This tech note addresses critical changes to Microsoft's security protocols for authentication in Microsoft Exchange Online, a workaround offered by Microsoft, CygNet's response to this change in authentication for the General Notification Service (GNS) and Flow Measurement Service (FMS), and CygNet's release and patch plan for v9.7, v9.6, v9.5, and v9.4 for this issue.
Changes to Email Authentication
On October 1st, 2022, Microsoft is going to start to turn off basic authentication for specific protocols in Microsoft Exchange Online for customers who use them. This change will impact any CygNet customer currently using Microsoft Exchange Online, which includes Office 365 (O365), and could impact any reporting and notifications that rely on O365.
All supported versions of CygNet Software are impacted by this issue, including CygNet v9.6, v9.5, and v9.4.
Workaround from Microsoft
In their latest communication, Microsoft has provided a workaround for Microsoft Exchange Online users to opt out of having basic authentication turned off on October 1st, 2022 for protocols they are currently using.
Weatherford is suggesting that all customers who are using Microsoft Exchange Online follow the workaround instructions described in the article from Microsoft to avoid disruption in service. This workaround should be executed prior to October 1st, 2022 and will allow basic authentication to be used until December 31st, 2022. Starting January 1st, 2023 basic authentication will be turned off for all protocols.
However, if customers are not able to execute the workaround by October 1st, 2022, Microsoft allows for a one-time re-enable of basic authentication for any affected protocols. See the above article for instructions.
CygNet Support for OAuth 2.0
In CygNet Software v9.6 (released on 3/2/2022) the General Notification Service (GNS) was enhanced to support the OAuth 2.0 protocol for email processing, for user authentication with Microsoft Cloud service resources, supplementing the soon-to-be obsolete basic authentication mode. The OAuth 2.0 authentication protocol is a far more secure method for accessing and sharing information.
In CygNet Software v9.7 (to be released in early 2023) the Flow Measurement Service (FMS) and CygNet Measurement will be enhanced to support OAuth 2.0 for email processing. This enhancement will be back-patched to FMS in CygNet v9.6, v9.5, and v9.4 in October 2022.
Required CygNet Patches
Patches are needed for both the GNS and FMS to support modifications in CygNet's implementation of OAuth 2.0. The required patches for each service will be as follows:
OAuth 2.0 support is currently implemented for the GNS for v9.6, but there is an issue with the current implementation and that issue is targeted to be resolved in the September 2022 96_Patch_Composite.zip. All users must apply the patch, set up OAuth 2.0 credentials, and migrate the GNS to use them.
GNS v9.5 and v9.4
OAuth 2.0 support is currently not implemented in v9.5 and v9.4. Back patches for the changes to these CygNet versions are in progress and are targeted for release in the October 2022 95_Patch_Composite.zip and October 2022 94_Patch_Composite.zip. All users must apply the appropriate patch, set up OAuth 2.0 credentials, and migrate the GNS to use them.
FMS v9.6, v9.5, v9.4
OAuth 2.0 support is currently being implemented for FMS and CygNet Measurement in v9.6, v9.5, and v9.4. These changes are targeted for release in the October 2022
Customers should have the required CygNet patches by end of October 2022, giving two months to deploy and test before Microsoft disables basic authentication for all tenants permanently on January 1st, 2023.
For more information about configuring OAuth 2.0 in the GNS, see the following topics in the CygNet v9.6 Online Help:
Instructions for configuring OAuth 2.0 in the FMS will be provided in the October 2022 patch composite and the CygNet v9.7 Online Help.
If any CygNet customer using Microsoft Exchange Online and one of the impacted protocols does not opt out of disabling basic authentication services for those specific protocols by October 1st, 2022, they will lose O365 capabilities and will not be able to send email notifications from the CygNet GNS.
Microsoft is offering a workaround where customers can re-enable basic authentication for any protocols used, once per protocol, for use until the end of December 2022.
CygNet has implemented an alternative to basic authentication, the OAuth 2.0 protocol, which is now available in the GNS in CygNet 9.6, and is soon to be available in the GNS and FMS for CygNet v9.6, v9.5, and v9.4. Relevant patches providing the OAuth 2.0 protocol will be available for installation via the following patch composites:
September 2022 96_Patch_Composite.zip (required GNS fix)
October 2022 96_Patch_Composite.zip (FMS OAUTH 2.0)
October 2022 95_Patch_Composite.zip (GNS and FMS OAUTH 2.0)
October 2022 94_Patch_Composite.zip (GNS and FMS OAUTH 2.0)
All CygNet patches are available from the CygNet Download Site (login required) in the Patches folder for the appropriate version.