Modern Authentication Affects Some Outlook Logins Beginning May 20 | Information Technology | University of Pittsburgh
!

You are here

Modern Authentication Affects Some Outlook Logins Beginning May 20

 

Effective Friday, May 20, 2022, Pitt Information Technology will enhance Pitt Email security by enabling Microsoft’s Modern authentication protocol.

Pitt IT is required to make this change in response to Microsoft’s announcement that it is ending support for Basic authentication and replacing it with the more secure Modern authentication protocol. These authentication protocols dictate how users log in to their email client: Basic authentication relies only on your username and password, whereas Modern authentication leverages Pitt Passport and multifactor authentication.

In alignment with Microsoft’s requirement, Pitt IT will prepare the University’s computing environment in two phases:

  • Phase 1: Enable Modern authentication on May 20
  • Phase 2: Disable legacy Basic authentication by Aug. 1

Benefits

  • Security: Modern authentication significantly improves the University’s security posture and also eliminates the use of legacy Basic authentication, which relies only on a username and password.
  • Consistency: Modern authentication brings the familiar, secure Pitt Passport and multifactor authentication login process that you use with other services to your Outlook desktop email client
  • Support: Modern authentication aligns the University with Microsoft’s support requirements for Outlook

Take Action: Prepare for Phase 1 (before May 20)

  1. Understand how logging in to the Outlook desktop client will change.

After Modern authentication is enabled on May 20, you will occasionally be prompted to log in to your Outlook 2016 or later desktop client with Pitt Passport and multifactor authentication, similar to the way you log in to Microsoft Teams today. Outlook will not prompt you to log in every day. However, like Teams, Outlook may prompt you to log in if you have not used it in a while.

  1. Convert sponsored accounts that are used to share mailboxes to resource accounts.

In some departments, individuals may be sharing the credentials of a sponsored University Computing Account to manage a Pitt Email mailbox or calendar. Effective May 20, resource accounts will replace sponsored accounts as the method for sharing the management of Pitt Email mailboxes and calendars. If you currently share a sponsored account with others in your department for this purpose, please complete the steps on our website as soon as possible to transition the account to a resource account before May 20.

Take Action: Prepare for Phase 2 (before Aug. 1)

Software and services that are incompatible with Modern authentication will stop working after Basic authentication is disabled on Aug. 1. Please take the following steps now to prepare: 

  1. Upgrade your desktop email client if you are using Outlook 2013 or an earlier version.

    To ensure uninterrupted access to your Pitt Email, individuals who use Outlook 2013 or previous versions should upgrade to the current version of the Outlook desktop app through Office ProPlus before Aug. 1. Outlook 2013 will no longer work with your Pitt Email after Aug. 1. (To determine your current version of Outlook, choose File > Office Account > About Outlook.)   
       
  2. Prepare Pitt Email on your mobile device.

    Individuals who access Pitt Email from their mobile devices are encouraged to use the Microsoft Outlook mobile app for Android and iOS devices. Most major third-party email apps also support Modern authentication, including, but not limited to: Gmail app for Android and the built-in Mail app for iOS 11.3.1 and later. (Learn how to find your iOS version or find your Android version.)
     
  3. Ensure departmental applications that integrate with Pitt Email/Calendaring support Modern authentication.

    Departments should identify applications that are using Basic authentication to connect to Microsoft-hosted resources and transition them to methods supported by Modern authentication. In some cases, application developers may need to adjust permissions or change the email protocol.
     
  4. Upgrade non-Outlook email clients and transition from legacy email protocols.

    Individuals who access Pitt Email from non-Outlook email clients (e.g., Thunderbird) should verify whether the client supports Modern authentication. If it does, ensure the client’s settings have been updated to enable Modern authentication. If the client does not support Modern authentication, upgrade to a client that does and configure it appropriately. In addition, those who use legacy email protocols like IMAP, POP, and EWS to connect to their Pitt Email will need to switch to email clients that support Modern authentication.

Frequently Asked Questions

Will I need to log in to my Outlook 2016 or later desktop client every day?

No. If you use Outlook regularly, you will not be prompted to log in with Pitt Passport and multifactor authentication every day. However, if you are away from your computer for two or three days, you will likely be prompted to log in to your Outlook 2016 or later desktop client the next time you use it.

Will this change how I access Pitt Email online through myPitt or Office 365?

No. Nothing will change with the way you access Pitt Email online through myPitt or Office 365.  

What services and protocols use Microsoft Basic authentication?

Microsoft Basic authentication is used by a number of services and protocols, including, but not limited to, the following:

  1. Exchange Active Sync
  2. Autodiscover
  3. IMAP4
  4. MAPI over HTTP
  5. Offline Address (OAB)
  6. Outlook Service
  7. POP3
  8. Outlook Anywhere (RPC over HTTP)
  9. Authenticated SMTP
  10. Exchange Web Services (EWS)
  11. Powershell

Will I be prompted to log in to other Office 365 desktop applications like Word, Excel, and PowerPoint with Pitt Passport and multifactor authentication?

No. Modern Office 365 desktop apps already use Modern Auth by default. The user experience should not change for these apps.

What other email clients support Modern authentication?

Most modern, third-party email clients support modern authentication, including, but not limited to Mail app for macOS Mojave 10.14 and later, the built-in Mail app for iOS 11.3.1 and later, and the Gmail app for Android.

Where can I learn more about Microsoft’s announcement about the end of Basic authentication?

Microsoft’s webpage provides more information about the deprecation of Basic authentication in Exchange Online.