{"id":610,"date":"2022-08-09T10:39:57","date_gmt":"2022-08-09T09:39:57","guid":{"rendered":"http:\/\/blogs-new.it.ox.ac.uk\/nexus\/?p=610"},"modified":"2022-08-09T10:44:55","modified_gmt":"2022-08-09T09:44:55","slug":"office365-pre-emptively-disabling-basic-authentication","status":"publish","type":"post","link":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/2022\/08\/09\/office365-pre-emptively-disabling-basic-authentication\/","title":{"rendered":"Office365: Pre-emptively disabling Basic Authentication"},"content":{"rendered":"<p>For the steps to follow I can recommend <a href=\"https:\/\/support.practiceprotect.com\/knowledge-base\/disable-smtp-pop-imap-for-office-365-mailboxes\/\">this guide<\/a> from Practice Protect and <a href=\"https:\/\/docs.microsoft.com\/en-us\/exchange\/clients-and-mobile-in-exchange-online\/disable-basic-authentication-in-exchange-online#manage-basic-authentication-in-the-microsoft-365-admin-center\">this one<\/a> from Microsoft.<br \/>\nThere is some confusion about the way that these commands are implemented, with inconsistent behaviour noted, so it&#8217;s sensible to follow all of the advice even when it seems redundant.<\/p>\n<p>Example: The documentation says to run these commands:<\/p>\n<blockquote>\n<pre>Get-AuthenticationPolicy<\/pre>\n<p>(to find the name of the existing authentication policy).<\/p>\n<p>Replace &lt;AuthenticationPolicyName&gt; with the value from the previous step, and then run the following command:<\/p>\n<pre>Set-AuthenticationPolicy -Identity \"&lt;AuthenticationPolicyName&gt;\" -AllowBasicAuthReportingWebServices:$false -AllowBasicAuthOutlookService:$false<\/pre>\n<p>The previous command affects <em><strong>new<\/strong> <\/em>mailboxes that you&#8217;ll create, but not existing mailboxes. To apply the policy to existing mailboxes, use the &lt;AuthenticationPolicyName&gt; value&#8230;<\/p><\/blockquote>\n<p>Testing reveals that on an IMAP connection to a mailbox this setting\u00a0<em>sometimes<\/em>\u00a0blocks existing accounts and <em>sometimes<\/em> it doesn\u2019t.\u00a0 Other Universities&#8217; IT Staff have reported a similar outcome: testing with Thunderbird occasionally permitting mailbox access after multiple connection attempts. In other words these settings variably affect\u00a0existing accounts, contrary to the guidance.<\/p>\n<p>The sensible solution seems to be to disregard any odd outcomes you may observe during testing and simply follow the published guidance as if no anomalous behaviour was noted:\u00a0set a <strong>DefaultAuthenticationPolicy<\/strong> at the organisation level <strong><em>and<\/em> <\/strong>set an <strong>AuthenticationPolicy<\/strong> on every user.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>Thanks to SysAdmins at UEA and University of Dundee for their observations on the Jiscmail mailing list which contributed to this post.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For the steps to follow I can recommend this guide from Practice Protect and this one from Microsoft. There is some confusion about the way that these commands are implemented, with inconsistent behaviour noted, so it&#8217;s sensible to follow all &hellip; <a href=\"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/2022\/08\/09\/office365-pre-emptively-disabling-basic-authentication\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":107,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-610","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/users\/107"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/comments?post=610"}],"version-history":[{"count":6,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/610\/revisions"}],"predecessor-version":[{"id":616,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/posts\/610\/revisions\/616"}],"wp:attachment":[{"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/media?parent=610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/categories?post=610"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs-new.it.ox.ac.uk\/nexus\/wp-json\/wp\/v2\/tags?post=610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}