Microsoft has announced an initiative to increase the security of Outlook personal accounts, aiming to complete these enhancements by the end of 2024. The move is part of the company’s broader efforts under the Microsoft Secure Future Initiative (SFI) to improve defenses against unauthorized access and data breaches.
Transition to Modern Authentication
Beginning September 16, Outlook.com, Hotmail.com, and Live.com users must switch from”Basic Authentication” to “Modern Authentication”, which adds extra layers of security through backend processes and tokens that make it harder for cybercriminals to intercept and misuse login credentials. David Los of Microsoft highlighted in the announcement that any applications not adopting Modern Authentication will be unable to access these email services. Users are recommended to transition to the Outlook app on Windows, iOS, and Android or use Outlook within a Microsoft 365 subscription for continued access.
How Modern Authentication Works
For a long time, applications have relied on Basic Authentication to connect with servers, services, and API endpoints. Basic Authentication involves the application transmitting a username and password with each request, often storing these credentials on the user’s device. Typically, Basic Authentication is the default setting for many servers or services due to its ease of configuration. However, while it was once the norm, Basic Authentication presents a security risk by simplifying the process for attackers to intercept user credentials, thereby heightening the danger of credential reuse on other endpoints or services.
Modern Authentication refers to a suite of identity management solutions, including OAuth 2.0, that enhance security for accessing resources like email, files, and other data across various applications. Unlike legacy authentication methods, which mostly rely on basic username and password schemes, Modern Authentication provides more secure, token-based access. This method not only improves security by supporting multi-factor authentication (MFA) and conditional access policies but also offers a better user experience by allowing single sign-on (SSO) across multiple applications. Microsoft’s push towards Modern Authentication is part of their broader strategy to fortify user credentials and reduce vulnerabilities associated with traditional authentication methods.
Microsoft is emphasizing the transition to Modern Authentication to provide enhanced security against email-based threats. This method includes backend processes and tokens that users might not be aware of but significantly increase security. Users are advised to download the free Outlook apps for iOS, Android, Mac, or Windows to avail themselves of Modern Authentication. Moreover, Microsoft clarified that the Outlook for Windows app is freely available for personal email accounts without requiring a subscription.
Discontinuation of Standalone Mail and Calendar Apps
Microsoft will stop supporting the standalone Mail and Calendar apps by year’s end, encouraging users to move to the Outlook for Windows app. This application supports better security features, including advanced junk mail filtering and Modern Authentication, which are not available in the standalone versions. Additionally, it includes user-friendly options like rich text editing and Copilot integration, aimed at improving the user experience.
Minimum Requirements and Feature Retirements
Microsoft has set minimum browser and operating system requirements for accessing Outlook.com. Starting August 19, the light version of the Outlook Web application will no longer be supported. Users will need to access Outlook.com via modern browsers like Microsoft Edge, Chrome, Firefox, Safari, or Opera to ensure continued service on Windows, macOS, and Linux. Additionally, Microsoft will retire several Outlook features, including the removal of Gmail account access via the left rail in Outlook.com and the phasing out of Cortana-based features like Play My Emails and Voice Search by the end of June 2024.
Last Updated on November 7, 2024 7:37 pm CET
