Recent Posts
Categories
Stay Informed
If you rely on Microsoft 365 or Exchange Online to send emails, there’s an important change coming your way that you will want to understand and get ahead of. Microsoft has announced that it will stop supporting SMTP Basic Authentication by September 2025 (Microsoft’s official announcement). This might sound technical, but don’t worry—we’re here to break it down for you. In this blog, we’ll explain what SMTP Basic Authentication is, why Microsoft is making this change, what devices or systems might be affected, and what you can do to keep your email flowing smoothly. Plus, you can always contact ISOCNET to support you through this transition.
What Is SMTP Basic Authentication?
Let’s start with the basics. SMTP stands for Simple Mail Transfer Protocol—it’s the standard way emails get sent from one place to another on the internet. Think of it like the postal service for your emails. SMTP Basic Authentication is a way for devices or applications to prove who they are when sending emails through Microsoft’s servers. It does this by using a simple username and password combination (Microsoft’s explanation of SMTP AUTH).
For years, this method has been widely used because it’s straightforward. You set up your email app or device with your Microsoft 365 username and password, and it sends emails on your behalf. Easy, right? But there’s a catch: it’s not very secure and is being misused by bad actors.
Why Is Microsoft Ending Support?
Microsoft is phasing out SMTP Basic Authentication because it’s an older, less secure way to log in. When you use Basic Authentication, your username and password are sent across the internet in a format that’s easy for hackers to intercept if they get in the middle of the connection. It’s like mailing a letter with your house key inside—someone could grab it if they know where to look.
To keep your data safer, Microsoft is moving everyone to Modern Authentication, which uses a more advanced and secure method called OAuth (Learn more about Modern Authentication). Instead of sending your password every time, OAuth gives apps or devices a special “token” (like a temporary passcode or key) that proves they’re allowed to send emails. These tokens can expire or be revoked, making it much harder for bad actors to misuse them. Plus, Modern Authentication supports extra security features like two-factor authentication (2FA), which adds another layer of protection.
Microsoft started this shift away from Basic Authentication years ago, and by September 2025, SMTP Basic Authentication will be fully retired in Exchange Online. This is the last piece of the puzzle, as other protocols (like IMAP and POP) already lost Basic Auth support in 2022 (Basic Auth deprecation timeline). The goal? To make your email system safer in a world where cyber threats are growing every day.
What Might Be Using SMTP Basic Authentication?
You might be wondering, “Does this affect me?” The answer depends on what you use to send emails through Microsoft 365 or Exchange Online. Most modern email apps—like Outlook on your computer or phone—already use Modern Authentication, so you’re probably fine there. But some older devices or software might still rely on SMTP Basic Authentication. Here are a few examples:
- Printers or Scanners: Many multifunction devices (like those that scan to email) use SMTP with a username and password to send scans via your Microsoft 365 account.
- Custom Applications: If your business has software (like a customer service tool or invoicing system) that sends emails automatically, it might be set up with Basic Authentication.
- Older Email Clients: Programs like Thunderbird or certain legacy systems might still use this method if they haven’t been updated.
- Websites or Plugins: Some websites (like WordPress) use SMTP to send emails through Microsoft 365, often with Basic Auth settings.
If any of these sound familiar, you’ll need to take action before September 2025 to avoid interruptions.
What Are the Alternatives?
The good news is that Microsoft isn’t leaving you without options. Here are the main alternatives to SMTP Basic Authentication:
Modern Authentication with OAuth
This is Microsoft’s recommended replacement. Instead of a username and password, your app or device uses OAuth to get a secure token from Microsoft. It’s safer and works with modern security features. Most newer software and devices support this already, but you’ll need to check and update your settings (OAuth setup guide).
High Volume Email for Microsoft 365
If you send a lot of internal emails (like notifications within your company), Microsoft offers a new service called High Volume Email. It’s designed for apps and devices that need to send large batches of emails securely. It’s still in preview as of March 2025, but it’s worth keeping an eye on (High Volume Email details). This cannot be used for sending emails externally though.
Third-Party Email Services
If your device or app can’t switch to OAuth, you could use a service like SendGrid, Azure Communication Services, or another type of Mail System that does support Basic Auth or an Open Relay System. These act as a middleman, sending emails on your behalf without relying on Microsoft’s Basic Auth.
On-Premises Relay
If you have an Exchange Server on-site, you can set it up to relay emails to Microsoft 365. This keeps Basic Auth working locally while still connecting to the cloud securely (SMTP relay setup).
How to Switch to Modern Authentication
Switching to Modern Authentication might sound daunting, but it’s manageable with the right steps. Here’s what you need to do:
Check Your Systems
Start by figuring out what’s using SMTP Basic Authentication. Look at your printers, scanners, software, or websites that send emails through Microsoft 365. Check their settings—do they use “smtp.office365.com” with a username and password? If so, they’re likely using Basic Auth. You can also run a report from your M365 tenant to determine which email addresses are using Basic Auth. Contact our Support for instructions!
Update Software or Devices
See if your device or app supports OAuth. Check the manufacturer’s website or manual for updates or instructions. For example, newer printer firmware might add OAuth support. For software like WordPress, plugins like WP Mail SMTP Pro can handle the switch for you.
Set Up OAuth
To use OAuth, you’ll need to register your app or device with Microsoft’s Azure portal (don’t worry—it’s not as scary as it sounds and we can always do it for you). This creates a secure connection and generates the tokens you need. Microsoft provides a guide called “Authenticate an IMAP, POP, or SMTP connection using OAuth” to walk you through it (OAuth guide). You’ll need admin access to your Microsoft 365 account to do this.
Test Everything
Once you’ve updated your settings, send a test email to make sure it works. Double-check that emails are going out as expected and that no errors pop up. When it works, you are done!
Plan Ahead
Don’t wait until September 2025! Start now so you’re not rushing at the last minute. Microsoft will send reminders in August 2025 if they detect Basic Auth still in use, but it’s better to be proactive.
ISOCNET Is Here to Help
We get it—technology changes can feel overwhelming, especially when they affect something as critical as email. That’s where ISOCNET comes in. Our team has the expertise to guide you through this transition, whether you need help identifying what’s using Basic Auth, setting up OAuth, or exploring other options. We’ve helped businesses just like yours stay ahead of changes like this, and we’re ready to support you too.
Don’t let this deadline catch you off guard. Contact ISOCNET today for a consultation, and let’s make sure your email system is secure and ready for the future. Together, we’ll keep your business running smoothly—no matter what Microsoft throws your way!
