We understand that many customers continue to face real challenges modernizing legacy email workflows and need sufficient time to adopt viable, secure alternatives. Based on customer feedback and vis...
Updated Jan 29, 2026
Version 3.0
Blog Post
1 MIN READ
Updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline
Absolutely definitely should retain the option for Administrators to Enable SMTP with Basic Auth. You can scope security with Conditional Access. For example, a CA policy restricting this account to the external IP of the printer, further mitigation can then be via the admin console to only allow SMTP Auth for that account and disable all other access. This really narrows the threat / attack profile and risk profile of that account.
Further a retention policy of 24 hours on that account so it doesn't accumulate a scan history etc... and self maintains.
Finally, a good hygiene of using long passwords for these static devices, and if you want to be belt & braces, include a password rotation every 12 months for these devices, custom alerts to logging in etc..