check before: 2025-09-01
Product:
Exchange, Microsoft 365 admin center
Platform:
Developer, Online, World tenant
Status:
Change type:
User impact, Admin impact, Retirement
Links:
Details:
Summary:
Exchange Online will retire Basic Auth for Client Submission (SMTP AUTH) in September 2025. Users must switch to OAuth or other alternatives before this date, as applications using Basic Auth will no longer be supported. Steps to prepare and alternative options are provided.
Details:
Today, we are announcing that Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) in September 2025. After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email.
Basic auth is a legacy authentication method that sends usernames and passwords in plain text over the network. This makes it vulnerable to credential theft, phishing, and brute force attacks. To improve the protection of our customers and their data, we are retiring Basic auth from Client Submission (SMTP AUTH) and encouraging customers to use modern authentication methods that are more secure.
[When this will happen:]
We will be making this change in September 2025.
Change Category:
XXXXXXX ...
Scope:
XXXXXXX ...
Release Phase:
Created:
2024-04-26
updated:
2024-08-10
Task Type
XXXXXXX ...
Docu to Check
XXXXXXX ...
MS How does it affect me
XXXXXXX ...
MS Preperations
XXXXXXX ...
MS Urgency
XXXXXXX ...
MS workload name
XXXXXXX ...
More Info URL
XXXXXXX ...
MS Blog Link
XXXXXXX ...
Direct effects for Operations**
- Impact on IT Operations
- Transition to OAuth authentication will require updates to existing email clients and applications.
- Role Impacted: IT Administrators
- Dependency: Applications relying on Basic Auth for email submission will need to be assessed and updated.
- Impact on IT Services
- Potential service disruptions if applications are not transitioned to OAuth before the deadline.
- Role Impacted: Service Managers
- Dependency: Email services and any integrations with third-party applications that utilize SMTP AUTH.
- Impact on IT Users
- Users may experience issues sending emails if their applications are not updated to support OAuth.
- Role Impacted: End Users
- Dependency: User training and communication regarding the change will be essential to minimize confusion.
- Impact on Security
- Enhanced security posture by eliminating Basic Auth, reducing the risk of credential theft and phishing attacks.
- Role Impacted: Security Officers
- Dependency: Overall IT security strategy and compliance with data protection regulations.
- Impact on Compliance and Governance
- Organizations may need to review and update policies regarding email authentication methods to ensure compliance with security standards.
- Role Impacted: Compliance Officers
- Dependency: Alignment with GDPR and other regulatory frameworks regarding data protection and security.
References:
- Microsoft Documentation on Basic Auth Retirement: [Microsoft Learn](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online)
- Azure Communication Services Email Overview: [Microsoft Learn](https://learn.microsoft.com/azure/communication-services/concepts/email/email-overview)
Opportunities**
XXXXXXX ...
Potentional Risks**
XXXXXXX ...
** AI generated content. This information is not reliable.
the free basic plan is required to see all details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 1 month ago