Basic authentication is an old industry standard for authenticating client-server connections. In recent years, however, it has proven to be an important attack vector for compromising data security. As a result, most software vendors have abandoned aging mechanisms in favor of modern OAuth 2.0-based authentication for improved security.
The same goes for the Apple Mail app, which switched to modern authentication a few years ago. However, this means that new accounts added to the device will only enjoy increased security after migrating from Basic to Modern, while old accounts still use Basic. This problem even extends to the original configuration spread across new devices and backups. Microsoft is now addressing this problem once and for all by partnering with Apple.
JOIN US ON TELEGRAM
Apple will integrate support for Resource Owner Password Credentials (ROPC) authorization in a future iOS 16 update. This handler ensures that the app uses credentials stored on the device in a secure manner. After this update, the Mail app will use ROPC to leverage the user’s existing credentials to create an authentication flow for Exchange Online accounts with Azure Active Directory.
The user will receive an OAuth token in response, their account will be configured to use modern authentication permanently, and finally, the basic authentication credentials will be removed.
To make this transition as smooth as possible, Microsoft encourages tenant administrators to review controls and policies such as conditional access (CA) and multi-factor authentication (MFA), which may require user input before switching. Likewise, Microsoft is encouraging administrators to grant resource access to the Mail app at the tenant level so that each user doesn’t have to approve permissions individually.
However, if the user uses mobile device management (MDM) solution, there is no automatic switch to modern authentication, which requires collaboration with the MDM vendor to ensure ROPC workflow is used in the mail application.
This switching of authentication workflows will happen in the upcoming iOS 16 and iPadOS 16 updates. The same feature will also come to macOS 13 at some point. Clients using certificate-based authentication mechanisms will not be affected.
