Enterprise 11 and Basic authentication EOL FAQ
- Updated: 2022/09/22
Enterprise 11 and Basic authentication EOL FAQ
Microsoft will permanently disable basic authentication for specific protocols in Exchange Online starting from October 1, 2022. This impacts customers running bots for email automation that connect to Exchange Online using IMAP, POP3, or EWS protocols with basic authentication.
- What is basic authentication deprecation?
- Microsoft has announced that starting October 1, 2022 basic authentication will be permanently turned off (disabled) for specific protocols in Exchange Online as mentioned below:
- Can the customer extend the basic authentication?
-
Microsoft has provided a one-time re-enablement option for Basic authentication. After Oct 1st, selected protocols can use Basic authentication until the end of 2022.
See the latest post from MS on the Basic authentication end-of-life upcoming Oct 1st, 2022
Basic Authentication Deprecation in Exchange Online – September 2022 Update
With this update, users still have a 3-month window to prepare for OAuth 2.0 before the Basic authentication is permanently deprecated.
- What is Microsoft's recommendation to mitigate basic authentication deprecation?
- As per Microsoft's recommendation, you are requested to switch from basic authentication to OAuth 2.0 if your clients or apps are using basic authentication with any of the affected protocols to connect to Exchange server via Exchange Online.
- Why this change?
- Basic authentication is an outdated industry standard, less secure, and poses high risks to accessing customers' sensitive data. The latest industry standard is OAuth 2.0 which is more secure and less vulnerable to cyber attacks.
- Where is basic authentication used in Enterprise 11 product?
- In Enterprise 11, the basic authentication feature is available in the Email Automation command and in Email trigger where you configure connection parameters using any of the IMAP, POP3, SMTP, or EWS protocols.
- How do I know if I am going to be impacted by basic authentication EOL?
-
Basic authentication deprecation will impact you if:
- you are automating email using Email Automation command or Email trigger
- you are using basic authentication to connect to Exchange Online
- you are using the IMAP, POP3, or EWS protocol
When basic authentication will be disabled by Microsoft starting October 1, 2022 then all the Enterprise 11 bots for Email automation which meets the above mentioned criteria will fail as the bot cannot connect to the Email server.
- When will the support end?
- Basic authentication will be disabled by Microsoft starting October 1, 2022.
- How can I identify the Enterprise 11 bots in my repository that are using basic authentication with Email Automation command or Email trigger?
- For Enterprise 11 bots, you can run the Bot Scanner utility for EOL features. The scanner will generate a CSV output listing all the impacted bots including the specific line numbers and the specific actions to be performed.
- Which feature will be provided in Enterprise 11 to mitigate the risk of basic authentication deprecation?
-
- OAuth 2.0 Authentication for EWS protocol already exists in Version 11.3.5 client. You can also choose to update the bots with OAuth2.0 Authentication for the EWS protocol instead of Basic Authentication with any protocol.
- If EWS OAuth2.0 Authentication is not an option, then you can update the version11.3.5.8 patch scheduled to be released on October 1, 2022, and update the bots with the latest credential.
- Version 11.3.5.8 patch release will support the OAuth 2.0 Authentication for the IMAP, and POP3 protocol.
- What are the different grant types or flows supported for OAuth 2.0 in Enterprise 11?
- In Enterprise 11, there are two primary grant types that are
supported for OAuth 2.0 across Email Automation and
Email trigger:
- Client credentials: Email Automation and Email trigger.
- Authorization code: Email Automation.
Command Email server (IMAP, POP3) EWS Use-case Email Automation - Client credentials
- Authorization code with PKCE
- Client credentials
- Authorization code with PKCE
- ROPC (or Silent)
- Unattended
- Attended
- Unattended
Email trigger - Client credentials
- Authorization code with PKCE
- Client credentials
- Authorization code with PKCE
- ROPC (or Silent)
- Unattended
- Attended
- Unattended
Note:- ROPC (Resource Owner Password Credentials) refers to the existing Silent flow and the Implicit refers to the existing Interactive flow.
- Both ROPC and Implicit grant flows are legacy flows, less secure, and are not recommended by Microsoft.
- The client credentials flow for SMTP protocol is currently not supported by Microsoft to access Email Online.
- What will happen to my existing bots that use email automation when I update to the Version 11.3.5.7?
- When you update to the latest version of the Email Automation or Email
trigger, the existing bots that use email automation will
show the following changes:
- If your bots are using the Email server option with IMAP or POP3 protocol, the Authentication mode option will be set to Basic by default to indicate that the action uses the basic authentication mode.
- If your bots are using the EWS server option with the Authentication mode option set to Basic, you need not update your bots.
- If your bots are using the EWS server option with the Authentication mode option set to OAuth2-Silent, the Authentication mode option will be set to OAuth2 - ROPC to indicate that the action uses the ROPC grant flow.
- Will Automation Anywhere provide any tool to Enterprise 11 customers to update their bots from basic authentication to OAuth 2.0?
- No. You will have to manually update your impacted bots to switch to OAuth 2.0. This requires first-time authentication and approval of the client which needs to be done manually.
- What is the impact on Outlook V2 Meta bot DLL after Basic Authentication EOL starting October 1, 2022?
-
There is no Basic Auth EOL impact on the MetaBot DLL as it uses Outlook to retrieve emails. The MetaBot will continue to work if Outlook is configured and working correctly.
- Are shared mailboxes supported for any of the protocols supported by Email Automation?
- The existing POP3 and IMAP
protocols with Basic Authentication supports shared mailboxes. With Version 11.3.5.7, the shared mailboxes will continue to
be supported for POP3 and IMAP
protocols with OAuth2.0 authentication.Note: EWS OAuth2.0 does not support shared mailbox.
- What is the plan and guidance from Automation Anywhere for Automation 360 customers who are impacted by the basic authentication deprecation?
-
Enterprise 11 users are recommended to migrate their email automation bots to Automation 360 and leverage the OAuth 2.0 support. Post the migration they can manually update their bots by switching from Basic Authentication to OAuth 2.0.