Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online

Tnx SeanMSFT

For access to 365 Exchange, MSFT has variously announced:

- “We want your help in getting users to move away from apps that use Basic Authentication, to apps that use Modern Authentication” [MSFT’s 20-09.2019 Basic Authentication deprecation statement] :  

 -  that Basic Authentication is deprecated and will be disabled in Q3ish 2021 (?). Customers should replace it by Oauth2 authorization (including Openid Connect authentication), aka Modern Authorization

- that SMTP AUTH with Oauth2 using V2.0 authorisation and token endpoints and the Graph v1.0 api is available from May this year

- that SMTP AUTH is now disabled by default for new tenants, and can be enabled at the tenant level (using Powershell) or mailbox level (using Powershell or using the SMTP AUTH mailbox permission. Since this disabling is at the protocol level, OAuth2 for SMTP will be disabled by default.

SMTP itself is thus in effect deprecated but with no discontinue date.

Could MSFT then kindly clarify one simple point which may be obvious to everyone else:

Is the preferred way forward to use:

-  an Oauth2 access token as a bearer token acquired via MSAL

    to access

-  sendMail in Graph REST API (currently v1.0)?

And could MSFT clarify how this relates to the preferred authentication/authorisation and ‘send mail’   processes used in:

- desktop Outlook 2016 (onwards) – whose native preferred network protocol is MAPI over HTTP

- Android and iPhone phone/tablets – whose native preferred network protocol is EAS