Tightening Email security by enforcing modern auth for Exchange Online

Microsoft has been supporting a more secure logon mechanism, namely modern authentication, for accessing Exchange Online as an optional feature. This feature will be enforced by Microsoft stating from 1 Oct 2022. To ensure a smooth transition, ITSC will carry out this enforcement for departments by phases in advance of the Microsoft announced deadline.

The key benefit being that 2FA becomes mandatory for email access and risk due to password leakage can be fully eliminated.

This change will have the following impact to users:

  • Email clients not supporting modern authentication no longer work e.g. Thunderbird, SeaMonkey, Gmail or Android mail
  • Calendar mobile APP not supporting modern authentication cannot be used
  • For those users already using a supported email client, re-configuration (or reset) of the clients may be required after the cutover

During the cutover, users are advised to:

  1. Check your desktop and mobile devices to see if the operating system versions and the email clients are supported. If not, switch to the supported versions in advance in order to avoid prolonged interruptions.
  2. During or after the cutover, you may be prompted to re-logon, or reconfigure your email client from scratch.
  3. Note that Outlook on the web (https://outlook.com/owa/ust.hk) has improved significantly and provide easy access to most Email and calendar functions. It should fit your casual or emergent needs on both desktop and mobile devices. You are advised to bookmark this URL.

ITSC's account manager will contact departmental Cybersecurity Coordinators to fix the cut off schedule starting from Feb 2020.