As of October 1, 2022, Microsoft disabled Basic Auth on Microsoft 365 Exchange Online. The first announcement of the deactivation, and with it the information to replace Basic Authentication with the one that is more secure, was already announced by Microsoft in 2019. Now Microsoft has announced a deadline extension until early 2023. Users now still have the option to reactivate the old authentication via self-diagnosis one last time. In the first calendar week of 2023, Microsoft will finally shut down the Basic Auth process. All Jira Software on-premises users below version 8.5.12 will be disconnected from Exchange Online at this time.
Everyone knows it: The standard authentication (Basic Authentication) from Microsoft. Many applications use standard authentication to connect to servers, services, and API endpoints. Quickly and conveniently, the username and password (via http(s)) are thus transmitted to a remote site each time a page is accessed. This makes it easy for attackers to steal data (such as credentials). As of now, access to Exchange Online for Microsoft 365 customers is therefore only possible with modern authentication. It uses the OAuth 2.0 open protocol, which is considered secure.
What is affected by the disabling of default authentication in Exchange Online
- Protocols MAPI
- Offline Address Book (OAB)
- Exchange Web Services (EWS)
- Remote PowerShell
SMTP authentication has also been disabled for all tenants that have not used it so far.
What this means for Jira Software On Premises users under/as of version 8.5.12
All Jira Software on-premises users below version 8.5.12 will be disconnected from Exchange Online by the end of the year, as this version does not yet support OAUTH2.0 (and is therefore inevitably affected without an update). All users running versions 8.5.12 and later must switch to OAUTH2.0 for the Exchange Online connection. Otherwise, it is no longer possible to receive tickets by mail, send notification mails or initiate other mail processes via Exchange Online. Third-party vendors such as Email This Issue for Jira are also affected by this change and must be converted to the modern authentication standard.
Atlassian provides the following instructions for in-house mail handling: Setting up OAuth 2.0 integration | Atlassian Support | Atlassian Documentation.
Email This Issue (META INF) supports users with the following guidance: OAuth2 Authorizations in Email This Issue – Email This Issue(meta-inf.hu//email-this-issue/v/email-this-issue-for-jira-server-data-center/documentation/).
Enterprise Message Handler for Jira (JEMH) provides the following guide to correct implementation: Gmail and O365 deprecation of basic auth in favor of OAuth 2.0 for POP/IMAP mail retrieval – JEMH for Jira Server/Data Center – Enterprise Mail Handler for Jira – The Plugin People Confluence (atlassian.net).
In principle, the cloud is also affected; here, the connection of Exchange Online must also be switched to OAUTH2.0 by the end of the year at the latest. Procedure details: Microsoft Oauth for Incoming Emails on Jira Software Cloud (atlassian.com).
>> Our Tip:
Update Jira: to at least 8.5.12 and switch all mail handler authentication to OAUTH2.0 (whether 3rd party plugin or out of the box mail handler from Atlassian).
If acute mail problems occur, contact Microsoft support and involve them via self-service to temporarily reactivate the affected protocols: Basic Authentication Deprecation in Exchange Online – September 2022 Update – Microsoft Community Hub.