In July 2018, Microsoft Exchange Team made an announcement on support for Basic Authentication in Exchange Online. They were going to start disabling it in 2020. Then Covid came and priorities shifted and multiple date changes later, Microsoft finally pulled the trigger in their support for Basic Authentication at 1. October 2022.
This has left a smaller shock wave for meeting management solutions and companies that were not prepared for this shift. Here at AskCody, we were ready for the change. This is why we want to help companies get started well with Modern Authentication.
From Basic to Modern Authentication
Microsoft has for a long time tried to get companies to switch from basic to modern authentication due to enhanced security measures, improved user experience, and compliance with regulatory requirements. Modern authentication provides multi-factor authentication, making it more difficult for cyber-criminals to gain access. Furthermore, it supports technologies such as OAuth and OpenID Connect for a seamless login experience. Moreover, multi-factor authentication is often required by regulations such as GDPR and PCI DSS.
Want to know more about the differences between Basic and Modern authentication?
Modern Auth challenges for products
By speaking to companies around the world, we realized that companies and products have been affected heavily by the change.
Some meeting management solutions have had serious issues with their Microsoft integration, because they relied completely on their Basic Auth setup. An example is SpaceIQ, a product that has issues enabling Modern Authentication and giving users access to their Microsoft environment.
If you have experienced issues, we encourage you to read our help center article covering all you need to know about retirement for basic auth.
Modern Auth for AskCody
Currently, AskCody accesses data in Microsoft Exchange (both on-premises versions and Exchange Online as part of Office 365) through Exchange Web Services (EWS) using either Basic Authentication or Modern Authentication.
Modern Authentication is based on OAuth 2.0 protocol. Modern Authentication doesn’t require a service account, and therefore doesn’t involve a password that can be compromised, which makes it a more secure authentication method.
All you need to do is have your organization's global administrator grant permissions to the AskCody EWS application through an OAuth 2.0 flow in Azure Active Directory. The AskCody EWS application can then access EWS using a certificate-based authentication flow. However, Using OAuth as an authentication method is only available for Exchange Online.
Where to find it?
For current customers: if your organization uses Exchange Online as part of Microsoft 365, you can now switch to Modern Authentication. Simply, go to your connections in the Admin Center, select a connection, and switch authentication method through a link next to the indicated authentication method.
For the new customers: begin with making a connection through Microsoft Exchange online service in your AskCody Admin Center, and continue setting up the AskCody Platform.
Want to know more?
If you want to know more about differences between Basic and Modern authentication.