- Issue created by @srutheesh
Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email.
In 2019, Exchange Online began a multi-year effort to disable Basic auth. This process completed in late 2022, with Client Submission (SMTP AUTH) being the only exception. We are now removing Basic auth from Client Submission.
Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure.
How will this change happen
In mid-October 2024, we will update the SMTP AUTH Clients Submission Report in the Exchange admin center to show if Basic auth or OAuth is being used to submit email to Exchange Online. In January 2025, we will send a Message Center post to tenants who are using Basic auth with Client Submission (SMTP AUTH) to alert them to the upcoming change. In August 2025, about 30 days before we disable Basic auth we will send another Message Center post to tenants who are still using Basic auth with Client Submission (SMTP AUTH).
During September 2025, we will remove support for Basic auth with the Client Submission (SMTP AUTH) endpoints:
https://techcommunity.microsoft.com/blog/exchange/exchange-online-to-ret...
- 🇺🇸United States alfattal Minnesota
Changing this issue to Support Request for urgency.