Forum Discussion
Solved
Is it safe and recommended to use graph APIs IMAP.AccessAsUser.All and SMTP.send
Hey there,
Microsoft for some time have been working on disabling basic authentication in Exchange Online based on https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online article.
Is it safe to use these the APIs:
- IMAP.AccessAsUser.All
- SMTP.send
Are these APIs using modern authentication when going through Graph API?
It has been requested for a project and trying to assess its risk.
- You don't really have a choice, as Basic auth is now blocked. If you need to access Exchange Online mailboxes via IMAP, those are the scopes you need to use.
2 Replies
- You don't really have a choice, as Basic auth is now blocked. If you need to access Exchange Online mailboxes via IMAP, those are the scopes you need to use.
- Hey Vasil,
I appreciate you taking the time to respond.
It’s more for my understanding, if we call the graph API, is this still basic auth or is this now using OAUTH?
From this article I found, it looks like they are. https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth.
Thank you for helping me on my journey to understanding this a lot better.
