Deprecation of basic authentication in Exchange Online


Microsoft has removed Basic authentication and the smtp auth option in Exchange Online services, i.e. Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. The Microsoft Security defaults configuration and modern authentication are the successor technologies and use OAuth 2.0 token-based authorization.

Action items for end customers

There are various ways to tell if your applications are using basic authentication and not modern authentication to connect to Exchange Online. For Microsoft Outlook client, if you click CTRL and right-click the Outlook icon in the system tray, then click “Connection Status”, the Authn column in the Outlook Connection Status dialog shows the value of Clear for basic authentication and the value of Bearer for modern authentication. You can also use the Azure AD sign-in report to determine which tenants and users are still using basic authentication.

Modern authentication to Exchange Online presents a Web-based login screen such as the following.

Basic authentication on the other hand presents a Windows form similar to the following.

To enable or disable modern authentication for your M365 tenant, follow instructions in the article below:

The following cases will be impacted by the replacement of basic authentication with modern authentication: