On October 1, 2022, Microsoft deactivated the Standard Authentication (Basic Auth) for Microsoft 365 Exchange Online. The first announcement of the deactivation and thus the information to replace Basic Authentication with a more secure procedure was already announced by Microsoft in 2019. Microsoft has now announced an extension of the deadline until the beginning of 2023. Users now have the opportunity to reactivate the old authentication via self-diagnosis one last time. In the first calendar week of 2023, Microsoft will finally switch off the Basic Auth process. All Jira Software on-premises users under version 8.5.12 will be disconnected from Exchange Online at this time.
Microsoft Basic Authentication Deactivation and the Effects
Everyone knows it: Standard Authentication (Basic Authentication) from Microsoft. Many applications use Basic Auth to establish a connection with servers, services and API endpoints. The user name and password (via http(s)) are transmitted quickly and practically to a remote site every time a page is called up. This makes it easy for attackers to steal data (such as login information). From now on, access to Exchange Online for Microsoft 365 customers is therefore only possible with Modern Authentication. It uses the open protocol OAuth 2.0, which is considered secure.
What is affected by the Deactivation of Standard Authentication in Exchange Online
- MAPI protocols
- RPC
- Offline Address Book (OAB)
- Exchange Web Services (EWS)
- POP
- IMAP
- Remote PowerShell
SMTP Authentication has also been deactivated for all tenants who have not used it to date.
What does this mean for Jira Software On Premises users under/as of version 8.5.12
All Jira Software on-premises users under version 8.5.12 will be disconnected from Exchange Online at the end of the year, as this version does not yet support OAUTH2.0 (and is therefore inevitably affected without an update). All users who exploit versions from 8.5.12 onwards must switch to OAUTH2.0 for the Exchange Online connection. Otherwise, it will no longer be possible to receive tickets by email, send notification emails or initiate other mail processes via Exchange Online. Third-party providers such as Email This Issue for Jira are also affected by this change and must be converted to the modern Authentication Standard.
Atlassian offers the following instructions for in-house mail handling: Setting up OAuth 2.0 integration | Atlassian Support | Atlassian Documentation.
Email This Issue (META INF) supports users with the following instructions: OAuth2 Authorizations in Email This Issue - Email This Issue (meta-inf.hu//email-this-issue/v/email-this-issue-for-jira-server-data-center/documentation/).
Enterprise Message Handler for Jira (JEMH) provides the following guide for correct implementation: Gmail and O365 deprecation of Basic Auth in favor of OAuth 2.0 for POP/IMAP mail retrieval - JEMH for Jira Server/Data Center - Enterprise Mail Handler for Jira - The Plugin People Confluence (atlassian.net).
In general, the Cloud is also affected; here, the connection of Exchange Online must also be converted to OAUTH2.0 by the end of the year at the latest. Details on the procedure: Microsoft Oauth for Incoming Emails on Jira Software Cloud (atlassian.com).
>> Our tip:
Update Jira to at least 8.5.12 and convert all Mailhandler Authentication to OAUTH2.0 (no matter if 3rd party plugin or out of the box Mailhandler from Atlassian).
If acute mail problems occur, contact Microsoft support and involve them via self-service to temporarily reactivate the affected protocols: Basic Authentication Deprecation in Exchange Online - September 2022 Update - Microsoft Community Hub.