The Microsoft 365 suite of applications and services is ever-growing and improving. The way that these services interact with one another and third-party applications is controlled via an Application Programming Interface (API) – namely, either Exchange Web Services (EWS) or Microsoft Graph.

As with most technologies, older tech is often replaced with more secure, efficient, and robust new tech. This pattern holds true with EWS and Graph as well. As the API successor to EWS, Graph has been developed to provide developers with new and exciting ways to access the rich data that underlies Microsoft 365.

In order to drive organizational and individual adoption of newer technologies, the older technologies – such as EWS – are gradually phased out. In this case, Microsoft is beginning the deprecation of EWS by making October 13, 2020 the final day that Exchange Online will accept EWS connections that use Basic Authentication. It is important to note that this change will not have any effect on Exchange on-premises deployments. Moving forward, to continue using EWS to connect and interact with Exchange Online, developers must write their applications to support OAuth 2.0 – also known as Modern Authentication.

Modern Authentication is a more stable and secure way to access data in Microsoft 365. While this would be a supported scenario (EWS using Modern Authentication to connect to Exchange Online) it is recommended to transition applications to the Microsoft Graph API because Microsoft is no longer releasing feature updates to EWS and are focusing all their efforts on Graph.


How do I know if I am using Basic Authentication to connect to Exchange Online?

At the time of this writing, Microsoft is still developing the reporting functions to alert Microsoft 365 tenant administrators of any client connections to their Exchange Online organization(s). Thankfully, however, admins can take stock of their environments in other ways to determine whether EWS Basic Authentication is still in use. The primary applications to identify and understand are the deployed Office suites on end-user desktops/laptops; as well as, the mobile applications used to connect to Exchange Online mailboxes. The chart below notates which client applications support Modern Authentication, and thus, should be utilized moving forward when connecting to Exchange Online:


Client Application Modern Authentication Supported? Modern Authentication Default?
2019 Office Suite
2016 Office Suite
2013 Office Suite
2010 Office Suite
Outlook for Mobile (iOS and Android)
Android Native Mail
iOS Native Mail prior to iOS 11
iOS Native Mail after iOS 11
Outlook on the Web


Exchange Web Services, Microsoft Graph, and Authentication
Figure 1: Modern Authentication Prompt


basic authentication prompt
Figure 2: Basic Authentication Prompt



Was this article helpful?

Ready to get started?

Get in touch to unlock the full potential of your Microsoft investment.

Get started