Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
For many years, ...
Updated Jul 09, 2024
Version 10.0
Blog Post
I understand we should push app vendors to support OAuth, but like many people I have apps which use IMAP for mail flow. JIRA is a good example, it is unlikely this will support Ouath. What about printing devices which may not have firmware updates?
Not having application/imap specific passwords is a significant limitation. What is the logic behind that? Is it the implementation effort or is there real world data on the abuse of application specific passwords. While there is risk of misuse/theft, most things are a trade off between security and usability. Not having basic auth/app password support improves security, but I now I cannot use O365 mailboxes with a lot of systems. Where an application vendor cannot update to support Oauth it means I need to setup an internal mail server, which seems a step backwards.
"Sorry, but we're not adding app passwords for IMAP. We're providing 13 months notice of this change, you need to start reaching out to the developers of those apps. ' Given the impact of this change on your customers, it would be nice to have bit detail on why no app passwords. 13 months is not a long time in development cycles.