CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

 

 

From: US-CERT <US-CERT@messages.cisa.gov>
Sent: Tuesday, June 28, 2022 1:19 PM
To:
Subject: CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1

You are subscribed to Cybersecurity Advisories for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available. CISA Releases Guidance on Switching to Modern Auth in Exchange Online before October 1 06/28/2022 02:51 PM EDT Original release date: June 28, 2022  CISA has released guidance on switching from Basic Authentication (“Basic Auth”) in Microsoft Exchange Online to Modern Authentication ("Modern Auth") before Microsoft begins permanently disabling Basic Auth on October 1, 2022. Basic Auth is a legacy authentication method that does not support multifactor authentication (MFA), which is a requirement for Federal Civilian Executive Branch (FCEB) agencies per Executive Order 14028, “Improving the Nation’s Cybersecurity”. Although this guidance is tailored to FCEB agencies, CISA urges all organizations to switch to Modern Auth before October 1 and enable MFA.    CISA recommends all organizations review Switch to Modern Authentication in Exchange Online Before Basic Authentication Deprecation and prioritize moving to Modern Auth. For more information, CISA recommends reviewing Microsoft’s Deprecation of Basic Authentication in Exchange Online documentation and the associated Exchange Team blog post, Basic Authentication Deprecation in Exchange Online. This product is provided subject to this Notification and this Privacy & Use policy.