AI Docs

Microsoft’s Deprecation of Basic authentication in Exchange Online and what this means for users of Certero

3 min read

image-20251116-154527.png

Microsoft have announced they will be deprecating Basic authentication in Exchange Online from 1st October 2022 and a number of customers have contacted Certero to ask what this means them where they have configured the email of Certero to use Basic authentication with Microsoft Exchange Online. This article helps to answer this query.

In their announcements, Microsoft have stated that whilst they are removing the ability to use Basic authentication in Exchange Online, they will only be disabling SMTP AUTH in tenants in which it's not being used, i.e., if you are actively using this capability, it should remain operational.

Reference: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Additionally, in their ‘full announcement’ of the deprecation, whilst from 1st October 2022 Microsoft will begin to permanently disable Basic Auth in all tenants, regardless of usage, the exception will be SMTP Auth.

Reference: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

Lastly, as recently as September 2022, Microsoft have also reassured customers that Basic SMTP Auth should continue to work as normal after January 2023 for those customers that still use Basic SMTP Auth, since there is no plan to disable it.

Reference: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

You will need to enable SMTP Auth on the Mailbox used for SMTP in Certero.  Please refer to the following article on how to enable this:

Reference: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submissionhttps://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

Enable SMTP AUTH for specific mailboxes

The per-mailbox setting to enable (or disable) SMTP AUTH is available in the Microsoft 365 admin center or Exchange Online PowerShell .

Use the Microsoft 365 admin center to enable or disable SMTP AUTH on specific mailboxes

  1. Open the Microsoft 365 admin center and go to Users > Active users .

  2. Select the user, and in the flyout that appears, click Mail .

  3. In the Email apps section, click Manage email apps .

  4. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.

  5. When you're finished, click Save changes .

Check that the "Block Legacy Authentication" conditional access policy enabled for POP/IMAP/SMTP on the mailbox is not overriding the per-mailbox SMTP Auth setting.  To correct this:

  • Log in to your Azure tenant and go to Azure Active Directory > Security > Conditional Access Policies.  This will show a list of all Conditional Access Policies and their On/Off state

  • Select one of the policies to view its settings

  • Click Users and Groups to see who it applies to (probably all users).

  • Click Exclude and add the list of mailboxes to exclude them from that policy

In the event your email and altering stops working from 1st October 2022, please raise a ticket via the Help Desk facility of the Certero Customer Center: https://cc.certero.com