Email security changes are coming in October 2022 – How will this affect Dynamics GP users?
Here’s the situation: Beginning October 1, 2022, Microsoft will disable basic authentication for Exchange Online, making modern authentication the only possible authentication method for email functionality in Dynamics GP. This means that some companies might experience disruptions to their email and workflow functionalities in GP if basic authentication is still being used, which is often the case for those using older versions of GP.
Why would Microsoft make this shift? In short, security measures are constantly advancing, and therefore, standard practices need to change. Basic authentication can now be considered a legacy authentication method using an encrypted channel to send credentials that are clear text. If that channel is hacked, your credentials are visible with no further encryption or hashing. That itself is the issue that basic authentication presents – once a hacker gets through that wall, they get your password. But, by disabling basic authentication and making modern authentication the standard, both the channel and your credentials are encrypted and nothing is sent in clear text.
Enabling modern authentication opens the door to using multifactor authentication (MFA), as well, which we highly recommend (but more on that later).
Not sure if this affects you or what actions to take next? Read on, and hopefully we will be able to answer those questions.
What versions of GP support this security change?
Modern authentication and MFA functionality were introduced in Dynamics GP version 18.3 (first released in Fall 2020). So, if you’re on GP 18.3 or GP 18.4, there is no update needed.
If your business is on a previous version of GP 2018 before 18.3, you will need to prepare for this shift by catching up on your year-end updates.
If you’re using an older version of GP, such as 2015 or 2016, you will require more to get your tenant ready for this security change: you’ll need an upgrade.
What version of GP do I have?
If you’re unsure what version of GP you’re running, you can easily check. There are two places in GP where your version is clearly displayed. The first is in your initial GP sign-in popup box:
The next location shows you more granular details about your tenant. After logging in to GP, click the question mark in the top right corner of the screen, then “About Microsoft Dynamics GP…” in the pop out menu that appears.
Will I be affected?
Any new tenants created in the last few years are likely 18.3 or higher and would therefore already have basic authentication disabled by default, so you’re likely fine. Everyone below 18.3 will need to get on GP 18.3 or 18.4, or you will lose workflow and email capabilities in GP.
But remember, if you’re currently using basic authentication (even if you’re in the newer versions of GP), you also need to ensure you switch over to modern authentication to avoid disruption come October 1, 2022. Check in with your partner and they can help you with next steps or assure you if you’re good to go.
What is multifactor authentication, and how does it connect to this security change?
You may be used to signing into online accounts with a username and a password—MFA adds a second component that helps confirm your identity and keep hackers from breaching your accounts. Because of this, MFA, which is a type of modern authentication, is sometimes also called “two-step verification.”
While a password is something you know and which can be guessed or discovered by hackers or phishers, this second sign in step is much harder to steal, and usually fall into these categories:
something you have – such as a smartphone or USB key
something you are – such as a fingerprint or facial recognition
After you enter your username and password, you will be prompted to follow through with the second step of verification, which you have previously set up.
MFA is the height of credential security, and enabling it within Office 365 and Dynamics GP will reap the best rewards, in terms of security, for your organization. We’re talking intense walls up between hackers and phishers. Even if they get your password, there is that authentication requirement that they won’t be able to get past. And good news: it’s a relatively easy process to setup MFA in Office 365 and Dynamics GP.
How to Enable MFA
When responding to this security change there are three steps administrators must take to enable MFA, assuming it is not set up in any locations across your Microsoft apps.
Video: How to turn on multi-factor authentication in Microsoft 365.
Set up MFA in Microsoft 365 if it is not already enabled.
Register the app (Dynamics GP) via the Azure Portal. This step essentially establishes an association and a string of instructions that will, upon a user signing in, redirect them to authenticate, then redirect back to GP if the authentication was successful.
Set up company email settings in Dynamics GP. When you register GP in the Azure Portal, you will receive an Application ID that you will then copy-paste into the company email settings page in GP.
Once you enter the Application ID into the company email setup in GP, individual users will be guided through setting up their MFA the next time they log in. In addition, once users have successfully logged in with MFA on a device, they will only occasionally need to authenticate thereafter.
Step 2 and 3 of turning on MFA—those steps to set it up in Dynamics GP—are documented in this video from Microsoft:
Video: Setting up and Troubleshooting Modern Authentication in Dynamics GP.
Overall Recommendations
First, we want to reiterate that we highly suggest that—although it is not strictly required and even if you’re not impacted by this security change—you enable MFA anyway. There’s really no reason not to use it and every reason to use it.
Concerning the security changes, we suggest you check your GP version ASAP to see if you are on 18.3 or higher. Remember:
If you’re on a version of 18 lower than 18.3, you will have relatively simple year-end updates to apply, and then you’ll need to ensure you have modern authentication enabled and basic authentication disabled. Then, you can set up MFA in Office 365 and GP. Though this is not as deep a shift as it might have been, we advise you do this ASAP so you are prepared.
If you’re on a version older than 18, you will require upgrades that may take more time, and you should plan accordingly. You don’t want to be down to the wire, here. Once you upgrade to a newer version of GP, you will have modern authentication enabled by default, can set up MFA, and will be on your way.
But our ultimate recommendation is to, first and foremost, connect with your partner. They can confirm if you’re good to go, if you need to upgrade, or what else you need to do to get ready for this shift. If we are your partner, you can reach out to your client success lead or via the button below.