Baisc Authentication Vs SMTP Authentication

Hari S 36 Reputation points

Hi Team,

We have few confusions on Basic Authentication Deprecation in Exchange Online – September 2022 Update

In our Java application we are using SMTP( to send emails where we are setting following parameters for authentication

                    props.put("mail.transport.protocol", "smtp");  


		props.put("mail.smtp.socketFactory.class", "");  

		Session session = Session.getInstance(props, new javax.mail.Authenticator() {  

			protected PasswordAuthentication getPasswordAuthentication() {  

				return new PasswordAuthentication(config.getUsername(), config.getPassword());  



I believe whatever we are doing through above setting is SMTP_AUTH. Please correct me if I am wrong.

If its SMTP AUTH(not basic auth), Will it going to get impact on Basic Authentication Deprecation by Microsoft?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
16,628 questions
Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
3,998 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
3,701 questions
Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
444 questions
{count} votes

Accepted answer
  1. Glen Scales 4,416 Reputation points

    SMTP Auth is just the protocol extension that allows a client to use Authentication when sending a message (eg typically SMTP between two MTA's wouldn't use SMTP Auth as they are just transport messages between endpoint). How it relates to basic authentication is that basic authentication is one of the different authentication methods that is supported by SMTP Auth eg (PLAIN).

    What Microsoft have done is by default disable SMTP Auth by default in a tenant because they don't want client applications sending email via SMTP eg client apps should be using the Graph, where that is not possible you can re-enable SMTP Auth in a Tenant Previously SMTP Auth was enabled in all Tenants.

    Basic Authentication is a different matter and for a different/related reason Microsoft are disabling the ability to use basic authentication across all protocols and API endpoints and this is something you won't be able to re-enable in the future because of the security issues around basic authenticaiton.

    So if you need to use SMTP to send email you would use SMTP Auth (which you may need to re-enable in you tenant) and you need to use XOAUTH2 eg in Java to generate the access token look at the MSAL library

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Carlos Solís Salazar 12,996 Reputation points

    Hi @Hari S
    Thank you for asking this question on the **Microsoft Q&A Platform. **

    In this document I found:

    SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible.

    Microsoft recommends Authenticate an IMAP, POP or SMTP connection using OAuth

    Hope this helps,


    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.

  2. Brian 1 Reputation point

    Lets say you have the following types of authentication:

    Password-based authentication.
    Multi-factor authentication.
    Certificate-based authentication.
    Biometric authentication.
    Token-based authentication.

    If using you used the "Password-based authentication" this is considered basic authentication and will deprecated. If you are using SMTP_AUTH this just means you need you now need to pick another authentication type instead. Looks like the above code snippet is using basic authentication.

    0 comments No comments