Bye-Bye Basic Authentication

In response to persistent bad actors and increasingly sophisticated threats, the field of IT cybersecurity is developing. Unfortunately, hackers are able to take advantage of Basic Authentication and steal user credentials for their own evil intentions. Multi-Factor Authentication (MFA) is becoming more widely used, but enforcing it can often be challenging or impossible when an application is still utilizing Basic Authentication.

Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Outlook for Mac will no longer support Basic Authentication. Microsoft products such as SharePoint, OneDrive, and Microsoft Teams that already use Modern Authentication won’t be affected.

However, that’s not the case for everything – including BitTitan.

BitTitan is an industry-leading software company with a platform of services that assist IT professionals in more profitably assessing, deploying, and managing cloud solutions. One of these being MigrationWiz, which is the most highly rated product in the cloud office migration tool category. Mirazon has been using these tools for years to help with a wide range of migration projects that include email, documents, and other types of workloads from a variety of Source and Destination endpoints.

Now, due to the rapid increase in security concerns and Microsoft moving everyone to Modern Authentication, there is potential for this to cause more than a few headaches. For Microsoft 365 endpoints used for mailbox migrations, BitTitan now supports Modern Authentication, but getting BitTitan to sync to Microsoft 365 tenants will now be a little challenging with Basic Authentication going away. Read on for instructions on using BitTitan with Microsoft 365 Modern Authentication.

Hello Modern Authentication

Modern Authentication makes it easier for registered applications to connect to Azure Active Directory and Office 365 by providing a more secure authentication mechanism. It not only makes MFA deployment simpler, but it also incorporates several features that improve digital security.

However, if not setup properly you may encounter errors when trying to verify credentials or perform any migration task. An example of one of these errors is:

“Your migration failed while checking destination credentials. Http POST request to ‘autodiscover-s.outlook.com’ failed – 401 Unauthorized.”

In order to resolve these errors and still be secure with Modern Authentication, you will need to create an App Registration in the Azure AD tenant for BitTitan to use. BitTitan can then use the Application ID and Tenant ID created in the App Registration to connect with the tenant and perform all tasks needed for the migration.

In order to create an App Registration you can follow the tasks listed on BitTitan’s Help Center here.

However, there are prerequisites that must be met to enable Modern Authentication. These include:

  • An Azure Active Directory account with the status of Global Administrator. At this time, MFA/2FA is not supported. If enabled, these policies must be disabled for the administrator account.
  • A ready-to-configure mailbox project for MigrationWiz that has already been created.
  • The program will need admin approval. The procedures for giving admin consent will be a part of this procedure. See this Microsoft article for further details on giving admin consent.

Microsoft’s website has information about the deprecation of Basic Authentication. Tenants may re-enable Basic Authentication once between October 1 and December 31, 2022, according to a recent announcement.

At Mirazon, we want to make sure that each and every one of our customers has the knowledge they need to continue managing fast, seamless, and secure migrations.

If you have any additional questions or concerns, please call 502-240-0404 or send us an email at info@mirazon.com