With the pending retirement of Microsoft Basic Authentication, the best way to protect mobile device users connecting through Exchange is to move them to Outlook. Credit: Suwaree Tangbovornpichet / Getty Images One way attackers wiggle into Microsoft Exchange Online is through systems that have Basic Authentication enabled. Account compromise rates in tenants who have disabled legacy authentication are significantly lower than overall rates. Microsoft has announced it will turn off Basic Authentication for Exchange Web Services on October 13, 2020.Last week Microsoft went one better and announced it will retire Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online on the same date. Any application using OAuth 2.0 to connect to these protocols will continue to work without change or interruption. I’ve already recommended that you disable Basic Authentication to beef up security in Office 365.What should you do now if you have Office 365? Start by moving away from the native email applications on Android and Apple iPhones and moving people to the Outlook applications. If you are planning a move to Office 365 away from on-premises Exchange, you should move people over to the application now. The application supports additional protocols and email platforms, so if your users receive personal email as well as the firm email on their phones, you can migrate all email over to Outlook. There are several ways to handle the migration. Smaller firms can send out communication to your clients and instruct them on how to find the application in the app store on the phones, download it, and then set up their email account on the new application. If Autodiscover is set up properly, all you need do is inform people to download the application, enter their email address and password, and the application will connect to the appropriate mail server.Alternately, you can use Intune to assign the Outlook app to users. I recommend rolling out the Outlook app while letting people keep the native phone app so you can fine-tune adjustments in the Outlook app and get people used to the change. Moving to Outlook using IntuneAs noted in the blog post, you’ll want to go to the Azure Portal and log in as an administrator. Click on “Add” and select “iOS” and then browse for the Outlook app. Review the information provided automatically by clicking on “App information”. Susan BradleyUsing intune to push out the Outlook application to usersNext click on “Assignments” and “Add group”. Select “Required” at “Assignment type” to enforce the app on mobile devices. Susan BradleySetting email policiesSelect “Included Groups” and choose which group you want to target or use both switch to deploy to all users or all devices. Once you configure the included assignment, click on “Ok” at the bottom. If you want to set a policy that users can’t copy business information from the Outlook app to a personal app, you can set up a policy to limit this. Susan BradleyAssigning policiesTo create an app protection policy, open your browser and navigate to this page on the Azure portal. Click on “Add a policy” and type a policy name. Select the iOS platform and click on “Select required apps”. Check all apps and click “Select” at the bottom. Click on “Configure required settings” and change these settings.Allow the app to transfer data to other apps: Policy managed appsPrevent “Save As”: YesSelect which storage services corporate data can be saved to—e.g., OneDrive for Business, SharepointRestrict cut, copy and paste with other apps: Policy managed apps with paste inClick on “Ok” at the bottom once you’re finished. Click “Create” at the bottom to save the new policy.Now that the policy is created, assign the policy to the same group you used to deploy the Outlook app. Click on your new policy and then click “Assignments”. Click on “Select groups” to include, choose the same group previously selected for Outlook app assignment, and click “Select”. You can now use the Outlook app throughout your organization. The app supports modern authentication, and once you’ve weaned users off the native phone application, you can disable Basic Authentication without any side effects. Some users may prefer the focused view for the Outlook app, others would prefer that focused view is disabled and that conversations are not threaded. You can finally disable the main email application by going into settings, accounts and passwords and deleting the existing account.The change does not impact SMTP authentication. However, you may want to review how you have SMTP authentication set up.Change is coming to Office 365 and Microsoft’s mandate will help keep us all safer from credential harvesting attacks. Take the time now to migrate to safer and more secure applications.Don’t forget to sign up for TechTalk from IDG, the new YouTube channel for tech news of the day. Related content news analysis Cisco unveils AI-powered assistants to level up security defenses New AI-driven tools aim to simplify and bolster policies, alerts and prevention to reduce complexity when setting security policies and assess traffic without decryption. By Rosalyn Page Dec 05, 2023 5 mins Encryption Cloud Security brandpost Sponsored by Microsoft Security How Microsoft and Amazon are expanding the fight against international tech support fraud By partnering with other companies to share vital information and resources, Microsoft is taking the fight to ever-evolving support fraud in 2024…and beyond. By Microsoft Security Dec 05, 2023 1 min Security news analysis Russia's Fancy Bear launches mass credential collection campaigns The campaigns exploit Outlook and WinRAR flaws to target government, defense, and other entities, and they represent a change of tactic for the APT28 group. By Lucian Constantin Dec 05, 2023 5 mins Advanced Persistent Threats Critical Infrastructure Vulnerabilities brandpost Sponsored by Palo Alto Networks Addressing vulnerabilities in OT environments requires a Zero Trust approach Here’s a rundown of why manufacturers are so exposed and how Zero Trust can help solve many security issues. By Navneet Singh, vice president of marketing, network security, Palo Alto Networks Dec 05, 2023 6 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe