Modern Auth and Exchange Online Migrations
Microsoft has phased out Basic Authentication (Basic Auth), replacing it with Modern Authentication (Modern Auth) to provide increased protection and user security. Through this, Microsoft has turned off Basic Auth for specific protocols in Exchange Online, causing some to wonder how this change will impact Exchange Online migrations.
Those looking to do Exchange Online migrations should consider several scenarios and risks. It’s important to ask, what tenants and workloads might be affected? Which migration tools are best to use? What best practices will ensure a smooth migration?
What is changing?
Microsoft phased out Basic Auth to provide a more secure way for users to access accounts. Basic Auth was limited to simple authentication scenarios that can be vulnerable to hackers and outside sources. Modern Auth, however, provides single sign-on and multi-factor authentication capabilities not available in Basic Auth, helping to ensure that all personal data and accounts are protected.
Primarily, this move impacts Microsoft Exchange Online. Modern Auth in Exchange Online, as implemented by Microsoft, is built on three main components:
- Active Directory Authentication Library. ADAL enables applications to support a variety of sign-in capabilities, including smart card+certificate-based authentication. It also supports two-factor/multi-factor authentication, which allows additional authentication factors.
- OAuth 2.0. OAuth 2.0’s primary role is to authorize applications to share data on behalf of the user, using token exchanges to avoid resending username/password credentials.
- ID Connect. Open ID Connect is an authentication layer built on top of OAuth 2.0. It provides the issuance of an access token, along with an ID token for proving the user’s identity. The ID token contains information about the authenticated user and is digitally signed by the identity provider.
These components increase security, making migrations more secure. However, this change can profoundly impact organizations that haven’t made provisions for this move to Modern Auth, as it will affect the ability to migrate mailboxes efficiently.
To achieve Exchange Online migrations during this transition, IT professionals must consider and implement steps to ensure success.
What steps should I implement to ensure a smooth migration?
Like it or not, Modern Auth is replacing Basic Auth. To ensure a smooth migration during this transitional period, IT professionals should consider the following these steps:
- Plan carefully. If you’re planning a mailbox migration and haven’t done it since Microsoft implemented this change, give yourself extra time and make sure your Source and Destination are where they need to be. Ask yourself the foundational questions to ensure all bases are covered. What data needs to be moved and where? How much data needs to be moved? How will you protect your data during and after a migration? Who needs access to this data?
- Do your due diligence. Understanding the scope of a migration is integral to the process. Conduct high-level analysis of the Source and Destination to understand who will be directly affected by the process and how the migration can impact the past, present and future of a business.
- Make sure you have the right tools. Not all migration tools support Modern Auth. To avoid headaches, IT professionals should confirm that their licenses support Modern Auth. If not, they should research and adopt a migration tool that will. By adopting a migration tool that supports Modern Auth, IT professionals can avoid common migration pitfalls. It’s possible that a destination won’t accept the data in transit, causing the migration to fail. To avoid this, IT professionals should ensure Modern Auth is deployed on both ends of the migration and that their migration tool is able to connect to both Source and Destination.
- Anticipate problems. With any migration, there is an element of risk. Sometimes problems arise that can cause your migration to fail. If you find that your applications are not working properly during or after a migration, contact your Microsoft license dealer for help. During this transitional time, it’s important to utilize all of your resources to ensure tools are working properly.
Always keep your software up to date
Performing routine maintenance and updates on software is critical to avoiding problems before, during and after any migration. Admins that don’t continually update their systems often find themselves without options. Older versions of software depreciate and are no longer supported. This is sometimes the case where admins are using unsupported versions of software and need to revert to older technologies to get them to work. The most sensible path is to keep your software updated to versions with vendor support.
Ensuring a smooth and secure migration process
The shift to Modern Auth can affect Exchange Online migrations. To ensure a smooth and secure migration, it’s critical to anticipate problems and understand the key steps for success. This, along with having the right migration tools that support Modern Auth and up-to-date software, will help ensure efficient migrations during this transition. Change can be hard. But these steps can help ensure a seamless move to Modern Auth and streamlined and effective Exchange Online migrations.
By Stacey Farrar