check before: 2026-03-01
Product:
Exchange, Microsoft 365 admin center
Platform:
Developer, Online, World tenant
Status:
Change type:
Admin impact, Retirement, Updated message, User impact
Links:
Details:
Summary:
Exchange Online will retire SMTP AUTH Basic Authentication by default starting December 2026, with OAuth as the supported method. Basic Auth removal is on hold until 2027, when a final date will be announced. Administrators can enable Basic Auth temporarily, but should prepare to switch to OAuth or alternatives.
Details:
Updated January 27, 2026: Based on customer feedback and visibility into adoption progress, we are refining the Exchange Online SMTP AUTH Basic Authentication Deprecation timeline to provide clearer milestones and additional runway.
Now to December 2026: SMTP AUTH Basic Authentication behavior remains unchanged.
End of December 2026: SMTP AUTH Basic Authentication will be disabled by default for existing tenants. Administrators will still be able to enable it if needed.
New tenants created after December 2026: SMTP AUTH Basic Authentication will be unavailable by default. OAuth will be the supported authentication method.
Second half of 2027: Microsoft will announce the final removal date for SMTP AUTH Basic Authentication.
We will provide detailed information in a follow up Message Center Post.
Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience.
The SMTP AUTH Basic Authentication Deprecation has been put on hold. In 2027, Microsoft will announce the final removal date for SMTP AUTH Basic Authentication.
Once Basic Auth is removed from SMTP AUTH, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email.
Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks.
[When this will happen:]
The removal of Basic Auth from SMTP AUTH Client Submission has been put on hold (previously beginning March 1st, 2026, and completing April 30th, 2026).
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-04-26
updated:
2026-01-28
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
More Info URL
XXXXXXX ... free basic plan only
MS Blog Link
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft is transitioning from Basic Authentication to OAuth for email systems in Exchange Online, disabling Basic Authentication by default starting December 2026, and requiring businesses to adopt OAuth or other secure methods to maintain secure email operations.
Direct effects for Operations**
Loss of Basic Authentication
If Basic Authentication is removed without preparation, users relying on it for SMTP AUTH will be unable to send emails, leading to communication breakdowns.
- roles: Email Administrators, End Users
- references: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
Increased Security Risks
Transitioning to OAuth without proper preparation may expose users to security vulnerabilities during the switch, as legacy systems may still be in use.
- roles: Security Administrators, IT Support
- references: https://learn.microsoft.com/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
User Experience Disruption
Users may experience disruptions in email services if their applications do not support OAuth, leading to frustration and decreased productivity.
- roles: End Users, Help Desk Staff
- references: https://learn.microsoft.com/exchange/mail-flow-best-practices/high-volume-mails-m365
Incompatibility with Legacy Systems
Legacy systems that do not support OAuth will fail to authenticate, causing service outages for users dependent on these systems.
- roles: System Administrators, End Users
- references: https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019
Increased Support Tickets
The sudden change may lead to a spike in support tickets as users encounter issues with email authentication, overwhelming IT support teams.
