Microsoft is permanently removing support for Basic Authentication in Exchange Online's SMTP service — the method many businesses, printers, and applications use to send email through Microsoft 365. If your business uses Office 365 email and has any devices, applications, or automated systems sending email, you need to know about this change before it breaks your email.
When an application or device sends email through Microsoft 365, it needs to authenticate with Microsoft's servers — essentially prove it has permission to send. For years the standard way to do this was Basic Authentication: the device provides a username and password, Microsoft checks them, and if they match, the email goes through.
Basic Authentication sounds simple because it is. Unfortunately, simple also means insecure. Basic Auth transmits your username and password in a format that's trivial to intercept — making it a major target for credential theft, brute force attacks, and phishing. Microsoft has been phasing it out across all of its services since 2019.
The replacement is OAuth 2.0 — a modern authentication standard that uses short-lived access tokens instead of stored passwords. OAuth is significantly more secure because even if a token is intercepted, it expires quickly and can be revoked without changing your password.
💡 In plain English Think of Basic Auth as using a physical key to get into a building — if someone copies your key, they can walk in any time. OAuth is more like a temporary access badge that expires after a few hours and can be deactivated remotely the moment you report it lost.
This change affects businesses using Microsoft 365 / Exchange Online (formerly Office 365) that have any of the following set up to send email using Basic Auth:
| What | Example | Affected? |
|---|---|---|
| Office printers / MFPs | HP, Xerox, Konica Minolta scan-to-email | ⚠️ Very likely yes |
| Business software | Accounting software, CRM, booking systems sending email notifications | ⚠️ Possibly yes |
| Custom scripts or automation | Python scripts, cron jobs, webhook automations sending email | ⚠️ Possibly yes |
| Regular Outlook email | Staff sending and receiving email in Outlook normally | ✅ Not affected |
| Webmail / browser email | Using Outlook.com in a browser | ✅ Not affected |
| Mobile apps | Outlook app on iPhone or Android | ✅ Not affected |
The key question is: do you have any device or application that sends email automatically using a Microsoft 365 username and password? If yes — you need to act before the deadline.
⚠️ The most common scenario The most frequently affected businesses are those with office multifunction printers (MFPs) configured to scan documents directly to email. These printers typically connect to Microsoft 365 using a username and password — classic Basic Auth — and will stop working when Microsoft flips the switch.
Microsoft has revised this timeline several times due to customer readiness concerns. Here is the current official schedule as of April 2026:
Google began rejecting emails from senders without proper authentication. A separate but related change that affected many businesses.
Microsoft implemented similar SPF/DKIM/DMARC requirements for Outlook.com, Hotmail, and Live.com recipients.
Microsoft started gradually blocking a percentage of Basic Auth SMTP connections. Some businesses may already be experiencing intermittent failures.
Microsoft is progressively increasing the percentage of Basic Auth connections being rejected. The experience is inconsistent — some connections work, others don't.
Basic Auth for SMTP AUTH will be turned off by default. IT administrators can still manually re-enable it temporarily, but this is not a long-term solution.
Microsoft will announce the date when Basic Auth is permanently and irrevocably removed — no exceptions, no re-enabling.
💡 Don't wait until December Even though the hard deadline is December 2026, Microsoft has already started blocking connections as of March 2026. Some businesses are experiencing intermittent failures right now. The sooner you migrate, the more reliable your email will be.
If you have access to your Microsoft 365 admin account:
On any printer, scanner, or application that sends email, look at the outgoing email / SMTP settings. If you see a username and password configured to connect to smtp.office365.com or smtp-mail.outlook.com — that's Basic Auth and it will stop working.
Instead of authenticating with a username and password, you configure Microsoft 365 to accept email from your specific office IP address. The device or printer connects to Microsoft's SMTP relay endpoint, and Microsoft trusts it based on your IP address rather than a password. No credentials stored on the device, no Basic Auth. This is Microsoft's recommended approach for printers and legacy devices that can't support OAuth.
If your application or device supports OAuth 2.0, configure it to use modern authentication instead of Basic Auth. This is the most secure option and the direction Microsoft wants everyone to go. Many modern business applications already support OAuth — check your software's documentation or settings for "Modern Authentication" or "OAuth" options. Note: not all printers support OAuth yet — check with your printer manufacturer.
If your application only sends email to recipients within your own organisation (internal emails only), Microsoft's High Volume Email service is an option that continues to support Basic Auth for now. This is only suitable for internal notifications — it cannot send to external email addresses like Gmail or client email addresses.
Multifunction printers are the most commonly affected device in small businesses, and unfortunately also the trickiest to fix because OAuth support varies widely by manufacturer and model.
| Manufacturer | OAuth support | Recommended approach |
|---|---|---|
| HP | Available on newer models | Check firmware version — update if needed, then configure OAuth |
| Xerox | Available on select models | Check Xerox support site for your specific model |
| Konica Minolta | Limited — in testing | Use SMTP relay (Option 1) as interim solution |
| Ricoh | Available on newer models | Check Ricoh support documentation |
| Canon | Varies by model | Check Canon support — SMTP relay as fallback |
| Older/legacy models | Not available | SMTP relay is the only option |
For most small businesses with an older printer, the SMTP relay approach is the most practical fix. It requires a one-time configuration change in your Microsoft 365 admin centre and on the printer itself — no firmware updates, no OAuth complexity.
✅ The bottom line If your business uses Microsoft 365 and has printers, applications, or automated systems sending email — check your setup now. Don't wait for things to start breaking. The SMTP relay option is straightforward to set up and will keep your email flowing without any disruption.
I can audit your email configuration and tell you exactly what needs to change — and walk you through fixing it. 23 years IT experience including Microsoft 365 and Exchange environments.
Get my setup checked →Flat fee $200–$500 · 24–48hr turnaround · No login credentials required