Blog Post

Exchange Team Blog
5 MIN READ

Basic Authentication Deprecation in Exchange Online – May 2022 Update

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
May 03, 2022
Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update. In about 150 day...
Updated Sep 01, 2022
Version 5.0
announcements
exchange online
security
tips 'n tricks
Greg Taylor - EXCHANGE's avatar
Greg Taylor - EXCHANGE
Icon for Microsoft rankMicrosoft
Aug 11, 2022

AlecRosenbaum 

 

1. Outlook REST v2 deprecation will only block access to https://outlook.office.com/api/... endpoint. The other access related to outlook.office.com in general will be un-impacted. And no, it will not impact the ability to authenticate via SMTP, or request/refresh tokens related to the "https://outlook.office.com/" resources.

 

2 - Yes, you will need to use the alternative https://graph.microsoft.com/v1.0/me - it will provide the user’s basic/profile info.

 

3 - Assuming this pertains to apps getting the https://outlook.office.com/SMTP.Send permission scope - https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#get-an-access-token? If so MS Graph also has a parallel permission scope - https://graph.microsoft.com/SMTP.Send which can be used to move to Graph. And yes, you can exchange an outlook.office.com refresh token with a graph.microsofṭ.com access token without triggering a re-consent