For the past two years, Microsoft has been warning customers that it is deprecating basic authentication in Exchange Online in favor of Modern Auth (OAuth 2.0). These warnings came in waves as Microsoft continued to phase out the method. Now, it appears that the company has released the final announcement to the public on the matter, with the holiday season starting next week in many countries.

In a new blog post, the Redmond-based technology giant advised companies to prepare for the shutdown of Basic Authentication for most protocols in January 2023. The protocols affected by this shutdown are MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS ) and remote PowerShell. It is important to note that the protocol is not disabled for SMTP AUTH, but Microsoft recommended that you disable it yourself.

Organizations will still be notified seven days before the protocol is disabled for them. After shutdown, affected apps will start throwing HTTP 401 error for wrong username/password. The only way for them to work after that would be to switch to Modern Auth.

Microsoft stated that it will be impossible to enable Basic Auth after it was disabled in January. you can find A comprehensive tutorial on this topic is here.