IT News

Improved Email Security at The U: Legacy Email Protocols have been Disabled


Quick Links – Information for All UM Community and System Administrators

All UM Community

In response to the COVID-19 crisis, Microsoft postponed disabling legacy email protocols* in 2020—such as Internet Message Access Protocol (IMAP), Post Office Protocol (POP), and Basic Authentication; however, Microsoft recently announced they will no longer support these email connections in the future. To that end, the University of Miami disabled these legacy email protocols in Office 365 on May 15, 2021.

Currently, the vast majority of individuals use the preferred Exchange configuration, which is the default for most modern email clients like Microsoft Outlook or the Outlook mobile app, but there are still a small number of individuals using the older email protocols.

If you are not already doing so, we recommend using one of the following email management options listed below in advance of May 15, 2021 to avoid interruption in email service:

To upgrade or download the latest version of the Outlook desktop client:

  • Visit the Office 365 portal at: portal.office.com
  • Enter your UM email address
  • You'll then be redirected to the UM login screen, where you will log in with your CaneID and password
  • Once inside the portal, click the "Install Office" button on the top-right of the page
  • Select "Office 365 apps" to start downloading the Office 365 package, and then select to install the Outlook application

(Note: Native mail clients that support Modern Authentication will continue to function once Basic Authentication is disabled. To that end, if you're currently using the latest version of your devices' native mail client—such as Apple Mail and/or Android Email—you will continue to have access to your email after Basic Authentication is disabled.)

If you have any questions or need technical support, faculty, staff, and vendors should contact the IT Service Desk at 305-284-6565 or help@miami.edu; students should contact the Student Technology Help Desk at 305-284-8887 or sthd@miami.edu.


System Administrators

The retirement of Microsoft's support for Basic Authentication for EWS, EAS, RPS, POP, and IMAP increases security against attacks and phishing schemes. To avoid potential security concerns and/or email-related failures within your application(s), the University of Miami also disabled these legacy email protocols on service accounts on May 15, 2021.

OAuth 2.0 authentication for secure IMAP/POP protocols will be required to read or send email. If you have an application(s) that may be impacted, please check with your vendor on whether they support secure IMAP/POP.

Next Steps for System Administrators:
  • If your application(s) requires secure IMAP/POP, please be aware that you have until May 15, 2021 to upgrade your application(s) to more modern methods.
  • If you need help setting up secure IMAP/POP for your application(s), please submit a request.

For more information, please refer to this Microsoft Office 365 blog post.


*For clarity, below you will find additional information about these legacy email protocols:
  • IMAP allows you to read an email message without actually downloading or storing it on your computer; instead, you're reading it from the email service. IMAP only downloads a message when you click on it, and attachments aren't automatically downloaded.
  • POP works by contacting your email service and downloading all of your new messages from it. Once they are downloaded onto your PC or Mac, they are deleted from the email service. This means that after the email is downloaded, it can only be accessed using the same computer. If you try to access your email from a different device, the messages that have been previously downloaded won't be available to you. In addition, sent mail is stored locally on your PC or Mac—not on the email server.
  • Basic Authentication is also known as proxy authentication because the email client transmits the username and password to Exchange Online, and Exchange Online forwards or proxies the credentials to an authoritative identity provider (IdP) on behalf of the email client or app.

**Office 365 products are currently licensed for full-time and part-time University of Miami faculty, staff, and enrolled (degree-seeking) students. Office 365 licensing is not currently available for the following University roles: affiliates, alumni, applicants, faculty retirees, guests, Jackson residents, non-credit continuing studies, vendor contractors, and withdrawn students.

Top