New cybersecurity changes have been announced as part of Microsoft Outlook Security Update 2024. Targeting personal email accounts aligns with the principles of Microsoft's Secure Future Initiative. There are several changes, the most glaring of which is the deprecation of basic authentication for Outlook personal email accounts starting on September 16, 2024. This means that users without Multi-factor Authentication (MFA) will no longer be able to access their accounts with just basic authentication (e.g., username + password).

Quote from Microsoft's Tech Community Announcement, "Keeping Our Outlook Personal Users Safe: Reinforcing Our Commitment to Security"

Other than mandating the implementation of MFA policies, the ‘Mail’ and ‘Calendar’ applications would also cease to be supported. This announcement came alongside the deprecation of Outlook Light (a deprecated version of the Outlook Web App provided for older and less capable versions of browsers) as well, citing security concerns. Users’ ability to access Gmail accounts via Outlook.com will be removed from here on.

In short, these are the upcoming 2024 Outlook Security Updates at a glance:
1. Outlook personal email accounts will no longer support Basic Authentication from September 16, 2024.
2. Mail and Calendar apps will not be supported on Windows by the end of 2024.
3. The light version of the Outlook web application will be phased out starting August 19, 2024.

This article will address these changes in further detail.

The Case for Modern Authentication and MFA 

September 16, 2024, marks the beginning of the end of Basic Authentication for Outlook clients. Outlook.com, Hotmail.com, and Live.com, will be phased out as it is unsafe. The Outlook Security Update 2024 closes the attack surface, preventing users’ credentials from being exposed to network monitoring tools and potential threats. This happens as they send information over the wire without encryption. Browsers and other applications commonly cache credentials until the browser is restarted. Much like the recent Typhoon 2FA Phishing Threat, this leaves them vulnerable to Man-In-The-Browser (MITB) and other related attacks, exposing users and vulnerable organisations to data breaches and loss of sensitive information.

Deprecations for Windows Applications 

The Mail and Calendar apps commonly found as stock software on most Windows Operating Systems will also be deprecated. They will remain on the Microsoft Store until December 31, 2024, after which they will no longer be supported. Existing users of the Mail and Calendar apps on Windows are advised to transition to the upgraded Outlook for Windows that provides improved security features.

The Outlook Web App running a ‘light’ version will also be deprecated on August 19, 2024, as it adheres to lower security standards.

Adventus Multi-factor Authentication (MFA) Managed Services 

At Adventus, we believe in the same principles of evolving with your MFA needs. In a modernized threat landscape where MFA will become the norm rather than the exception, there is no better time to safeguard your organization and sensitive data. This is especially pertinent after the Outlook Security Update 2024 takes effect.

We are a certified provider of MFA and cybersecurity solutions with a dedicated SOC centre. Adventus Cybersecurity Solutions & Services provides a comprehensive and customisable suite of protections that best suits the threat landscape of your organization. Our priority is being invested in your cybersecurity and managing it to stop attackers. Let us help you protect your interests, employees, and business. Contact us to find out more!