The first thing you should be aware of is that not all Outlook models can support modern authentication.
While Outlook 2016 and 2019 support modern authentication by default and thus do not require any further action to use these new flows, Outlook models that support legacy authentication such as Microsoft Online Sign-In Assistant or basic authentication still need to be set up.
Therefore, to enable modern authentication in Outlook 2013, you would need to have registry keys which you’ll have to set for every device that you’d like modern authentication to be enabled on.
Outlook 2010, on the other hand, does not support modern authentication whatsoever and will continue to use basic authentication.
Learn more about enabling Microsoft’s modern authentication for Outlook here.
2. You still need to log in your credentials.
Once you enable Exchange Online modern authentication, logging in will be required through a browser-based pop-up asking for UPN and password.
- For Federated setup login domain: Users will be redirected to log in to the identity provider (ADFS, Ping, Okta, etc.).
- If the domain is managed by Azure or set up for Pass Through Authentication: Users will be authenticated with Azure directly or with Azure on behalf of your Active Directory Domain Service.
You also need to look at your Multi-Factor Authentication (MFA)/Conditional Access (CA) settings. If a user account has been set up where MFA or CA requiring MFA is enabled, then the Conditional Access Policy will be the one used to evaluate the user.
Restarting Outlook will be also required once you enable modern authentication in Exchange Online, which leads us to the third point…
3. It can only be enabled tenant-wide.
Because enabling modern authentication can only be done tenant-wide and not per user, group, or any such structure, experts recommend that you implement it during a maintenance period or testing. As mentioned earlier, restarting Outlook will be required for the change to be applied from basic to modern and vice versa.
Also, because Exchange Online has a large infrastructure, it might take longer for the change to be replicated to all its servers, so you might not be able to see the switch immediately.
4. There might be a disconnect when Outlook account credentials are different.
Although this hasn’t been a trend, some users report that Outlook for Windows sometimes doesn’t connect to a mailbox after enabling modern authentication in an Office 365 tenant.
This usually happens if you have multiple mailboxes in one Outlook profile and one of these mailboxes uses a login account that is different from the user’s Windows login. It can also happen if one of your mailboxes is on-premises and still uses RPC while the other is in Exchange Online.
The disconnect is known to happen due to the issue of miscommunication where the default credential is provided instead of the appropriate account credential required to access the mailbox.
If you encounter this problem, experts recommend re-creating your Outlook profile. See more of that here.
To prevent multiple log-in prompts, experts advise that you sync other apps that authenticate with Exchange Online like Skype for Business Online by enabling Modern Authentication for those apps as well.
With the various ransomware attacks happening, it doesn’t hurt to be extra cautious. Applying secure authentication methods might just be a small change, but it helps a lot in securing your organization.
And remember—every change that affects your users must be communicated, so make sure to include your users when implementing this change so as not to create confusion–especially when they need to reauthenticate their accounts!