What is happening?

Microsoft are making a mandated change on the 1st of October 2022 and will be retiring Basic Authentication for legacy protocols in Exchange Online.

About email and authentication

When you send an email from your reading.ac.uk or student.reading.ac.uk account, the email contains additional information which advises our Microsoft Exchange email server that you are authorised to send email from that email programme and email account. If you are sending email from an unsupported programme or account, you will get an error message.

The majority of apps, services and websites use Multi-Factor Authentication (MFA), i.e. as well as username and password you need to set up an additional check when logging in, whether via an app or by entering a code sent by email, phone call or text message.

There are some legacy programmes which use Basic Authentication, i.e. username and password only. Support for this is being removed by Microsoft in their Exchange email server on 1st October 2022.

What does this mean for me?

If you are using an email programme with only Basic Authentication, you will not be able to send emails from 1st October and beyond.

Who is affected?

This affects people who are using either an old or nonstandard email app, e.g.

  • If you use older Outlook email programmes, i.e. Outlook 2010 or Outlook 2013
  • If you are on a mobile device and using a non-native email app
  • If you use Thunderbird or Spark as your email client (mainly Mac users)
  • If you manually configured your email client, i.e. you put in your own information when you added your profile, which are now not recommended.

Who is not affected?

You will not be affected if your Microsoft Office is up to date i.e. you use Outlook 2016 or Microsoft 365, you use the built in email client on your mobile (e.g. Microsoft Outlook App), or you use email on the web.

How can I tell?

A simple way to tell if you are affected is how you log in to get your email.

Basic authentication only requires a username (email address) and password, as shown in this screenshot:

Screen capture showing email and password

This is an example of a modern authentication request – it requires additional approval beyond username and password.

Image showing modern authentication method

What do I need to do?

There are several ways to mitigate this by either changing or upgrading your email programme, which are summarised below:

  • All users: Use webmail/Outlook on the web instead. You can access your University email account at https://outlook.office365.com/mail/
  • All users: Change your email programme to Outlook (2016 or 365) or another email client which uses modern authentication such as Gmail. Note that all staff and students are eligible to download Outlook 365 via Microsoft 365 Apps, following these instructions: KI 0202
  • Outlook 2013 users: Remove and re-add your account choosing “Microsoft 365” as the account type.
  • Mobile users: Change or upgrade your email programme to the Microsoft Outlook app.
  • Mac users: Update iOS to current version and reinstall the Apple Mail application
  • Thunderbird users: update to latest version of Thunderbird following these instructions: KI 1209
  • “Other” mail clients, remove and add back account choosing ‘Microsoft 365’ as the account type

For the technically minded, the full table:

Legacy protocol Description What uses it Solution
Exchange ActiveSync & AutoDiscover Used to connect mailboxes to Exchange online * Windows Mail

* Calendar

* Email clients on mobile device

* Mac OS

 Use webmail/ Outlook online

Use Outlook 2016 or Office 365 or Outlook for mobile

Update iOS to current version and reinstall Apple Mail
IMAP Allows access to email without downloading it to the device. Email is read directly from the email service Email clients such as Thunderbird and Spark.

Outlook and Apple Mail when manually configured

 Use webmail/ Outlook online

Use Outlook 2016 or Office 365 or Outlook for mobile

Update to current  Thunderbird app

Update iOS to current version and reinstall Apple Mail
MAPI Over HTTP Primary mailbox access protocol used by Outlook 2010 SP2 and later Outlook 2010 and newer email clients on mobile devices Use Outlook 2016 or Office 365 or Outlook for mobile
SMTP Authentication TCP/IP protocol used to send/forward email; it cannot receive messages Email clients such as Thunderbird and Spark.

Outlook and Apple Mail when manually configured

 Update Thunderbird

Remove and add back account choosing ‘Microsoft 365’ as the account type
“Other Clients”

(Linux mail clients, custom mail clients, etc)

 Any other protocols identified as utilizing legacy authentication Application should be up-to-date and added using modern authentication protocol such as ‘Microsoft Exchange’ or ‘Microsoft 365’ option

What happens if I don’t do anything?

If you don’t do anything, you will not be able to send any emails using your current method from 1st October. As this is mandated by Microsoft, DTS have no ability to grant an extension.

Further information:

This change is examined in further detail in this Microsoft article: Deprecation of basic authentication exchange online

What version of Outlook do I have? You can usually find the Outlook product version by selecting Help > About while in Outlook. Also see this article by Microsoft.

Creating a new Outlook profile to restore default settings: KI 1813 How to create a new profile in Outlook 2016 (Windows 10) 

Contact:

If you want any advice or have any issues, please raise a ticket with the IT Service Desk.