smtp auth in office 365

Copper Contributor

Hi,

 

We have an old monolithic application with many customers and where each customer has many users in their own separate databases, which can be hosted by us or self hosted.

One of our features is sending emails based on events taking place in our HR-system, but we let our customers choose their own email vendors freely.

It has come to our attention that M365 basic authentication will end support in October, but we have a hard time designing a solution for this in our old application.

Do I understand correctly that SMPT auth will still be able to use basic authentication, for situations like ours, until we come up with a better solution? Our issue right now is that the only way to use email functionality is to set up an SMTP host with username/password, which will also be used in our background services AND by direct messaging from our users.

I'm referring to the last section of this header:

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic...

 just want to make sure that our customers who use M365 will still be able to send mails after next month, while we work on a better and more modern approach to email services in a multiuser environment.

4 Replies
Hello!

Read here for the latest on the topic

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchan...

where it says

"We will not be disabling or changing any settings for SMTP AUTH."

@Andres Gorzelany Thanks for the reply! interesting read, it did however just serve to confuse me more. In the article you linked this is also written:

Selected protocol(s) will stay enabled for basic auth use until end of December 2022. During the first week of calendar year 2023, those protocols will be disabled for basic auth use permanently, and there will be no possibility of using basic auth after that.

 However, in the documentation this is stickied:

We recommend using Modern Authentication when connecting with our service. Although SMTP AUTH now supports OAuth, most devices and clients have not been designed to use OAuth with SMTP AUTH. As a result, there are no plans to disable Basic Authentication for SMTP AUTH clients at this time.

The confusion only increases when I jump to this article that has two completely contradicting statements:

Any protocol exceptions or re-enabled protocols will be turned off early in January 2023, with no possibility of further use.

...

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible. Other options for sending authenticated mail include using alternative protocols, such as the Microsoft Graph API

This could however be my failed understanding of how basic authentication differs from smtp auth

"This could however be my failed understanding of how basic authentication differs from smtp auth"

Yes, I can see where the confusion can be, but basic SMTP Auth differs from the "basic auth" term.

I recommend you to reply on the exchange team blog post that I sent to you, as you can see, a lot of people ask questions there and someone from the team will probably answer to you quickly so you can rest assured that SMTP Auth will continue to work as you expect.

@MathiasBaech 

Please refer this:

 

Deprecation of Basic authentication in Exchange Online | Microsoft Docs

 

Quote from there that you may interest:

 

SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible. Other options for sending authenticated mail include using alternative protocols, such as the Microsoft Graph API.