Modern authentication in Cayosoft Administrator

IMPORTANT: Cayosoft Administrator version 9.2.1 and below is NOT compatible with Exchange Online module version 2.0.6. Exchange Online module version 2.0.5 is required.

In the second half of 2021, Microsoft stopped supporting basic authentication for Exchange Web Services (EWS) to access Exchange Online. Basic authentication was replaced with modern authentication (based on OAuth 2.0). Please see Exchange Online deprecating Basic Authentication - Microsoft Lifecycle | Microsoft Docs for additional information.

Starting from the 8.3.0 version, Cayosoft Administrator uses only modern authentication for Exchange Online-related operations (like mailbox management) and requires Exchange Online PowerShell Module (EXO V2).

IMPORTANT: Basic authentication is still required to send standard email notifications via the Microsoft 365 SMTP server using your 365 accounts. This is a possible reason for basic authentication sign-in events in the Azure AD sign-in logs coming from the Cayosoftservers. These events are also related to WinRM when Administrator Service enumerated opened Exchange Online sessions. It will be fixed in the 9.3.0 version. If you block basic authentication Administrator Service will be able to manage Exchange Online sessions without WinRM.

So, if you use an SMTP server other than office365.smtp.com, you can block basic authentication via the Conditional Access Policy (CAP): Block legacy authentication - Azure Active Directory - Microsoft Entra | Microsoft Docs.

According to the Microsoft article, after October 1, 2022, basic authentication will be deprecated but email notifications through SMTP will continue working in your tenant:Basic Authentication Deprecation in Exchange Online – May 2022 Update - Microsoft Tech Community. It means that if you use Microsoft 365 SMTP server for email notifications and can't create such a CAP to block basic authentication after October 1, 2022, you should not see basic authentication sign-in events in the Azure AD sign-in logs.