Category: blog

Simply Secure – Microsoft Outlook Changes

Microsoft Office 365
Outlook Authentication Changes

I’m Really Busy, what do I need to know

If you use Microsoft Office products, specifically Outlook, and have a Microsoft based email account, and you are not running a supported Office version, you will need to upgrade. This is due to upcoming changes to Microsoft authentication.

Generally speaking the following versions of Outlook lose login ability to email services on or about October 1, 2022 :

  • Microsoft Office for Windows/Outlook 2007
  • Microsoft Office for Windows/Outlook 2010
  • Microsoft Office for Windows/Outlook 2013
  • Any version of Microsoft Office for Mac below 2016

Affected users:

Questions? Contact us.

additional Background

For many years, applications have used Basic authentication to connect to servers, services, and API endpoints. Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. Traditionally, Basic authentication is enabled by default on most servers or services, and is simple to set up.

Simplicity isn’t at all bad, but Basic authentication makes it easier for attackers to capture user credentials (particularly if the credentials are not protected by TLS), which increases the risk of those stolen credentials being reused against other endpoints or services. Furthermore, the enforcement of multi-factor authentication (MFA) is not simple or in some cases, possible when Basic authentication remains enabled.

Basic authentication is an outdated industry standard. Microsoft actively recommends that customers adopt security strategies such as Zero Trust (Never Trust, Always Verify), or apply real-time assessment policies when users and devices access corporate information. These alternatives allow for intelligent decisions about who is trying to access what from where on which device rather than simply trusting an authentication credential that could be a bad actor impersonating a user.

What’s Changing

Microsoft is removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac.

They are also disabling SMTP AUTH in all tenants in which it’s not being used.

This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication. For example, OAuth access tokens have a limited usable lifetime, and are specific to the applications and resources for which they are issued, so they cannot be reused. Enabling and enforcing multi-factor authentication (MFA) is also simple with Modern authentication.

When does the change occur

Microsoft has already started making this change. New Microsoft 365 tenants are created with Basic authentication turned off as they have Security defaults enabled.

Beginning in early 2021, Microsoft started to disable Basic authentication for existing tenants with no reported usage.

In September 2021, Microsoft announced that effective October 1, 2022, they will begin disabling Basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. 

On September 1, 2022, Microsoft also announced there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off early in January 2023, with no possibility of further use. 

References

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Simply Secure — eWaste Recycling

e-waste

City-TOWN-County

  • North Port
    • Electronic items are referred to as E-Waste and can be recycled.  Please do not place them in your automated garbage container.  To dispose of electronic waste, please call Public Works Customer Service at 941-240-8050 to schedule a pickup. The following E-Waste can be recycled:
      • Computer towers
      • Laptops and tablets
    • Televisions, printers and computer monitors are considered garbage.  If you cannot fit them in your normal garbage tote, please schedule a bulk pick up by calling Customer Service at (941) 240-8050. 
  • Port Charlotte
    • Residents can bring their household hazardous waste to the County’s Mini-Transfer and Recycling Facilities. A select few household hazardous waste items can be picked up by the residential curbside service.
    • Charlotte County only offers these services for residential households, businesses must hire a hazardous hauler.
    • Unwanted electronics, e-waste, can be picked up on your regularly scheduled service day by request only. To schedule an E-Waste pickup with pickup request form or call Waste Management at 941.629.1106 or 941.697.0012 (Englewood area) 2 days prior to your scheduled pickup day.
  • Punta Gorda
    • Residents are allowed to place discarded electronics curbside for collection and proper disposal, including but not limited to
      • Computers, monitors, printers, TV, DVD, and VCR players
    • They will be collected same day as recycling collection but through a separate non-compacting truck
    • If an item cannot be picked up, an exception tag will be issued to notify the resident
  • Sarasota
  • Venice
    • Residential customers may dispose of household waste with hazardous components at times and locations designated by Sarasota County pursuant to the Sarasota County household hazardous waste collection program or pursuant to disposal methods authorized or recommended by the director.

Business – other

Disclaimer: We are not paid or compensated by any vendor for any product(s) or services listed. If you don’t like our recommendation(s), no need to send us your grievances! Paint the sky with rainbows and use whatever meets your needs!

Simply Secure – Internet is Forever

the internet is forever
The Internet is Forever

Without getting into the technical details, you can make certain assumptions about personal data on the internet. Don’t believe me? email me your name…that’s all…just your name…I’ll show you whats available.

  • If you
    • post something on a web page — backed up — retained forever
    • register at a website — backed up — retained forever
    • provide an email address — backed up — retained forever
    • write a blog — backed up — retained forever
    • tweet, insta, tikTok — backed up — retained forever
    • send or receive email — backed up — retained forever
    • post a selfie — backed up — retained forever
    • use a privacy browser, (TOR) — tracked by the NSA — forever
    • use a VPN — tracked by the NSA — forever
    • use a credit card — tracked — backed up — retained forever
    • are pregnant and go online — tracked — backed up — retained forever
    • use online payments — backed up — retained forever
    • pay property taxes to a city or state — backed up — retained forever
    • own and register a company — backed up — retained forever
    • file taxes with the IRS — backed up — retained forever
    • use a cellphone to call, text, etc., — backed up — retained forever
    • have a driver’s license — backed up — retained forever
    • registered to vote — backed up — retained forever
    • use a web browser like Chrome — screwed — backed up — retained forever

The right to ‘be forgotten’ only applies to search engines, (Google, Bing, Yahoo, etc.) — it does not force any providers of services listed above to remove you from their list.

The Internet is forever….