Outlook not so good

sadchild

Dude
Mar 28, 2016
7,252
9,002
168
52
NH
www.asimplecomplex.com
8ball.jpg


Here was the first three hours of my morning (text below was taken from an email I sent everyone after 'fixing' the issue)

Microsoft is discontinuing old methods of how Outlook connects to the cloud email server (“basic authentication” is being “retired”). We use Outlook 2016 which, by default, uses “modern authentication” so it shouldn’t have affected us……

After trying to figure out what else could be the problem, I finally determined that most of our Outlook 2016’s are in fact using basic authentication (which is what Microsoft shut off yesterday).

Then I found Microsoft has a “turn basic authentication back on until the end of the year” (stay-of-execution) feature. I turned it back on at 10:05am and people started getting email again about 20 minutes later.

Moving forward, we’ll need to get everyone’s Outlook using modern authentication or the same thing will happen again at the end of year – and it will be permanent. I’m also curious why 3 users didn’t experience any down time this morning. We’re on it!
 

IdRatherBeSkiing

Sherbet is NOT and NEVER WILL BE ice cream.
Oct 11, 2008
24,665
11,827
168
Toronto, ON
8ball.jpg



Moving forward, we’ll need to get everyone’s Outlook using modern authentication or the same thing will happen again at the end of year – and it will be permanent. I’m also curious why 3 users didn’t experience any down time this morning. We’re on it!
Perhaps it correctly identfies people not doing any work.

Years ago we used VNC to connect to our desktops. This had a side effect of having your display open and unlocked and anybody looking at your monitor could see what you were doing or not doing. The usual way to remedy this was to just turn your monitor off. We had a guy who did questionable work and he was going to work from home one day (like he did fairly frequently) (long before the concept of working from home had any real traction in the workplace). Well, he left his monitor on. We all were laughing at his locked screen clearly visible all day. He didn't stay around too much longer.
 

scotchandcigar

All I wanted was some steak
Feb 13, 2009
19,865
15,864
168
Vacationland
Microsoft is discontinuing old methods of how Outlook connects to the cloud email server (“basic authentication” is being “retired”). We use Outlook 2016 which, by default, uses “modern authentication” so it shouldn’t have affected us……
Is modern authentication the extra characters? Or they text you? Or challenge questions? Or something else?
 

sadchild

Dude
Mar 28, 2016
7,252
9,002
168
52
NH
www.asimplecomplex.com
An analogy to understand the difference:

Basic authentication:

To understand how Basic Authentication actually works, here is an analogy. Imagine the following scenario: You fly abroad, leave the plane and are heading for the border control. Instead of showing your passport, you tell the security officer: “Hi, my name is John Doe, my password is XYZ and I’m originally from Germany”. With this information, the security officer gives the national authorities in Germany a call and explains the following: “There’s a guy at my desk who wants to enter our country. He says he’s from Germany, his name is John Doe and his password is XYZ. Is that correct?”. The authorities check the information and confirm it. So, the security officer is happy to tell you that your information is correct and you’re allowed to enter the country. There are no additional checks like a passport with additional information like a photo, etc. How would the security officer know you are the person you are claiming to be? And anyone who knows your name and your password could pretend to be you.

Modern authentication:

How would Modern Authentication look like in our airport analogy? With Modern Authentication, the procedure seems quite familiar: You fly abroad, leave the plane and go to the security officer at the border control. The officer asks to see your passport on which he can find all the important information needed to identify who you are and where you are from. This information is protected by anti-forgery mechanisms. In the digital word, the passport is what we call an ID token. This token contains important information: who you are, who created the token, how long it is valid, etc.

A bit of the actual differences (not an analogy):

Basic authentication has some drawbacks: Information is sent over the network as cleartext. It is sent in an unencrypted format. Any password sent using basic authentication can easily be decoded.

Modern authentication uses security tokens during the authentication process. Security tokens allow a client application like Outlook (email client) to access protected resources on a resource server like Exchange (email server). Authentication tokens identify a user — the person — that is using the app. Tokens are secured in a number of ways. This ensures they cannot be shared or maliciously used by anyone.
 
  • Like
Reactions: HecticArt

HecticArt

Administrator
Oct 19, 2008
46,362
15,527
168
Toledo, Ohio
Authentication tokens identify a user — the person — that is using the app. Tokens are secured in a number of ways. This ensures they cannot be shared or maliciously used by anyone.
For a few months, then hackers will figure out how to get around it.

Then they will switch to enhanced verified tokens for a little while, before tokens are out.
 
  • Like
Reactions: sadchild