INSZoom will no longer support basic authentication in Calendar Sync for Exchange Calendars (Microsoft) starting September 30, 2022 following Microsoft’s deprecation guidelines.
Microsoft officially announced end of support for basic authentication in September 2021. Effective October 1, 2022, Microsoft is deprecating the ability to use basic authentication for Exchange Online.
This article discusses the basic Authentication, Microsoft's update on the Authentication method, and actions required by INSZoom Case Managers, Firm Admins and IT/ Microsoft administrators of your Firm.
What is Basic Authentication?
Basic authentication is an outdated industry standard and simply means the application sends a username and password with every request for authentication.
Microsoft acknowledges that it is easier for attackers to capture user credentials, which increases the risk of those stolen credentials being reused against other services.
What is Microsoft changing?
With Microsoft’s decision to deprecate basic authentication, apps will not be able to use basic authentication when connecting to Exchange Online and requires apps to move from basic authentication to modern authentication (OAuth 2.0 token-based authorization). Disabling basic authentication can help protect from brute force or password spray attacks. Modern authentication has many benefits and improvements that help mitigate the issues in basic authentication.
What does this mean for your Firm?
In response to Microsoft’s decision, Mitratech is moving from basic authentication to modern authentication for Calendar Sync - Exchange Calendars (Microsoft). INSZoom will use OAuth 2.0 token-based modern authentication to continue offering this integration.
If your Firm is subscribed to Zoom Calendar Sync and you are using the ‘Exchange Calendar’ application type, you were previously prompted to provide your email address and password to authenticate and grant INSZoom access to your Exchange Calendar while setting up Calendar Sync as shown below.
Starting September 30, 2022, this basic authentication will be replaced with modern authentication. All Zoom Calendar Sync users in your Firm will need to re-authenticate using modern authentication to continue syncing their Exchange Calendar with INSZoom.
Note: This change is not applicable if your Firm is using the Zoom Calendar Sync feature to sync events with Google Calendar.
Getting Started with Modern Authentication:
On September 30, 2022, Exchange Calendar will no longer sync with your INSZoom Calendar for all Zoom Calendar Sync users in your Firm. To continue syncing with Exchange Calendar, each user will need to re-authenticate using modern authentication following the steps outlined below:
a. Navigate to Setup > Subscriptions > Zoom Calendar Sync and click on ‘Modify’.
b. Users will be redirected to the Microsoft web-based login page (modern authentication) to authenticate as shown below.
c. With modern authentication implemented, your Microsoft IT administrator is required to grant consent to your Exchange Calendar before it syncs with the INSZoom Calendar. This indicates you will need to work offline with your Microsoft IT administrator to determine the preferred method for granting admin consent. This is an important step and Mitratech recommends reviewing this with your Microsoft IT administrator ahead of the upcoming change scheduled for September 30, 2022.
IT Administrator Options for Granting Application Consent
Microsoft provides IT administrators several options to grant third-party applications the consent required to access your Exchange Calendar. Based on the review by the Mitratech team, we recognize the below two options as best suited for the Zoom Calendar Sync use case. Carefully review the options below and discuss with your Windows IT Administrator to determine the preferred method for you and your Firm.
Option 1: Admin Consent Workflow Enabled
Your Microsoft IT administrator may enable the ability to make requests by using an admin consent workflow that gives admins a secure way to grant access to applications that require admin approval. This option enables end users to request access to applications that require admin consent.
After a Case Manager has successfully authenticated via the Microsoft web-based login page (Subscriptions > Zoom Calendar Sync > Modify), the user may be prompted to request consent directly from the admin as shown below.
Microsoft IT administrators have access to a consent request queue within the Azure console where they’re able to approve or deny a specific consent request. Once a consent request has been approved by an IT administrator, the Case Manager will receive an email alert informing them that the request has been processed.
Upon receiving this confirmation, Case Manager will need to navigate back to INSZoom Subscriptions > Zoom Calendar Sync > Modify and complete their authentication for Exchange Calendar Sync.
Option 2: Granting tenant-wide admin consent to the Zoom Calendar Sync Application
Your IT administrator has the option to grant tenant-wide admin consent that will enable permissions for INSZoom Calendar Sync to access Exchange Calendars for all users in your Firm.
If tenant-wide admin consent is granted, Case Managers can use modern authentication for INSZoom Calendar Sync by navigating to Subscriptions > Zoom Calendar Sync > Modify and complete their authentication for Exchange Calendar Sync without additional intervention from an IT administrator.
Please share the following tenant-wide admin consent URL with your IT administrator if they intend to enable tenant-wide admin consent.
An Alternate Method for Acquiring Admin Consent
The below method is an alternative to enabling the admin consent workflow but it is not recommended due to the risk involved of unintentionally syncing the admin’s calendar with the Case Manager’s Zoom Calendar if the Case Manager doesn’t immediately re-authenticate using their Microsoft credentials after admin consent is provided.
After a case manager has successfully authenticated via the Microsoft web-based login page (Subscriptions > Zoom Calendar Sync > Modify), users may be redirected to the consent prompt for admin approval.
Case Managers can use Microsoft admin credentials if they are a Microsoft administrator or contact their IT administrator to grant access on their behalf by using the appropriate option. Click here to view the related Microsoft article on the differences between having the admin consent workflow enabled or disabled.
With this option, IT administrators should select the checkbox, 'Consent on behalf of your organization'. Providing admin consent this way for the first Case Manager should enable future Case Managers to provide consent for Zoom Calendar Sync without admin intervention.
IMPORTANT: as soon as the admin provides consent, the Case Manager will need to navigate back to INSZoom Subscriptions > Zoom Calendar Sync > Modify and complete their authentication for Exchange Calendar Sync. Delaying this step may lead to the risk of having the admin’s Exchange Calendar synced with INSZoom instead of the Case Manager's Exchange Calendar.
Who can I contact for more information?
Please review this Microsoft article pertaining to the deprecation of basic authentication and reach out to your IT administrator for additional help.