Microsoft soon to end Exchange Online basic authentication

cybersecurity
Enterprise
        Time's up: Microsoft Exchange Online users face a key security deadline Saturday
    
The company will start disabling a highly vulnerable login option, known as "basic authentication," beginning on Oct. 1 — though customers will have one chance to buy more time to transition off the system.
Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but "unfortunately usage isn’t yet at zero," it said in a post earlier this month.

        Illustration: Christopher T. Fong/Protocol
    
Kyle  Alspach
September 27, 2022
Microsoft is about to eliminate a method for logging into its Exchange Online email service that is widely considered vulnerable and outdated, but that some businesses still rely upon.
The company has said that as of Oct. 1, it will begin to disable what's known as "basic authentication" for customers that continue to use the system.
Basic authentication typically requires only a username and password for login; the system does not play well with multifactor authentication and is prone to a host of other heightened security risks. Microsoft has said that for several types of common password-based threats, attackers almost exclusively target accounts that use basic authentication.
At identity platform Okta, which manages logins for a large number of Microsoft Office 365 accounts, "we've seen these problems for years," said Todd McKinnon, co-founder and CEO. "When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication. So we think this is a great thing."
Microsoft has been seeking to prod businesses to move off basic authentication for the past three years, but "unfortunately usage isn’t yet at zero," it said in a post earlier this month.
Microsoft has delayed the phase-out of basic authentication on several occasions to give those laggards an opportunity to adopt a "modern authentication" system, which supports a more-secure approach, known as OAuth 2.0, and is easier to use with MFA. Now, the company is in fact giving customers one last chance to buy some more time for the switch. 
When we block a threat, nine times out of 10 it's against a Microsoft account that has basic authentication.
If a customer finds that it can no longer access its accounts after this weekend because basic authentication has been disabled, the customer will be allowed to re-enable basic authentication one more time for each Exchange Online protocol that it might use. Basic authentication will remain enabled until the end of December, but will be eliminated, for good, after that, according to Microsoft.
"Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth," the company said in the post. "However, we understand that email is a mission-critical service for many of our customers and turning off basic auth for many of them could potentially be very impactful."
In essence, Microsoft's message to customers is that "we're forcing you down the path of better security," which overall is a win in the battle against cyberattacks, said Joseph Carson, chief security scientist at privileged access management vendor Delinea.
Still, for businesses that have been slow to adopt newer technology and have yet to move off basic authentication, the upcoming move could pose a significant disruption, Carson said.
"They're going to be struggling to move forward," he said. "It could prohibit the business from functioning for a while until they make the [modern authentication] investment."
Kyle  AlspachKyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.
mfamicrosoftoffice 365authenticationcybersecurity
Fintech
        Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time
    His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.
The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster. 

        Photo: Carolyn Van Houten/The Washington Post via Getty Images
    
November 21, 2022
Veronica Irwin
	Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.
November 21, 2022
“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”
That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui. 
Keep ReadingShow less
Veronica Irwin
	Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.
cryptocurrencyblockchainbitcoinlawsuit
sponsored content
Sponsored Content
        How is technological innovation breaking down barriers and increasing access to financial services?
    
November 14, 2022
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
November 14, 2022
The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.
Keep ReadingShow less
FTA
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.
sponsoredsponsored content
amazon web services
Enterprise
        AWS CEO: The cloud isn’t just about technology
    As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

        Photo: Noah Berger/Getty Images for Amazon Web Services
    
November 21, 2022
Donna Goodison
	Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
November 18, 2022
AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.
It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.
Keep ReadingShow less
Donna Goodison
	Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
awsamazon web servicescloud computinganalyticsdata analyticsadam selipsky

        Farewell from Protocol
    

        Image: Protocol
    
November 15, 2022
Bennett Richardson
	Bennett Richardson (
	@bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.
Jamie Condliffe
	Jamie Condliffe (
	@jme_c) is the executive editor at Protocol, based in London. Prior to joining Protocol in 2019, he worked on the business desk at The New York Times, where he edited the DealBook newsletter and wrote Bits, the weekly tech newsletter. He has previously worked at MIT Technology Review, Gizmodo, and New Scientist, and has held lectureships at the University of Oxford and Imperial College London. He also holds a doctorate in engineering from the University of Oxford.
November 15, 2022
We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.
As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.
Keep ReadingShow less
Bennett Richardson
	Bennett Richardson (
	@bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.
machine learning
Enterprise
        Why large enterprises struggle to find suitable platforms for MLops
    As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.
As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

        Photo:  artpartner-images via Getty Images
    
November 15, 2022
Kate Kaye
	Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.
November 15, 2022
On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.
Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.
Keep ReadingShow less
Kate Kaye
	Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of RedTailMedia.org and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.
mlopsaimachine learning
Latest Stories
See more
Most Popular

        Is there a paved road toward cloud native resiliency?
    
Bulletins
November 15, 2022 11:00 EST

        Mobile gaming's surprising slump is dragging down the game market
    
November 14, 2022 16:47 EST

        Amazon will lay off workers ahead of holiday season
    
November 14, 2022 15:28 EST

        Google settles with state AGs over location-tracking disclosures
    

Time's up: Microsoft Exchange Online users face a key security deadline Saturday

The company will start disabling a highly vulnerable login option, known as "basic authentication," beginning on Oct. 1 — though customers will have one chance to buy more time to transition off the system.

Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

How is technological innovation breaking down barriers and increasing access to financial services?

Penny Lee, Chief Executive Officer, Financial Technology Association

Alex Marsh, Global Head of Policy, Klarna

Todd Denbo, Commercial Leader of Money & CEO of Intuit Financing, Inc., Intuit

Mahesh Kedia VP, GTM Strategy, New Market Entry and Revenue Operations, Marqeta

Katherine Carroll, Global Head of Policy and Regulation, Stripe

Teddy Flo, Chief Legal Officer, Zest AI

Andrew Gray, Partner, Morgan Lewis

John Pitts, Global Head of Policy at Plaid

Farewell from Protocol

Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Millions of models

Open or closed

Engineering talent crunch

Is there a paved road toward cloud native resiliency?

Mobile gaming's surprising slump is dragging down the game market

Amazon will lay off workers ahead of holiday season

Google settles with state AGs over location-tracking disclosures