Good Day All,
Like many companies out there, we have migrated to Office365 and have our AR System connected to the O365 exchange. I am also the O365 admin for our company and not so long ago received a notice that Microsoft will be retiring basic authentication to exchange O365. The following article provides all of the information related to the Microsoft change (https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to-exchange-online-apis-for-office-365-customers/).
The following protocols will be affected in October 2020 by this change, however any application making use of Modern Authentication, based on OAuth 2.0, for these protocols, will not be affected when connecting to O365:-
- EWS (Has just been released with latest version of ARS 19.08)
After not finding anything concrete on the EWS protocol's security in the 19.08 documentation, a ticket was logged with BMC. Unfortunately this has now revealed that the newly included EWS option in the AR System Email Engine does NOT conform to the required security level. This means that users of any one of the aforementioned protocols, come October 2020, your email engine will in essence not be able to access it's mailbox on the O365 exchange platform. I have posed the question to support on what they suggest we do whilst this idea hopefully gathers votes. No input as yet.
At this point it appears that the only hope is to make use of MAPI which I still have to test. In the few instances of having to make use of MAPI, due to customer policy, I have always found it cumbersome and a single point of failure. I have not tested this option as yet with the latest Outlook version, but I do know that only versions 2013 and up conform to the new Microsoft security policy which means that using a legacy Outlook version, pre 2013, will be problematic too.
I am not sure how many of you out there are either using or have customers using Office365 with a BMC product, but if you do, please vote up on this idea so that BMC can see the value in conforming their products to the new security trends. There are very obvious reasons that old security\authentication methods are being dropped, I hope that BMC will start factoring that in to their development scope.