High Volume Email: Continued support for Basic Authentication & other important updates

High Volume Email (HVE) for Microsoft 365 enables customers to send large volumes of email to internal recipients without recipient rate limits. The public preview of HVE was released on April 1, 2024, with general availability targeted for September 2025. 

This announcement provides important updates for High Volume Email, including the continued support for Basic Authentication until September 2028, a focus on exclusively internal recipients and changes to the current Public Preview limitations.  

Continued Support for Basic Authentication 

Today, we are announcing continued support for Basic Authentication in High Volume Email until September 2028. This decision comes as part of our ongoing commitment to support your current authentication needs while ensuring a smooth transition to modern authentication methods. 

While we strongly recommend using modern authentication (OAuth) for a more secure security footprint, we recognize that certain line-of-business (LOB) applications and devices may not support modern authentication yet.  

We will continue to provide support and guidance during this transition period. Regular reminders and updates will be shared to ensure a smooth migration process, leading to the ultimate end of extended support for Basic Authentication with HVE in September 2028.  

Why Modern Authentication? 

As part of our last Public Preview update in October, OAuth support for HVE was added, and we encourage you to start planning your migration to OAuth to benefit from its enhanced security features. 

Modern authentication methods (such as OAuth) provide a more secure and robust authentication mechanism compared to Basic Authentication. They provide stronger protection against various security threats and ensure a safer environment for your email communication. Some key security benefits include: 

• Enhanced security & protection against credential theft: Modern authentication provides multiple layers of protection beyond simple username and password combinations. It uses tokens that are specific to the applications and resources for which they are issued, significantly reducing the risk of credential theft and re-use. 

• Dynamic token management: These short-lived access tokens expire quickly and can be instantly revoked if compromised. 

• Conditional access policies: Modern authentication enables intelligent decisions about who is trying to access what, from where, and on which device, providing more precise and granular access controls. 

Learn more about the security risks of Basic Authentication and why it is being deprecated step-by-step across Exchange Online here. 

Focus on exclusively internal recipients 

Moving forward, HVE will support exclusively internal (within the tenant) messaging capabilities. As a result, the ability to send email to external recipients will be removed.  Customers will be able to send high volumes of email to internal recipients without any recipient rate limits.  

This change is intended to simplify our email offerings and clearly define HVE’s purpose within the Microsoft 365 ecosystem.  For scenarios requiring high-volume email to external recipients, we recommend using Azure Communication Services (ACS) for email. 

External sending capabilities will be removed from HVE later in June 2025. 

Removal of Public Preview Limits 

We are pleased to announce the removal of public preview limitations for HVE. Once these changes roll out, you will be able to create up to 100 HVE accounts, and internal recipient rate limits will be eliminated.  

These changes will be implemented over the coming weeks, allowing you to fully leverage and explore the capabilities of HVE for your internal communication needs. 

Thank you for your interest in HVE! We’d love to get your feedback!   

Feel free to leave your comments and feedback below. 

Microsoft 365 Messaging Team