On September 1, we have archived all prior re-enable and opt-out requests. We’re using this same diagnostic again, but the workflow is changing a little. Thousands of customers have already used the self-service diagnostic we discussed in earlier blog posts ( here and here ) to re-enable basic auth for a protocol that had been turned off, or to tell us not to include them in our proactive protection expansion program. In other words – if you do not want basic for a specific protocol or protocols disabled in October, you can use the same self-service diagnostic in the month of September. We will disable basic for any non-opted-out protocols, but you will be able to re-enable them (until the end of the year) by following the steps below if you later decide you need those too. If you already know you need more time and wish to avoid the disruption of having basic auth disabled you can run the diagnostics during the month of September, and when October comes, we will not disable basic for protocol(s) you specify. During the first week of calendar year 2023, those protocols will be disabled for basic auth use permanently, and there will be no possibility of using basic auth after that. Selected protocol(s) will stay enabled for basic auth use until end of December 2022. Once this diagnostic is run, basic auth will be re-enabled for those protocol(s).
When we turn off basic auth after October 1 st, all customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they need, once per protocol.
#Basic auth. in eventscripts update#
Today we are announcing an update to our plan to offer customers who are unaware or are not ready for this change. However, we understand that email is a mission-critical service for many of our customers and turning off basic auth for many of them could potentially be very impactful. Our goal with this effort has only ever been to protect your data and accounts from the increasing number of attacks we see that are leveraging basic auth. There are also many customers aware of the deadline who simply haven’t done the necessary work to avoid an outage. Despite multiple blog posts, Message Center posts, interruptions of service, and coverage via tweets, videos, conference presentations and more, some customers are still unaware this change is coming. We recognize that unfortunately there are still many tenants unprepared for this change. What If You Are Not Ready for This Change? The data for August 2022 will be sent within the first few days of September. If you have not (or are not sure), check the Message Center for the latest data contained in the monthly usage reports we have been sending monthly since October 2021. If you have removed your dependency on basic auth, this will not affect your tenant or users. We will post a message to the Message Center 7 days prior, and we will post Service Health Dashboard notifications to each tenant on the day of the change.
N ot in scope for this disablement (we are not making changes to): Protocols that are in scope for disablement: Starting October 1 st, we will start to randomly select tenants and disable basic authentication access for protocols in scope. Despite that, we will start to turn off basic auth for several protocols for tenants not previously disabled. We’re not done yet though, and unfortunately usage isn’t yet at zero. Since our first announcement nearly three years ago, we’ve seen millions of users move away from basic auth, and we’ve disabled it in millions of tenants to proactively protect them. One month from today, we’re going to start to turn off basic auth for specific protocols in Exchange Online for customers who use them.
0 kommentar(er)
