Blog Post

Exchange Team Blog
1 MIN READ

Updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Jan 27, 2026

We understand that many customers continue to face real challenges modernizing legacy email workflows and need sufficient time to adopt viable, secure alternatives. Based on customer feedback and visibility into adoption progress, we are refining the Exchange Online SMTP AUTH Basic Authentication Deprecation timeline to provide clearer milestones and additional runway.

  • Now to December 2026: SMTP AUTH Basic Authentication behavior remains unchanged.
  • End of December 2026: SMTP AUTH Basic Authentication will be disabled by default for existing tenants. Administrators will still be able to enable it if needed.
  • New tenants created after December 2026: SMTP AUTH Basic Authentication will be unavailable by default. OAuth will be the supported authentication method.
  • Second half of 2027: Microsoft will announce the final removal date for SMTP AUTH Basic Authentication.

These updates are intended to give customers more time to plan, validate, and deploy modern authentication alternatives, while maintaining a clear path toward stronger default security.

Microsoft 365 Messaging Team

Updated Jan 27, 2026
Version 2.0
administration
announcements
exchange online
Planning and Architecture
protocols
security
setup
transport

3 Comments

  • Dave Stork's avatar
    Dave Stork
    MVP
    Jan 28, 2026

    I'm working with some customers who will be glad that this deadline has been delayed, there's a lot of legacy cleanup going on with Exchange (Server) related to al sorts of things. Giving more time will help those orgs deal with all of those changes in a more relaxed way. Yes, some things should've been fixed months or years back, but every experienced IT specialist knows how it goes. 

    The only "irritation" I have is that this is the third time something got changed by the Exchange Team HOURS before an important meeting on breaking changes deadlines. COME ON! 😁

  • tk3's avatar
    tk3
    Occasional Reader
    Jan 27, 2026

    For tenants created after December 2026, is it still possible to enable SMTP AUTH Basic Authentication?

  • tijsbouwmans's avatar
    tijsbouwmans
    Copper Contributor
    Jan 27, 2026

    Great, as this sometimes can be challenging due to third party legacy email workflows. This is much clearer and it changes the timeline significantly. Thanks for the update!