Exchange Online email applications stopped signing in, or keep asking for passwords? Start here.

Chip_12 and sjhudson We mentioned this in previous posts about basic auth retirement: when we disable basic auth for protocols, the values are written to the Organization Configuration on your tenant object. So there, you can see the new parameter called BasicAuthBlockApps. You cannot make changes to this attribute (only we can) but if this is anything other than 0 (null) then we blocked stuff. There are decoder rings out there that explain how this is calculated.

But the bottom line is - those values take precedence over what you see inside of Microsoft 365 admin center (which is blocking basic authentication using authentication policies). So for all intents and purposes, authentication policy setting has no effect unless if BasicAuthBlockApps is not populated. BasicAuthBlockApps will always take precedence. Authentication policies DO apply to SMTP, though, because we did not use BasicAuthBlockApps to block SMTP Auth (at this time, the date for this has not been announced).