Using Modern Authentication on Office 2013 Apps
How to enable Modern Authentication on Office 2013 applications
For many years, applications have been using Basic Authentication including Office applications (Outlook in specific) to connect with Exchange Web Services. Although Basic Authentication was not bad, all it does was to receive an HTTP request with username and password, authenticate it and some times save it on user’s device. It did not use TLS to encrypt the request which was the main drawback and hackers could easily get to the request.
Organizations have now seriously considering to adopt strict secure policies to safeguard their workloads and thinking of options for alternative authentication protocols. Modern Authentication is the alternative which is based on OAuth 2.0 token-based authentication. Simply put, these tokens have a specific lifetime to be used by resources and cannot be reused. Even, Multi-factor authentication (MFA) can be easily setup on OAuth 2.0.
For Office applications including Outlook, Microsoft has begun deprecating the Basic Authentication starting from October 2021. This deprecation will also take effect on EWS, MAPI, POP, EAS, IMAP and SMTP authentication.
Be informed that Outlook 2007 and 2010 will not support Modern Authentication but Outlook 2013 requires an additional setting to let it use Modern Authentication.
Which authentication am I using?
A user can himself observe or notice which authentication protocol has been in use by the application by looking at the sign-in dialog.
This is the dialog for Modern Authentication
And here is the dialog for basic authentication
You can also check by pressing CTRL + Right click on system tray icon of Outlook and click Connection Status. Here in the Authn column if you see the value “Clear” then it means Basic Authentication is being used. But if you see “Bearer” then it means Modern Authentication is being used.
How can I disable Basic Authentication at Org-Level?
If you are concerned about your org-level security (which you must) as System Admin or Security Engineer, there are several ways to block Basic Authentication using below methods:
- Enable Security Defaults from Azure AD to block all legacy authentications
- Disable from Office 365 Admin Center > Settings > Org Settings > Modern Authentication.
- Enable Azure AD Conditional Access policies to block basic authentication
Enable Modern Authentication on Outlook 2013
The Modern Authentication is by default enabled on Office 2016 and later versions. For Office 2013 specifically Outlook, there is a special registry key that needs to be created with a DWORD value.
Set the following registry keys on the Windows device where Office 2013 is installed:
Key: HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
Type: REG_DWORD
Value: 1
Key: HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version
Type: REG_DWORD
Value: 1
Restart your device once registry keys are updated.
Thank you.