- roles: Help Desk Staff, IT Managers
- references: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
Configutation Options**
XXXXXXX ... paid membership only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2026-01-28 | MC prepare | If your client supports OAuth, follow these steps: Authenticate an IMAP, POP or SMTP connection using OAuth
If your client doesn't support OAuth and you must use Basic Auth with Client Submission (SMTP AUTH), you will need to switch to one of the following alternatives before April 2026, previously September 2025: * If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal to your tenant, you can use Microsoft 365 High Volume Email. Please visit this site to learn more: Manage high volume emails for Microsoft 365 Public preview * If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal and external to your tenant, you can use Azure Communication Services Email. Please visit this site to learn more: Overview of Azure Communication Services email * If you have an Exchange Server on-premises in a hybrid configuration, you can use Basic auth to authenticate with the Exchange Server on-premises or configure the Exchange Server on-premises with a Receive connector that allows anonymous relay on Exchange servers. Please visit this site to learn more: Allow anonymous relay on Exchange servers Regardless of the volume of email, if you must use Basic auth to send email with Exchange Online, then you must use one of the alternatives or a 3P solution. We understand that this change requires some adjustments, but we believe that this is a necessary step to enhance the security and reliability of our email service and your data. https://learn.microsoft.com/azure/communication-services/concepts/email/email-overview https://learn.microsoft.com/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019 https://learn.microsoft.com/Exchange/mail-flow-best-practices/high-volume-mails-m365 | The removal of Basic Auth from SMTP AUTH Client Submission has been put on hold (previously beginning March 1st, 2026, and completing April 30th, 2026)
If your client supports OAuth, follow these steps: Authenticate an IMAP, POP or SMTP connection using OAuth If your client doesn't support OAuth and you must use Basic Auth with Client Submission (SMTP AUTH), you will need to switch to one of the following alternatives following the timeline that will be announced in 2027 (previously April 2026): * If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal to your tenant, you can use Microsoft 365 High Volume Email. Please visit this site to learn more: Manage high volume emails for Microsoft 365 Public preview * If you have an Exchange Server on-premises in a hybrid configuration, you can use Basic auth to authenticate with the Exchange Server on-premises or configure the Exchange Server on-premises with a Receive connector that allows anonymous relay on Exchange servers. Please visit this site to learn more: Allow anonymous relay on Exchange servers Regardless of the volume of email, if you must use Basic auth to send email with Exchange Online, then you must use one of the alternatives or a 3P solution. We understand that this change requires some adjustments, but we believe that this is a necessary step to enhance the security and reliability of our email service and your data. https://learn.microsoft.com/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019 https://learn.microsoft.com/Exchange/mail-flow-best-practices/high-volume-mails-m365 |
| 2026-01-28 | MC Summary | Exchange Online will retire Basic Auth for Client Submission (SMTP AUTH) starting March 1, 2026, with full rejection by April 30, 2026. Customers must switch to OAuth or other alternatives. The SMTP AUTH Clients Submission Report now includes an Authentication Protocol column to assist in this transition. | Exchange Online will retire SMTP AUTH Basic Authentication by default starting December 2026, with OAuth as the supported method. Basic Auth removal is on hold until 2027, when a final date will be announced. Administrators can enable Basic Auth temporarily, but should prepare to switch to OAuth or alternatives. |
| 2026-01-28 | MC Last Updated | 06/12/2025 19:33:31 | 2026-01-27T21:11:01Z |
| 2026-01-28 | MC Messages | Updated June 12, 2025: We have delayed the Basic Auth removal from SMTP AUTH Client Submission to begin March 1st 2026 and complete by April 30th 2026 in order to give customers more time to adopt alternatives. Expect no further delays beyond this date. Please review the information below for more details.
Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience. Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) gradually beginning with a small percentage of submission rejections for all tenants on March 1st 2026 and reaching 100% rejections on April 30th 2026, (previously September 2025). After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure. [When this will happen:] We will be making this change beginning March 1st, 2026, and completing April 30th, 2026 (previously September 2025). | Updated January 27, 2026: Based on customer feedback and visibility into adoption progress, we are refining the Exchange Online SMTP AUTH Basic Authentication Deprecation timeline to provide clearer milestones and additional runway.
Now to December 2026: SMTP AUTH Basic Authentication behavior remains unchanged. End of December 2026: SMTP AUTH Basic Authentication will be disabled by default for existing tenants. Administrators will still be able to enable it if needed. New tenants created after December 2026: SMTP AUTH Basic Authentication will be unavailable by default. OAuth will be the supported authentication method. Second half of 2027: Microsoft will announce the final removal date for SMTP AUTH Basic Authentication. We will provide detailed information in a follow up Message Center Post. Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience. The SMTP AUTH Basic Authentication Deprecation has been put on hold. In 2027, Microsoft will announce the final removal date for SMTP AUTH Basic Authentication. Once Basic Auth is removed from SMTP AUTH, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. [When this will happen:] The removal of Basic Auth from SMTP AUTH Client Submission has been put on hold (previously beginning March 1st, 2026, and completing April 30th, 2026). |
| 2026-01-28 | MC End Time | 11/03/2025 09:00:00 | 2026-03-30T10:00:00Z |
| 2026-01-28 | MC How Affect | The SMTP AUTH Clients Submission Report in the Exchange admin center has been updated to show if Basic auth or OAuth is being used to submit email to Exchange Online. Starting in July 2025, we will send monthly Message Center posts to tenants who are using Basic auth with Client Submission (SMTP AUTH) to alert them to the upcoming change.
