News
Microsoft and Apple working together will improve exchange online mail security
Basic authentication is an old industry standard for authenticating client-server connections. In recent years, however, it has proven to be an important attack vector for compromising data security. As a result, most software vendors have abandoned aging mechanisms in favor of modern OAuth 2.0-based authentication for improved security.
The same goes for the Apple Mail app, which switched to modern authentication a few years ago. However, this means that new accounts added to the device will only enjoy increased security after migrating from Basic to Modern, while old accounts still use Basic. This problem even extends to the original configuration spread across new devices and backups. Microsoft is now addressing this problem once and for all by partnering with Apple.
JOIN US ON TELEGRAM
Apple will integrate support for Resource Owner Password Credentials (ROPC) authorization in a future iOS 16 update. This handler ensures that the app uses credentials stored on the device in a secure manner. After this update, the Mail app will use ROPC to leverage the user’s existing credentials to create an authentication flow for Exchange Online accounts with Azure Active Directory.
The user will receive an OAuth token in response, their account will be configured to use modern authentication permanently, and finally, the basic authentication credentials will be removed.
However, if the user uses mobile device management (MDM) solution, there is no automatic switch to modern authentication, which requires collaboration with the MDM vendor to ensure ROPC workflow is used in the mail application.
This switching of authentication workflows will happen in the upcoming iOS 16 and iPadOS 16 updates. The same feature will also come to macOS 13 at some point. Clients using certificate-based authentication mechanisms will not be affected.