Basic Authentication deprecated by Microsoft

Will the Exchange application be updated to use Modern Authentication, and if so, when?

13 Likes

My company will require MFA within a few weeks. So I can not use the native mail en calendar app anymore to access my e-mail. For my case quite urgent

Perhaps the title should be changed to something like Support for Oauth authentication needed in Exchange?

1 Like

I have the same issue: my customer has just implemented MFA on the O365 exchange accounts and as a result my native email + calendar sync stopped working.

@hsjpekka, I opened a new feature request,
https://forum.sailfishos.org/t/modern-authentication-oauth-support-for-the-microsoft-exchange-activesync-e-mail-contacts-calendar/5237?u=sakul
However it seems that the need for Oauth is not a big issue in the community (unfortunately)

1 Like

Since Monday I need also the new app Microsoft… but it doesn’t work. Now I have no access to my emails and calendar. How we can make a quick fix for this app?

There is no quick fix, as the changes required are non-trivial.

A fix involves, at minimum, changing from Basic Authentication to Oauth, and ideally involves retiring Exchange Web Services in favour of Microsoft Graph API. https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055 has details.

1 Like

Just for info (unrelated to the authentication discussion, which remains a valid point), the Sailfish Exchange integration uses ActiveSync (EAS) rather than EWS.

1 Like

@tehhel I read the article you found to the end :grinning:. As I understand it, because of COVID Microsoft have delayed the ‘switch off’ of basic authentication from October 2020 until the second half of 2021, so in a few months now. This seems not only to affect EWS and Activesync protocols, but also IMAP and POP access to Exchange servers, the only thing left unaffected being SMTP. Google have also said they are retiring basic authentication but have similarly delayed this because of COVID (no date officially yet set, but another article seemed to suggest late 2021/early 2022). My own opinion is that, to jump on the security ‘bandwagon’ we can expect others to follow promptly. I am assuming that, and I am sure @flypig will correct me if I am wrong, when this all happens in a few months the stock Sailfish email app will no longer work with Microsoft cloud services (i.e. Office365) and neither will the stock calendar app (and there is no workaround here because Microsoft does not support caldav on O365). I know that some, who use company email on private Exchange servers that already mandate Modern 2FA authentication are experiencing this now). Similarly, when Google retires basic authentication in, maybe, six months to a year, then the stock email app, etc will no longer work with google mail either. And finally, as other suppliers follow suit the same thing will happen. Basic upshot is, I think, that as things stand the stock email, calendar apps, etc will start to stop working over the next six months to a year with most common email providers?

I’m not sure this is true. It may be that a lot of non-technical community users simply don’t appreciate what switching off basic authentication means for them (i.e. if they use an email supplier that no longer supports basic authentication then the stock Sailfish email app simply won’t work any more - and nor will the calendar either if the user was using Exchange).

I’m not a user of Google services, but I’m pretty sure the Google account implementation in Sailfish uses OAuth2 already. I agree with the broader point about the desirability of supporting OAuth2 across all accounts, and especially in relation to Exchange.

1 Like

Oh No … we’ll all have to move our email accounts to the dreaded Google then! :wink:

Blockquote
Oh No … we’ll all have to move our email accounts to the dreaded Google then!
Blockquote

Oh No (to the square root) we have to move to the dreaded Android then!
@ jolla … please hurry with implementation of Oath in Sailfish!

I can’t: the account that uses Exchange is my work account and I have no control over where it is hosted.

1 Like

It does, I already use it. All the more frustrating that the Exchange account doesn’t: it’s not like the sailors don’t know how to implement Oauth2.

1 Like

For anyone interested in this topic, we plan to have some discussion about it in the Community Meeting tomorrow morning. Feel free to join us (or take a look at the minutes if you’re reading this after the event):