Information Technology Services (ITS)

Improving information security for the University of Toronto community by disabling legacy authentication

Published on: November 11, 2021

The University of Toronto (U of T) is continually working with the community to better protect the University and its people against security risks. As part of these efforts, we are disabling legacy authentication for all Microsoft 365 UTmail+ users.

What is legacy authentication and why are we disabling it?

Legacy authentication is an unsecure authentication method that can be leveraged by malicious actors to bypass existing protections and compromise user accounts. Many email clients (e.g., Outlook, Apple Mail and Thunderbird) were first set up to use legacy authentication, thus posing a security risk to users. In most cases the same email clients can be set up using modern authentication. By disabling legacy authentication and replacing it with the more secure modern authentication, we can better protect the University community against account compromises and potential phishing attacks.

For more details on legacy authentication and modern authentication, see the article Legacy authentication and Microsoft 365 UTmail+ accounts.

How will the change impact community members?

This change will impact university community members who still use legacy authentication. Community members using legacy authentication will be notified through email.

As a result of the change, users may need to update their account information or remove and re-add their account on the email client. In the rare instance an email client does not support modern authentication, users can either access their U of T webmail account or chose another email client that supports modern authentication.

What can you do if your email client stops working?

You can still access your email by using your U of T webmail account.

You can take the following steps to get your email client working again:

Start with checking if you are using a supported email client that leverages modern authentication. See the list of email clients that support modern authentication.

  • If you are already using one of the supported email clients, remove your account and then re-add it using our Knowledge Base Instructions.
  • If you are not using a supported email client, install one of the suggested clients and add your account to it using our Knowledge Base Instructions.

If you need assistance, please contact Information Commons Help Desk.