Starting March 1st 2026 (previously September 2025) we will gradually start rejecting Basic Auth requests to the Client Submission (SMTP AUTH) endpoints, increasing to 100% rejection by the end of the April 2026. The Client Submission (SMTP AUTH) endpoints in scope for this change are: * smtp.office365.com * smtp-legacy.office365.com Once Basic auth is permanently disabled, any clients or apps connecting using Basic auth with Client Submission (SMTP AUTH) will receive this response: * 550 5.7.30 Basic authentication is not supported for Client Submission. | The SMTP AUTH Clients Submission Report in the Exchange admin center has been updated to show if Basic auth or OAuth is being used to submit email to Exchange Online.
The removal of Basic Auth from SMTP AUTH Client Submission has been put on hold (previously beginning March 1st, 2026, and completing April 30th, 2026). |
| 2025-06-13 | MC Messages | Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience.
Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure. [When this will happen:] We will be making this change in September 2025. | Updated June 12, 2025: We have delayed the Basic Auth removal from SMTP AUTH Client Submission to begin March 1st 2026 and complete by April 30th 2026 in order to give customers more time to adopt alternatives. Expect no further delays beyond this date. Please review the information below for more details.
Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience. Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) gradually beginning with a small percentage of submission rejections for all tenants on March 1st 2026 and reaching 100% rejections on April 30th 2026, (previously September 2025). After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure. [When this will happen:] We will be making this change beginning March 1st, 2026, and completing April 30th, 2026 (previously September 2025). |
| 2025-06-13 | MC How Affect | In September 2024, we will update the SMTP AUTH Clients Submission Report in the Exchange admin center to show if Basic auth or OAuth is being used to submit email to Exchange Online. In January 2025, we will send a Message Center post to tenants who are using Basic auth with Client Submission (SMTP AUTH) to alert them to the upcoming change. In August 2025, about 30 days before we disable Basic auth we will send another Message Center post to tenants who are still using Basic auth with Client Submission (SMTP AUTH).
During September 2025, we will remove support for Basic auth with the Client Submission (SMTP AUTH) endpoints: smtp.office365.com smtp-legacy.office365.com Once Basic auth is permanently disabled, any clients or apps connecting using Basic auth with Client Submission (SMTP AUTH) will receive this response: 550 5.7.30 Basic authentication is not supported for Client Submission. | The SMTP AUTH Clients Submission Report in the Exchange admin center has been updated to show if Basic auth or OAuth is being used to submit email to Exchange Online. Starting in July 2025, we will send monthly Message Center posts to tenants who are using Basic auth with Client Submission (SMTP AUTH) to alert them to the upcoming change.
Starting March 1st 2026 (previously September 2025) we will gradually start rejecting Basic Auth requests to the Client Submission (SMTP AUTH) endpoints, increasing to 100% rejection by the end of the April 2026. The Client Submission (SMTP AUTH) endpoints in scope for this change are: * smtp.office365.com * smtp-legacy.office365.com Once Basic auth is permanently disabled, any clients or apps connecting using Basic auth with Client Submission (SMTP AUTH) will receive this response: * 550 5.7.30 Basic authentication is not supported for Client Submission. |
| 2025-06-13 | MC Last Updated | 10/18/2024 18:26:45 | 2025-06-12T19:33:31Z |
| 2025-06-13 | MC prepare | If your client supports OAuth, follow these steps: Authenticate an IMAP, POP or SMTP connection using OAuth
If your client doesn't support OAuth and you must use Basic Auth with Client Submission (SMTP AUTH), you will need to switch to one of the following alternatives before September 2025: If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal to your tenant, you can use Microsoft 365 High Volume Email. Please visit this site to learn more: Manage high volume emails for Microsoft 365 Public preview If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal and external to your tenant, you can use Azure Communication Services Email. Please visit this site to learn more: Overview of Azure Communication Services email If you have an Exchange Server on-premises in a hybrid configuration, you can use Basic auth to authenticate with the Exchange Server on-premises or configure the Exchange Server on-premises with a Receive connector that allows anonymous relay on Exchange servers. Please visit this