As we covered on a previous post Microsoft will do a hard stop on basic authentication on October 2022 but before actually reaching this end date Microsoft is pre-disabling some legacy protocols so tenant admins are forced to tackle the affected users.
Pratically speaking, this means support teams are going to start receiving requests about My iPhone/iPad keeps asking for my password, although I’ve entered it multiple times
. The “annoying” part is these failed sign-ins won’t even show under Azure Sign-in logs so in order for tenant admins to be sure the issue is being caused by a disabled authentication protocol, they’ll need to run a test under the tenant admin page.
How to check if the issue might be a disabled legacy protocol (basic authentication) ?
To make sure the iPhone/iPad connection issue is related to Exchange ActiveSync being disabled please follow these steps:
- Open the tenant admin page
- Make sure you have the support request side blade opened with the problem description “Diag: Enable Basic Auth in EXO” (if you clicked the above link this should be pre-filled)
- Click the Submit blue arrow
- Click the Run Tests button and you’ll get one of the following possible results
- If the tests shows “Microsoft has not blocked Basic authentication for any protocol or feature for your tenant.” then the connection issue is not related to basic authentication.
If it shows “Basic authentication is disabled for the following legacy protocols” then we found the “culprit”
This pre-disabled action should only take 48h and Microsoft will automatically reverse it, with the goal of “bring to the surface” which devices/users will stop connecting on October 1st.
In order to re-enable it manually, just select from the “Protocol to enable” dropdown the disabled protocols, click the checkbox and submit the changes.
How can I move the affected users/devices to Modern Authentication so coming October they won’t have issues ?
The option to re-enable the basic authentication protocols won’t be available on October 1st 2022, this is the hard end of support for these legacy protocols so tenant admins must find all affected devices and move them to the Modern Authentication
First you need to find which devices are still connecting through legacy protocols. Then you need to reach out to them and provide instructions on how to move their devices to Modern Authentication.