Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In February 2021...
Updated Sep 01, 2022
Version 19.0
Blog Post
Just to be clear, will SMTP with basic authentication continue to work after October 1, 2022?
According to this:
Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth.
it sounds like it should. But other places it sounds like it will not.
We use this for a few PaaS and third party hosted apps, that need to send mails from our domain, and we do not authorize them with SPF or DKIM as they should not be able to impersonate any user.
Currently we use SMTP with basic auth + requirement for membership of a certain group and coming from a known IP.
Switching to OAuth2.0 would be great, but I doubt all the apps can support this.
Second, which flows are supported for SMTP OAuth2.0?
I have tested it with Authorization Code, Resource Owner Password Credentials (not great either) and Client Credentials (app only).
The first two work fine, but I cannot get Client Credentials flow working. And for a deamon that would be the obvious choice, I think.
I believe I sent mail previously with Client Credentials and the Graph API. But it is not a common standard like SMTP.