Using Modern Authentication on Office 2013 Apps

How to enable Modern Authentication on Office 2013 applications

For many years, applications have been using Basic Authentication including Office applications (Outlook in specific) to connect with Exchange Web Services. Although Basic Authentication was not bad, all it does was to receive an HTTP request with username and password, authenticate it and some times save it on user’s device. It did not use TLS to encrypt the request which was the main drawback and hackers could easily get to the request.

Organizations have now seriously considering to adopt strict secure policies to safeguard their workloads and thinking of options for alternative authentication protocols. Modern Authentication is the alternative which is based on OAuth 2.0 token-based authentication. Simply put, these tokens have a specific lifetime to be used by resources and cannot be reused. Even, Multi-factor authentication (MFA) can be easily setup on OAuth 2.0.

For Office applications including Outlook, Microsoft has begun deprecating the Basic Authentication starting from October 2021. This deprecation will also take effect on EWS, MAPI, POP, EAS, IMAP and SMTP authentication.

Be informed that Outlook 2007 and 2010 will not support Modern Authentication but Outlook 2013 requires an additional setting to let it use Modern Authentication.

Which authentication am I using?

A user can himself observe or notice which authentication protocol has been in use by the application by looking at the sign-in dialog.

This is the dialog for Modern Authentication

Modern Authentication dialog

And here is the dialog for basic authentication

Basic Authentication dialog

You can also check by pressing CTRL + Right click on system tray icon of Outlook and click Connection Status. Here in the Authn column if you see the value “Clear” then it means Basic Authentication is being used. But if you see “Bearer” then it means Modern Authentication is being used.

Outlook Connection Status

How can I disable Basic Authentication at Org-Level?

If you are concerned about your org-level security (which you must) as System Admin or Security Engineer, there are several ways to block Basic Authentication using below methods:

• Enable Security Defaults from Azure AD to block all legacy authentications
• Disable from Office 365 Admin Center > Settings > Org Settings > Modern Authentication.
• Enable Azure AD Conditional Access policies to block basic authentication

Enable Modern Authentication on Outlook 2013

The Modern Authentication is by default enabled on Office 2016 and later versions. For Office 2013 specifically Outlook, there is a special registry key that needs to be created with a DWORD value.

Set the following registry keys on the Windows device where Office 2013 is installed:

Key: HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

Type: REG_DWORD

Value: 1

Key: HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version

Type: REG_DWORD

Value: 1

Restart your device once registry keys are updated.

Thank you.