Microsoft’s Transition from Basic Authentication to OAuth 2.0
In a decisive move towards enhancing security, Microsoft announced in 2022 the cessation of Basic Authentication in favor of the more secure OAuth 2.0 token-based authentication. This shift is driven by the need to upgrade from the traditional username-password method to more robust sign-in protocols.
Updated Timeline for Basic Authentication Retirement
Initially, Microsoft aimed to eliminate support for Basic authentication regarding Client Submission (SMTP AUTH) by September 2025. However, recent updates indicate a revision of this timeline, creating a new delay that pushes the deadline further into the future. This adjustment may align with Microsoft’s previous announcement extending Basic Authentication support for High Volume Email until 2028.
Details from the Microsoft 365 Admin Center
Announced through the Microsoft 365 Admin Center, the latest updates concerning SMTP AUTH Client Submission indicate:
“Updated June 12, 2025: We have delayed the Basic Auth removal from SMTP AUTH Client Submission to begin March 1st, 2026, and complete by April 30th, 2026, in order to provide customers with additional time to implement alternatives. Expect no further delays beyond this date.”
Phasing Out Basic Authentication
The phase-out of Basic authentication for email sending via SMTP AUTH will commence on March 1, 2026. Initially, only a small number of attempts will be declined, but by April 30, 2026, Microsoft will completely disable this legacy method. After this date, any application or device attempting to send emails using Basic authentication will need to transition to OAuth.
Guidance for Administrators on Alternatives
The advisory message further outlines options for administrators who may find themselves needing to continue using Basic Authentication due to lack of OAuth support:
“If your client doesn’t support OAuth and you must use Basic Auth with Client Submission (SMTP AUTH), you will need to switch to one of the following alternatives before April 2026, previously September 2025:
- For sending internal emails within your tenant, Microsoft 365 High Volume Email is an option.
- To send emails to both internal and external recipients, consider using Azure Communication Services Email.
- If operating under a hybrid configuration with an on-premises Exchange Server, you can continue using Basic authentication or set up a Receive connector for anonymous relay on your Exchange Server.
Regardless of email volume, if you must utilize Basic authentication to send messages with Exchange Online, transitioning to one of the mentioned alternatives or utilizing a third-party solution is mandatory.”
Accessing Official Communications
Users who have access to the Microsoft 365 Admin Center can reference this update under message ID MC786329 for further details.
For more information, you can visit the source.
Leave a Reply