Microsoft Legacy Authentication Deprecation

What is happening?

Microsoft will end support for legacy authentication beginning October 1, 2022.  This will affect how Microsoft applications are able to sync OSU email, calendar, and other Office 365 tools.  

How will this change affect me?

Applications using legacy authentication will lose access to OSU email, calendar, or Office 365 services beginning October 1, 2022.  This may include up-to-date applications that are configured to use legacy authentication even though they support modern authentication.  Many users will need only to remove their email profile from their device and re-add it. Some users may also need to update their Office software or email client, or switch to accessing Exchange email via Outlook on the Web.

How will I know I’m affected?

Communications will be sent directly to affected users beginning April 11, 2022. If you receive a notification that your account has been seen using legacy authentication, you will need to update one or more of your devices.

Unfortunately, we do not have detailed information about which of your devices are using legacy authentication. If you have updated some of your devices and continue to receive notices about legacy authentication, please update all of your devices.

Starting October 1, affected users who have not updated will be unable to login on their devices.

What should I do?

For many users, the resolution will be to remove and re-add your email profile to your device. Note that removing an email profile does not delete your email or calendar items, as they are stored on the server. When you re-add your email profile, you should be redirected to the OSU login screen during setup.

iPhones and iPads

• If your device has iOS 11 or earlier, you will need to update to iOS 12 or newer
• We recommend using Outlook for iOS
• Remove and re-add your email profile in the Outlook app or default Mail app

Androids

• We recommend using Outlook for Android
• Remove and re-add your email profile in the Outlook app or default Mail/Gmail app

MacMail on an Apple computer running macOS 10.13 (High Sierra) or older

• These operating systems don’t support modern authentication
• If the computer is a personal device, we recommend updating to the latest macOS version available to you (Mojave or newer)
• If you are using a university-owned computer, contact your IT group or the Service Desk for assistance
• If an upgrade to at least Mojave (10.14) is not compatible with your computer, we recommend using Outlook on the Web

MacMail on an Apple computer running macOS 10.14 (Mojave) or newer

• Modern authentication is supported in MacMail on Mojave and newer
• Remove and re-add your email profile in MacMail

Thunderbird

• Update your Thunderbird application to version 77.0b1 or newer
• Remove and re-add your email profile in Thunderbird

IMAP or POP

• IMAP and POP setup includes mail and calendar applications that use basic authentication such as Thunderbird, Eudora, PINE, and the current POP version of Gmail’s ‘Check mail from another account’ feature
• Check to see if the developer of your application offers an updated version that is compatible with modern authentication
• If a version supporting modern authentication is not available, we recommend switching to Outlook or using Outlook on the Web

Microsoft Office 2013 or older on Windows or Mac

• Update to the latest version of Office
• You will also need to remove and re-add your email profile in Outlook
• If you cannot upgrade Office, we recommend using Outlook on the Web

Microsoft Office 2016 or newer on Windows or Mac

• Modern authentication is supported in Office 2016 and newer
• Remove and re-add your email profile.  If you access multiple mailboxes and/or calendars, you may want to contact the Service Desk for assistance.

What are Legacy Authentication and Modern Authentication?

Legacy, or basic authentication is less secure and does not allow for multifactor authentication (MFA).  Legacy authentication is characterized by:

• A client or protocol which is incapable of supporting multifactor or two-factor authentication
• A client which sends both username and password to the application

Microsoft has moved to Modern Authentication, also referred to Open Authentication (OAuth) or Active Directory Authentication Library (ADAL).  With modern authentication, your credentials are not sent to Office 365.  Instead, you will be redirected to OSU’s Single Sign-On (SSO) login screen, where you’ll confirm your login and maintain your connection with an OAuth token.  Modern authentication is characterized by:

• A client and service capable of using a protocol configured for multifactor authentication, such as DUO
• A client and service which can accept redirects to the identity provider for all authentication interactions

It may not be obvious whether or not your email applications are using legacy authentication or modern authentication. 

Which mail clients are capable of modern authentication in Office 365?

The following is a list of known client applications that support modern authentication:

• Outlook on the web
• Outlook for Windows (2016 or newer)
• Outlook for Mac (2016 or newer)
• Outlook App for Android
• Outlook App for iOS version 10.x and greater
• Mail app on iOS 11.x+
• Mail app on Mac OS 10.14 (Mojave) and later
• Mail app on Android (dependent on manufacturer)
• Thunderbird app version 77.0b1 or later for Windows, Mac, and Linux