site to learn more: Allow anonymous relay on Exchange servers Regardless of the volume of email, if you must use Basic auth to send email with Exchange Online, then you must use one of the alternatives. We understand that this change requires some adjustments, but we believe that this is a necessary step to enhance the security and reliability of our email service and your data. https://learn.microsoft.com/azure/communication-services/concepts/email/email-overview https://learn.microsoft.com/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019 https://learn.microsoft.com/Exchange/mail-flow-best-practices/high-volume-mails-m365 | If your client supports OAuth, follow these steps: Authenticate an IMAP, POP or SMTP connection using OAuth
If your client doesn't support OAuth and you must use Basic Auth with Client Submission (SMTP AUTH), you will need to switch to one of the following alternatives before April 2026, previously September 2025: * If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal to your tenant, you can use Microsoft 365 High Volume Email. Please visit this site to learn more: Manage high volume emails for Microsoft 365 Public preview * If you are using basic authentication with Client Submission (SMTP AUTH) to send emails to recipients internal and external to your tenant, you can use Azure Communication Services Email. Please visit this site to learn more: Overview of Azure Communication Services email * If you have an Exchange Server on-premises in a hybrid configuration, you can use Basic auth to authenticate with the Exchange Server on-premises or configure the Exchange Server on-premises with a Receive connector that allows anonymous relay on Exchange servers. Please visit this site to learn more: Allow anonymous relay on Exchange servers Regardless of the volume of email, if you must use Basic auth to send email with Exchange Online, then you must use one of the alternatives or a 3P solution. We understand that this change requires some adjustments, but we believe that this is a necessary step to enhance the security and reliability of our email service and your data. https://learn.microsoft.com/azure/communication-services/concepts/email/email-overview https://learn.microsoft.com/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth https://learn.microsoft.com/exchange/mail-flow/connectors/allow-anonymous-relay?view=exchserver-2019 https://learn.microsoft.com/Exchange/mail-flow-best-practices/high-volume-mails-m365 |
| 2025-06-13 | MC Summary | Exchange Online will retire Basic Auth for SMTP AUTH in September 2025. Users must switch to OAuth or other alternatives. The SMTP AUTH Clients Submission Report in the Exchange admin center will indicate the authentication method used. This change aims to enhance security against vulnerabilities associated with Basic Auth. | Exchange Online will retire Basic Auth for Client Submission (SMTP AUTH) starting March 1, 2026, with full rejection by April 30, 2026. Customers must switch to OAuth or other alternatives. The SMTP AUTH Clients Submission Report now includes an Authentication Protocol column to assist in this transition. |
| 2024-10-19 | MC Messages | Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email.
Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure. [When this will happen:] We will be making this change in September 2025. | Updated October 18, 2024: We have updated the SMTP AUTH Clients Submission Report in the Exchange admin center, adding the Authentication Protocol column to show if Basic auth or OAuth is being used to submit email to Exchange Online. The data will build up over the next 90 days. Thank you for your patience.
Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure. [When this will happen:] We will be making this change in September 2025. |
| 2024-10-19 | MC Title | Exchange Online to retire Basic Auth for Client Submission (SMTP AUTH) | (Updated) Exchange Online to retire Basic Auth for Client Submission (SMTP AUTH) |
| 2024-10-19 | MC Last Updated | 04/26/2024 02:17:12 | 2024-10-18T18:26:45Z |
| 2024-10-19 | MC MessageTagNames | User impact, Admin impact, Retirement | Updated message, User impact, Admin impact, Retirement |
| 2024-10-19 | MC Summary | Exchange Online will retire Basic Auth for Client Submission (SMTP AUTH) in September 2025. Users must switch to OAuth or other alternatives before this date, as applications using Basic Auth will no longer be supported. Steps to prepare and alternative options are provided. | Exchange Online will retire Basic Auth for SMTP AUTH in September 2025. Users must switch to OAuth or other alternatives. The SMTP AUTH Clients Submission Report in the Exchange admin center will indicate the authentication method used. This change aims to enhance security against vulnerabilities associated with Basic Auth. |
Last updated 3 weeks ago ago
