Email Clients and Modern Authentication
On October 1st, 2022, Microsoft will be depreciating basic authentication for Exchange Online. This change will affect users that are using basic authentication and legacy protocols to access their Rose-Hulman email accounts.
What Are Legacy Protocols and Basic Authentication?
Legacy protocols are processes that use "basic authentication" to connect to email clients, calendars, and web services. Basic authentication simply means a user's credentials (username and password) are sent to an application upon every login request. These credentials are often stored or saved on the device and make it easier for attackers to capture user credentials. While basic authentication is enabled, enforcement of multi-factor authentication (MFA) is not possible.
What Is Modern Authentication?
Modern authentication utilizes OAuth 2.0 which allows an application to receive a logon token without being aware of the user's credentials (username and password). Modern authentication is more secure and allows for the use of MFA.
What Email Clients Support Modern Authentication?
Microsoft Outlook clients:
Most modern, 3rd party email clients support modern authentication (OAUTH). Examples include (but are not necessarily limited to):
If you are an Android user, you must use the Outlook, Gmail, or another app that supports modern authentication to connect to your Rose-Hulman email. The Outlook app is highly recommended.
Although many email clients support modern authentication (OAUTH), depending on when (and how) you setup your Rose-Hulman mail account in the client, they may still be using basic authentication. To ensure your email client is using modern authentication, it is best to remove your account entirely and re-add it.
Mail app (macOS)
See Remove an Email Account to remove your "username@rose-hulman.edu" account from the Mail app on macOS. Use the option to stop using the account in all apps. Once removed, re-add your account using the steps in Add an email account. Select Exchange (or Microsoft Exchange) when prompted, enter your RHIT email address, and click Sign In.
Mail app (iOS)
See Remove your email account and set it up again (bottom of article) to remove your "username@rose-hulman.edu" account from the Mail app on iOS. Once removed, re-add your account using the steps in Add an email account to your iPhone, iPad, or iPod touch. Use the automatic option, select Exchange (or Microsoft Exchange) when prompted, enter your RHIT email address, and tap Sign In.
Gmail app (Android)
See Remove an account to remove your "username@rose-hulman.edu" account from the Gmail app on Android. Once removed, re-add your account using the steps in Add an account. Select Exchange and Office 365 when prompted, enter your RHIT email address, and tap Next.
Thunderbird (all platforms)
In Thunderbird, you can change your account settings in place (without removing and re-adding your "username@rose-hulman.edu" account). This assumes you are using IMAP to receive email and SMTP to send email. To update IMAP authentication, select Tools -> Account Settings, select your @rose-hulman.edu account, and select Server Settings. In the Security Settings area, change the Authentication method to Oauth2. To update SMTP authentication, select Outgoing Server (SMTP) (still under Account Settings), select your @rose-hulman.edu account (likely smtp.office365.com), and click Edit. Under Security and Authentication, change the Authentication method to Oauth2.
From <https://rosehulman.sharepoint.com/sites/EIT/SitePages/Modern-Authentication.aspx>
On October 1st, 2022, Microsoft will be depreciating basic authentication for Exchange Online. This change will affect users that are using basic authentication and legacy protocols to access their Rose-Hulman email accounts.
What Are Legacy Protocols and Basic Authentication?
Legacy protocols are processes that use "basic authentication" to connect to email clients, calendars, and web services. Basic authentication simply means a user's credentials (username and password) are sent to an application upon every login request. These credentials are often stored or saved on the device and make it easier for attackers to capture user credentials. While basic authentication is enabled, enforcement of multi-factor authentication (MFA) is not possible.
What Is Modern Authentication?
Modern authentication utilizes OAuth 2.0 which allows an application to receive a logon token without being aware of the user's credentials (username and password). Modern authentication is more secure and allows for the use of MFA.
What Email Clients Support Modern Authentication?
Microsoft Outlook clients:
- Outlook for Microsoft M365
- Outlook Web Access
- Outlook 2016+ client for Windows
- Outlook 2016+ client for macOS
- Outlook app for iOS and Android
Most modern, 3rd party email clients support modern authentication (OAUTH). Examples include (but are not necessarily limited to):
- Mail app for macOS Mojave 10.14+ (generally, Macs from mid 2012 or newer can run at least macOS Mojave)
- Mail app (built in) for iOS 11.3.1+ (generally, iPhones from 2013 (5s) or newer can run at least iOS 12)
- Gmail app for Android
- Mozilla Thunderbird 78+ for all platforms
If you are an Android user, you must use the Outlook, Gmail, or another app that supports modern authentication to connect to your Rose-Hulman email. The Outlook app is highly recommended.
Although many email clients support modern authentication (OAUTH), depending on when (and how) you setup your Rose-Hulman mail account in the client, they may still be using basic authentication. To ensure your email client is using modern authentication, it is best to remove your account entirely and re-add it.
Mail app (macOS)
See Remove an Email Account to remove your "username@rose-hulman.edu" account from the Mail app on macOS. Use the option to stop using the account in all apps. Once removed, re-add your account using the steps in Add an email account. Select Exchange (or Microsoft Exchange) when prompted, enter your RHIT email address, and click Sign In.
Mail app (iOS)
See Remove your email account and set it up again (bottom of article) to remove your "username@rose-hulman.edu" account from the Mail app on iOS. Once removed, re-add your account using the steps in Add an email account to your iPhone, iPad, or iPod touch. Use the automatic option, select Exchange (or Microsoft Exchange) when prompted, enter your RHIT email address, and tap Sign In.
Gmail app (Android)
See Remove an account to remove your "username@rose-hulman.edu" account from the Gmail app on Android. Once removed, re-add your account using the steps in Add an account. Select Exchange and Office 365 when prompted, enter your RHIT email address, and tap Next.
Thunderbird (all platforms)
In Thunderbird, you can change your account settings in place (without removing and re-adding your "username@rose-hulman.edu" account). This assumes you are using IMAP to receive email and SMTP to send email. To update IMAP authentication, select Tools -> Account Settings, select your @rose-hulman.edu account, and select Server Settings. In the Security Settings area, change the Authentication method to Oauth2. To update SMTP authentication, select Outgoing Server (SMTP) (still under Account Settings), select your @rose-hulman.edu account (likely smtp.office365.com), and click Edit. Under Security and Authentication, change the Authentication method to Oauth2.
From <https://rosehulman.sharepoint.com/sites/EIT/SitePages/Modern-Authentication.aspx>