Unable to use basic authentication in Exchange Online? Here’s why

It is the morning of October 3rd 2022 and you have started the week with an influx of support ticket’s stating common email problems, but what has changed?

By now you should be aware of Microsoft’s decision to disable basic authentication in Exchange online and enforce secure protocols such a OAuth and modern authentication. This change happened on October 1st.

You have either come to this page as it is the first time hearing about this change, or you have woken up to a plethora of issues. So lets go over what you need to do, to get back up and running. 

Give yourself some breathing space and re-enable basic authentication

Although I generally would advise that if you have come this far, you should make your bed and lie in it. Attackers are this point will be ramping up their efforts or at least scanning environments and taking advantage of those with basic authentication enabled. This is surely not the time to re-enable legacy protocols…

But, if you really need to, or are getting pressured to do so, you can login to your Microsoft 365 admin centre to re-enable basic authentication.

How to re-enable basic authentication

  • Login into your Microsoft 365 admin center
  • Click the help icon at the top right
365 help
  • Enter the following phrase and click ‘Run Tests’: Diag: Enable Basic Auth in EXO
  • If applicable you will be able to enable basic authentication

Once you have click Update Settings, you will need to wait up to an hour until the basic authentication protocols begin to work, so bear that in mind. You also need to know, that after December 31st 2022, you will no longer be able to use basic authentication protocols for ever.

Remove the requirement to need basic authentication protocols

So you have decided to buckle up for the ride and leave basic authentication disabled. Now you need to quickly get services back up and running for your organisation. So what are you options? lets go over some common scenarios:

  • Have your MFPs stopped scanning to email? a quick solution is to ditch the SMTP details and use direct send instead. It will look a little like this:
        1. Update your SPF record to include your public IP on your printer network.
        2. Update the SMTP address on the MFP to your MX endpoint (mail.protection.outlook.com address)
        3. Continue to use port 25 with TLS enabled
        4. Ensure the sender address is one of your accepted domains
        5. If you are sending email to a domain outside of your M365 tenant, create a connector to accept mail from your public ip.
  • Line of business software stopped sending email (example; QuickBooks, Sage, Dynamics)? Conveniently some applications can shift the email sending job to the local Outlook client, but this is not always possible. You should consider using the method stated above, or sending mail to a smart host which will do the same.
  • Mobile has stopped sending/receiving email? most main stream mobile devices support modern authentication. However some users are likely still using Exchange Active Sync. This will only be the case if you are NOT using Outlook for IOS and Android or Outlook on the web. Simply removing and re-adding your mail account on your device may solve the problem, while for larger deployments you may which to consider using your MDM. If this does not resolve, ensure your OS is on the latest version first then consult the vendor documentation.
  • Email has stopped working on your workstation. If you are using a Windows workstation and are not using the Outlook client, I suggest you use this opportunity to get it installed. If you are using the Outlook client already for Windows, make sure it is updated to the latest version, Outlook 2016 and onward supports modern authentication. If you are using a Mac which continues to insist basic authentication, read this blog post here.

Daniel Bradley

My name is Daniel Bradley and I work with Microsoft 365 and Azure as an Engineer and Consultant. I enjoy writing technical content for you and engaging with the community. All opinions are my own.

This Post Has 2 Comments

  1. Clark Morgan

    Hi Daniel. This was really helpful. After multiple gyrations of trying to make basic auth/authenticated smtp as a mailer for my Laravel project, this clinched the deal and I suppose this is the better way to resolve the need. One thing I note however, is that emails sent this way do not appear in the Sent Items for mailbox in question. Is that normal? What am I missing?

    1. Daniel

      Hi Clark, yes this is the expected behaviour regarding the sent items!

Leave a Reply