Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In February 2021...
Updated Sep 01, 2022
Version 19.0
Blog Post
Hi, I was a caught a bit off guard and would appreciate some clarification from MS.
We are a small company providing a ticketing/helpdesk product which connects to IMAP/POP mailboxes to create tickets from incoming emails to a central address. So our app is the user here and we cannot authenticate with the regular user bound OAuth mechanisms. We are connecting to many different backend servers via IMAP, so implementing Graph solely for one vendor (MS) would be a huge burden for us since we'd need to maintain both protocols for sending/receiving emails.
So far my understanding was that Oauth Client Credential Flow for IMAP/POP was the feature we are waiting for to support our setup with Oauth: https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=70577
It was announced to be GA for December 2021 but just recently was changed to be GA in June 2022. With the announced shutdown of basic auth in October this leaves less than 3 months for vendors like us as timeframe to adapt, implement and test this new flow. This must be some misunderstanding on my side, what am I missing?