Baisc Authentication Vs SMTP Authentication

Hari S 36 Reputation points
2022-09-09T07:01:32.88+00:00

Hi Team,

We have few confusions on Basic Authentication Deprecation in Exchange Online – September 2022 Update

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

In our Java application we are using SMTP(smtp.office365.com) to send emails where we are setting following parameters for authentication

                    props.put("mail.transport.protocol", "smtp");  

              

		props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");  

		Session session = Session.getInstance(props, new javax.mail.Authenticator() {  

			protected PasswordAuthentication getPasswordAuthentication() {  

				return new PasswordAuthentication(config.getUsername(), config.getPassword());  

			}  

		});  

I believe whatever we are doing through above setting is SMTP_AUTH. Please correct me if I am wrong.

If its SMTP AUTH(not basic auth), Will it going to get impact on Basic Authentication Deprecation by Microsoft?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,421 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,635 questions
Exchange Server Development
Exchange Server Development
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Development: The process of researching, productizing, and refining new or existing technologies.
556 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,537 questions
{count} votes

Accepted answer
  1. Glen Scales 4,441 Reputation points
    2022-09-15T00:12:58.617+00:00

    SMTP Auth is just the protocol extension that allows a client to use Authentication when sending a message https://en.wikipedia.org/wiki/SMTP_Authentication (eg typically SMTP between two MTA's wouldn't use SMTP Auth as they are just transport messages between endpoint). How it relates to basic authentication is that basic authentication is one of the different authentication methods that is supported by SMTP Auth eg (PLAIN).

    What Microsoft have done is by default disable SMTP Auth by default in a tenant because they don't want client applications sending email via SMTP eg client apps should be using the Graph, where that is not possible you can re-enable SMTP Auth in a Tenant https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission. Previously SMTP Auth was enabled in all Tenants.

    Basic Authentication is a different matter and for a different/related reason Microsoft are disabling the ability to use basic authentication across all protocols and API endpoints and this is something you won't be able to re-enable in the future because of the security issues around basic authenticaiton.

    So if you need to use SMTP to send email you would use SMTP Auth (which you may need to re-enable in you tenant) and you need to use XOAUTH2 eg in Java https://javaee.github.io/javamail/OAuth2 to generate the access token look at the MSAL library https://github.com/AzureAD/microsoft-authentication-library-for-java

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Carlos Solís Salazar 17,976 Reputation points MVP
    2022-09-09T12:40:18.15+00:00

    Hi @Hari S
    Thank you for asking this question on the **Microsoft Q&A Platform. **

    In this document I found:

    SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible.

    Microsoft recommends Authenticate an IMAP, POP or SMTP connection using OAuth

    Hope this helps,

    ----------

    Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
    NOTE: To answer you as quickly as possible, please mention me in your reply.


  2. Brian 1 Reputation point
    2022-11-22T20:39:58.333+00:00

    Lets say you have the following types of authentication:

    Password-based authentication.
    Multi-factor authentication.
    Certificate-based authentication.
    Biometric authentication.
    Token-based authentication.

    If using you used the "Password-based authentication" this is considered basic authentication and will deprecated. If you are using SMTP_AUTH this just means you need you now need to pick another authentication type instead. Looks like the above code snippet is using basic authentication.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.