Microsoft retiring basic authentication for Exchan...

lac_kango · ‎02-12-2020

Hello,

I found a blog about microsoft retiring basic authentication for Exchange Online on October 13, 2020.

https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to...

If this app uses basic authentication, the request will fail after October 13, 2020.

I think this app uses basic authentication. Is there any way this app can use other authentication methods than basic authentication?

splunk version : 7.3.1
app version : 1.1.0

Thanks!

Raphy · ‎01-21-2022

I relaunch this really important discussion about Microsoft Office 365 Reporting Add-on for Splunk that must upgrade to Modern Authentication, as Microsoft company has announced that Basic Authentication will be deprecated.
Indeed in the last post of Microsoft on that topic Published on Feb 04 2021 :

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-s...

They announced :

"Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth."

So, within few months this Add-On will be out of service because It only uses Basic Authentication to connect and to retrieve Message Trace logs from MS Exchange Online.

I agree we have the Splunk Add-on for Microsoft Office 365 that retrieve some useful audit data, but unfortunately It cannot collect Message Trace data as the Microsoft Office 365 Reporting Add-on does.

We already have 2 Splunk Ideas on that subjet :

https://ideas.splunk.com/ideas/APPSID-I-70
https://ideas.splunk.com/ideas/APPSID-I-27

Those evolution are planned, but they should be on going because the evolution to Modern Authentication is today necessary.

I am asking to Splunk corporation and to the developers of these Add-Ons, what is the situation on that subject ? Do you have a solution to provide to Splunk customers that would like to continue to get Mesage Trace logs for security monitoring ?

@abalogh_splunk

@jconger

@Anonymous

jconger · ‎01-21-2022

TL;DR = we are waiting on an updated API from Microsoft.

Background:

The O365 reporting add-on utilizes a Microsoft API called the Office 365 Reporting web service. This API only supports basic authentication, so we're stuck with that for the time being. There currently is no other Microsoft API for O365 message trace data. That being said, we have worked with Microsoft on some of their preview code that will support modern authentication. As soon as Microsoft's code becomes publically available, the O365 reporting add-on will be updated on Splunkbase. Also, there are plans to get this functionality moved over to the Splunk-supported O365 add-on.

kanikisuryateja · ‎08-08-2022

Do we have any update on this?

Do we have any other way to get the O365 message trace logs to Splunk Enterprise security ?

jconger · ‎08-08-2022

Yes.

Version 2.x is out and supports modern authentication (OAuth)!

https://splunkbase.splunk.com/app/3720/

mik3y · ‎04-13-2022

@jconger Hi , are there any further updates on this?

Thanks

North2AK · ‎09-27-2021

Any updates on this?

ozrict · ‎08-01-2021

Any update to this as we are looking to set up this App but as its set to retire im stuggling to gain approval due to uncertainty

pietertruter1 · ‎11-03-2020

Any update on getting this fixed?

adalbor · ‎10-07-2020

Just an FYI all, there are two ideas supporting this requested change.

https://ideas.splunk.com/ideas/APPSID-I-27

https://ideas.splunk.com/ideas/APPSID-I-70

I would recommend voting for at least the first (it has the most hits).

It is also showing in the Planned stage.

gavstead · ‎10-07-2020

Is there an update on this please? Basic Auth is disabled in our company as it is insecure so we cannot use message tracing.

Please can this be fixed ASAP?

Azeemering · ‎08-31-2020

Any update on this? The end of 2020 is getting nearer and would like to know if Splunk is working on an update?

scoxspau · ‎04-27-2020

Note that the October 13 2020 deadline has been pushed back by Microsoft due to the COVID-19 situation:

"In response to the unprecedented situation we are in and knowing that priorities have changed for many of our customers we have decided to postpone retiring Basic Authentication in Exchange Online (MC204828) for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.
We will continue to disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage starting October 2020. And of course you can start blocking legacy authentication today, you don’t need us to do anything if you want to get started (and you should).
We will also continue to complete the roll-out of OAuth support for POP, IMAP, SMTP AUTH and Remote PowerShell and continue to improve our reporting capabilities. We will publish more details on these as we make progress."

hansuleberg · ‎03-26-2020

Hi. It indeed use HTTPBasicAuth. Will this app be updated in time?

[root@awpspkhf23h63 TA-MS_O365_Reporting]# vi bin/input_module_ms_o365_message_trace.py

r = requests.get(
    microsoft_trace_url,
    proxies = proxies,
    auth=requests.auth.HTTPBasicAuth(microsoft_office_365_username, microsoft_office_365_password),
    headers={'Accept':'application/json'})

ChrisBell04 · ‎04-24-2020

The underlying problem is the Microsoft API this addon uses, only currently supports basic auth.

Either that API needs to get modern auth or another API utilized to pull down this type of data.

adalbor · ‎04-27-2020

We actually disabled Basic Auth in our org due to the security implications have been waiting for months for this app to be fixed. We have essentially lost Exchange message tracking logs because of this basic auth issue.

lac_kango · ‎03-29-2020

Thank you for your comment.
I don't even know about the update plan.
I hope it will be updated within the deadline.

martinnepolean · ‎03-27-2020

Any update on this?

siemple99 · ‎03-17-2022

All, the new date from Microsoft is Oct 2022. Any update on the transition or support for Modern authentication?

jconger · ‎03-17-2022

We have been in contact with Microsoft about this. There are near-term and long-term solutions coming. Neither solution is publicly available as of the date of this writing, but we will update the add-on accordingly when a release does happen.

dschroeter · ‎05-18-2022

Hi,

do you have any updates on this. The 1st of october is coming and we have the issue for several environments.

The new authentication feature needs to be implemented.

Thanks

Microsoft retiring basic authentication for ExchangeOnline, is there a way app can use other authentication methods?

troubleshooting

upgrade

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies