Tenant disabling of Basic Auth cause OAUTH iPhone to break
-
MS just disabled Basic Auth this morning on the tenant of one of my clients. Did not know and did not care, because zero things at this site use basic auth. All the users are on the current O365 version of the installed apps.
But some of the iPhone users have been spammed with the pop up to enter their Exchange password.
This pop up actually is useless on iOS, because you have to sign in to MS services with the "log in" method by going into settings (repeatedly cancelling the password pop up box) and into mail -> accounts -> then tap re-enter password to get the auth webpage.
My phone, and all the other users were correctly setup with OAUTH style "log in" for their email in the Mail app on iOS.
Disabling of Basic Auth should have done nothing.
-
@JaredBusch Thanks for heads up will keep an eye on this. Most of our iPhone users are using the Outlook IOS app but we have a couple who use the native client.
-
is it possible to know which method was used when signing in with the native client?
-
@Dashrender said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
is it possible to know which method was used when signing in with the native client?
Technically, I think you could dig that out of the Azure activity logs but I haven't really looked into it much (although that question keeps surfacing). But it's not something you'd be able to see on the client side since it doesn't determine the auth, it's just prompted at the time the request is generated so by re-entering the password in settings it'll generate a modern auth request if basic was used prior.
-
@Dashrender said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
is it possible to know which method was used when signing in with the native client?
I found a workbook that can be used to uncover apps/users using legacy auth. Although that was more helpful before October since now it's more reactive. https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/workbook-legacy authentication
-
@bbigford said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
@Dashrender said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
is it possible to know which method was used when signing in with the native client?
Technically, I think you could dig that out of the Azure activity logs but I haven't really looked into it much (although that question keeps surfacing). But it's not something you'd be able to see on the client side since it doesn't determine the auth, it's just prompted at the time the request is generated so by re-entering the password in settings it'll generate a modern auth request if basic was used prior.
an answer to this question could have been handy so IT could inform those people to re-authenticate to prevent this issue.. oh well.
-
@Dashrender said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
is it possible to know which method was used when signing in with the native client?
I signed in via the oauth web page, so basic auth should have been in solved in nothing.
This is also not the first account hit. So now, I expect something similar as MS moved through the tenants I have accounts on.
-
@JaredBusch said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
Disabling of Basic Auth should have done nothing.
If the security setting are changed on an account it makes sense to force users to reauthenticate. It might even be best practice.
I think it works the same on other providers.
But there should be some better mechanism regarding authentication in ios and android.