Since early 2021, Microsoft has been reporting the pending deprecation of Basic Authentication for the Microsoft 365 Exchange Online platform. Up until now, Microsoft has slowly disabled Basic Authentication for any tenants that they believed were not using it. Basic Authentication was still an option, and our Support Teams were able to re-enable Basic Auth after it had been disabled by request. 

As of January 2023, Microsoft is permanently disabling Basic Authentication for all Exchange Online tenants. This is now an irreversible change. Neither our Support Team nor Microsoft support can re-enable Basic Authentication. 

WHAT DOES THIS MEAN FOR USERS?

All email applications that connect to Exchange Online must support Modern Authentication. This includes connections over POP or IMAP protocols. Any application that attempts to connect via Basic Auth will receive a “bad username/password or HTTP 401 error”. This error does not mean the username or password is incorrect, but rather that usernames and passwords are no longer accepted over Basic Auth. 

This change also means that Outlook clients can no longer connect to Exchange Online through the POP or IMAP protocols. Outlook clients only support Modern Authentication over MAPI/HTTP (for Windows) or EWS (for Mac). 

AUTHENTICATED SMTP IS THE EXCEPTION

Per Microsoft, Basic Authentication for Authenticated SMTP has not yet been disabled. Any email applications or devices that only connect to Exchange Online to relay outbound email via Authenticated SMTP should still work. Copiers and other multi-function devices that send but do not receive email will likely be unaffected by these changes. However, it is likely that Microsoft will deprecate Basic Auth for SMTP as well sometime in the future. 

MORE INFORMATION

The following Microsoft posts provide additional details for the deprecation of Basic Authentication. 

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312 

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online