One way attackers wiggle into Microsoft Exchange Online is through systems that have Basic Authentication enabled. Account compromise rates in tenants who have disabled legacy authentication are significantly lower than overall rates. Microsoft has announced it will turn off Basic Authentication for Exchange Web Services on October 13, 2020.Last week Microsoft went one better and announced it will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online on the same date. Any application using OAuth 2.0 to connect to these protocols will continue to work without change or interruption. I\u2019ve already recommended that you disable Basic Authentication to beef up security in Office 365.What should you do now if you have Office 365? Start by moving away from the native email applications on Android and Apple iPhones and moving people to the Outlook applications. If you are planning a move to Office 365 away from on-premises Exchange, you should move people over to the application now. The application supports additional protocols and email platforms, so if your users receive personal email as well as the firm email on their phones, you can migrate all email over to Outlook. There are several ways to handle the migration. Smaller firms can send out communication to your clients and instruct them on how to find the application in the app store on the phones, download it, and then set up their email account on the new application. If Autodiscover is set up properly, all you need do is inform people to download the application, enter their email address and password, and the application will connect to the appropriate mail server.Alternately, you can use Intune to assign the Outlook app to users. I recommend rolling out the Outlook app while letting people keep the native phone app so you can fine-tune adjustments in the Outlook app and get people used to the change.Moving to Outlook using IntuneAs noted in the blog post, you\u2019ll want to go to the Azure Portal and log in as an administrator. Click on \u201cAdd\u201d and select \u201ciOS\u201d and then browse for the Outlook app. Review the information provided automatically by clicking on \u201cApp information\u201d. Susan BradleyUsing intune to push out the Outlook application to usersNext click on \u201cAssignments\u201d and \u201cAdd group\u201d. Select \u201cRequired\u201d at \u201cAssignment type\u201d to enforce the app on mobile devices. Susan BradleySetting email policiesSelect \u201cIncluded Groups\u201d and choose which group you want to target or use both switch to deploy to all users or all devices. Once you configure the included assignment, click on \u201cOk\u201d at the bottom. If you want to set a policy that users can\u2019t copy business information from the Outlook app to a personal app, you can set up a policy to limit this. Susan BradleyAssigning policiesTo create an app protection policy, open your browser and navigate to this page on the Azure portal. Click on \u201cAdd a policy\u201d and type a policy name. Select the iOS platform and click on \u201cSelect required apps\u201d. Check all apps and click \u201cSelect\u201d at the bottom. Click on \u201cConfigure required settings\u201d and change these settings.Allow the app to transfer data to other apps: Policy managed appsPrevent \u201cSave As\u201d: YesSelect which storage services corporate data can be saved to\u2014e.g., OneDrive for Business, SharepointRestrict cut, copy and paste with other apps: Policy managed apps with paste inClick on \u201cOk\u201d at the bottom once you\u2019re finished. Click \u201cCreate\u201d at the bottom to save the new policy.Now that the policy is created, assign the policy to the same group you used to deploy the Outlook app. Click on your new policy and then click \u201cAssignments\u201d. Click on \u201cSelect groups\u201d to include, choose the same group previously selected for Outlook app assignment, and click \u201cSelect\u201d.You can now use the Outlook app throughout your organization. The app supports modern authentication, and once you\u2019ve weaned users off the native phone application, you can disable Basic Authentication without any side effects. Some users may prefer the focused view for the Outlook app, others would prefer that focused view is disabled and that conversations are not threaded. You can finally disable the main email application by going into settings, accounts and passwords and deleting the existing account.The change does not impact SMTP authentication. However, you may want to review how you have SMTP authentication set up.Change is coming to Office 365 and Microsoft\u2019s mandate will help keep us all safer from credential harvesting attacks. Take the time now to migrate to safer and more secure applications.Don\u2019t forget to sign up for TechTalk from IDG, the new YouTube channel for tech news of the day.