Microsoft Sets Deadline of October 1, 2022 for Dual Authentication when Sending & Receiving E-mails
Cybersecurity threats are now affecting how we will need to send and receive e-mails on a daily basis. For years businesses have been able to send and receive e-mails using basic authentication when connecting a peripheral like a copier through a Mail Server. Basic authentication means the application sends a username & password with every request, normally those credentials are stored on the device the e-mails are coming from. It was enabled by default on most servers and very easy to set-up.
Simplicity was nice, but in today’s world with the ever-increasing Cyber-attacks on businesses, this simplicity makes it far easier for attackers to capture the user credentials and use it against other areas of the business’s infrastructure. Basic authentication is an outdated industry standard and with that Microsoft is taking steps as of October 1, 2022 to step up how e-mails are being sent and received. Currently Microsoft uses basic authentication and sends the information via TLS which is an encrypted connection.
What is the New Standard Being Used?
The new standard will be 0Auth 2.0, this is a two-factor authentication system that many end users have encountered already in their daily lives. This system prompts you for a secondary way to enter an authentication code once your password has been input. Normally this is done via text to a cell phone, once the code is submitted to the prompt then the end user may continue to send and receive documents normally. This 2-Factor Authentication is called Zero Trust strategy and has been adopted as the new standard for protecting businesses against unauthorized access into accounts.
What area of our Business could be Affected Immediately?
Since MFP’s (copiers) use Basic Authentication to transfer scans from the MFP to an email, this affects everyone using the Scan-to-Email Function. All MFP manufacturers use basic authentication to provide ease for IT departments when scanning to e-mail, an easier way to scan compared to setting up folders on an individual’s workstation. At this stage, security outweighs convenience!
As of October 1st, 2022, Microsoft will begin turning off Basic Authentication on Office 365 accounts. The protocol, SMTP Auth, within the Microsoft Security Center will be defaulted to OFF. This will stop Basic Authentication using Office 365 Accounts within each business domain.
Microsoft has stated they will continue basic authentication if it is currently being used by a business when the change goes into effect. If the account is new then the 2-factor authentication protocol will be implemented.
Are there other ways for us to scan using our MFP’s?
1. Create a SMTP Relay for the device. Office 365 Admins have the ability to create an SMTP Relay through the Admin Console for Office 365.
2. Turn on SMTP Auth within the Admin Console in Office 365 (Directions Below):
From Microsoft: SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can’t be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible.
3. Use a different SMTP Server (Google, GoDaddy, or ISP)
4. Use an alternative method to scan. Kyocera’s PinPoint Scan is a great alternative to traditional scanning. PinPoint scan allows end users to scan to many different locations based on their preferences.
Seeing Scan to Email issues after October 1, 2022? Then your Microsoft account may be affected!
There is a lot of information on the web about this change, for more information you can also contact Century Business Products or Catalyst IT if you would like an overview of options to help with this change.