Microsoft 365
Could the removal of EWS Basic Authentication impact your desk booking system?
What is EWS?
EWS (Exchange Web Services) is an API that allows applications to access mailbox items such as email messages, free/busy status, and contacts.
It is used by a range of applications that you may have running in your enterprise, an example of which is any desk booking and room booking system that integrates with Microsoft Exchange.
What is changing?
Authentication is a key part of any EWS application and in its drive to enhance security, Microsoft is disabling the use of something called Basic Authentication with EWS.
Will the EWS change affect my applications?
If your applications* are attempting to sign-in to Exchange Online using Basic Authentication then yes, they will be affected.
The best way to find out if you have any sign-ins using Basic Authentication is check the sign-in reports within Azure AD. Bear in mind you’ll need to add the Client App column and then filter the view to show sign-ins using Basic Authentication.
*It’s not just EWS that used Basic Authentication. Any other protocols that historically had Basic Authentication as an option will also be impacted. These protocols include POP/IMAP, ActiveSync and RPC over HTTP.
This means protocols that use this method of authentication are likely to stop working.
What do I need to do to move to Modern Authentication?
Switch any applications that use EWS to use something called Modern Authentication.
Moving to Modern Authentication will require that you register an application within Azure AD. It’s worth noting that at the time of writing it’s only possible to set a 24-month expiration date on any Client Secret associated with an application registration so make sure to set a reminder!
Is there a workaround?
If you are already seeing issues but aren’t yet in a position to move to Modern Authentication, then it may be possible to temporarily re-enable Basic Authentication in your tenant. By clicking on the green Help and Support option on the front page of the Office 365 Admin Center and searching for the following “Diag: Enable Basic Auth in EXO” you can temporarily re-enable Basic Authentication.
From there it’s possible to run a diagnostic test to see for which protocols Basic Authentication has been disabled and allows them to be temporarily re-enabled. This workaround will only be in place until 31st December.
What happens if I don’t move from Basic Authentication?
Any application that relies on connecting to Exchange Online using Basic Authentication runs the risk of that application no longer working.
When is the deprecation of EWS happening?
It’s already started. Microsoft has been turning off Basic Authentication for multiple protocols including EWS since the 1st October 2022.
The ‘switching off’ process has been taking place on random tenants (rather than taking a region by region or tenant size approach) so there’s really no way of knowing when this is going to happen to any specific tenant. But make no mistake, it’ll be coming to yours soon!
Can you help me?
Yes we can. If you are a customer of any Essential resource booking solution and you are using an on-premises installation, we can help you upgrade to the minimum product version to support Modern Authentication.
If it’s not already configured, then we can help you make this update also.