Update 1/27/2026: We have revised the timeline for this deprecation. Please see our new post Updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline to read more.
Exchange Onlin...
Updated Jan 27, 2026
Version 6.0
Blog Post
This is an important change and many organizations should start validating their SMTP usage as soon as possible. In many environments, legacy devices and line-of-business applications still rely on SMTP AUTH with Basic authentication, and those will stop working once the enforcement reaches 100%.
A practical first step is to use the SMTP AUTH Clients Submission Report in the Exchange Admin Center to identify which clients are still using Basic authentication. This helps determine whether those systems can be updated to support OAuth or if an alternative solution is required.
In real-world environments the most common remediation paths are:
- Update applications to support OAuth with SMTP AUTH
- Move internal-only application mail to High Volume Email for Microsoft 365
- Use Azure Communication Services Email for internal and external delivery scenarios
- Relay through an on-premises Exchange server or SMTP relay when legacy devices cannot be updated
Many organizations still discover older devices such as printers, scanners, monitoring systems, or legacy LOB applications using Basic auth for SMTP submission, so auditing early is key to avoid disruptions before April 30, 2026.
It’s definitely a necessary step from a security perspective, but it will require careful inventory and remediation in larger environments.