Solved Does the end of O365 Basic Authentication mean no more app passwords

JaredBusch

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

BraswellJay

@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

I got caught by this last week myself. There is a one time ability to reenable basic auth through the rest of 2022 which is what I did for now. According to what I found though this is a one time grace period that will not be extended again. I took advantage though to give a little more time to find a different method.

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

Dashrender

No help for IMAP, but I found this

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

Notice it says not compatible with Security Defaults. With MS enabling Security Defaults on everyone at some point or another, I don't know if you can choose to just disable it again?

JaredBusch

@BraswellJay said in Does the end of O365 Basic Authentication mean no more app passwords:

I got caught by this last week myself. There is a one time ability to reenable basic auth through the rest of 2022 which is what I did for now. According to what I found though this is a one time grace period that will not be extended again. I took advantage though to give a little more time to find a different method.

Yeah, I wasn't even thinking about IMAP/POP regarding basic auth. I've turned Basic Auth back on only for IMAP at this client and told them to send a report to their vendor.

1337

@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.

That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.

scottalanmiller

@Pete-S said in Does the end of O365 Basic Authentication mean no more app passwords:

@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.

That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.

We have customers doing that. Setting up MailCow to get past all the primary vendor security systems.

1337

@scottalanmiller said in Does the end of O365 Basic Authentication mean no more app passwords:

@Pete-S said in Does the end of O365 Basic Authentication mean no more app passwords:

@JaredBusch said in Does the end of O365 Basic Authentication mean no more app passwords:

Customer has a LoB application called Enfocus Switch.

It has a mail retrieval function that connects via IMAP using an app password on a normal O365 email account with MFA enabled.

It stopped retrieving email on the morning of Wednesday October 12th.

Since Microsoft finally killed Basic Auth on Tuesday, I assume this is related, but I can find no information on this at all.

The vendor do what they do, but I noticed that most applications that need this kind of functionality uses mail forwards from customers mailboxes to their own IMAP mailboxes.

That can be a way to solve this when microsoft kills it. Redirect from customers O365 mailbox to another provider that supports IMAP with normal authentication. Have the LoB application use that inbox instead.

We have customers doing that. Setting up MailCow to get past all the primary vendor security systems.

That makes sense.

I think you could probably run a bare mailserver with just dovecot as well. Since it only needs to handle incoming email from Microsoft and be an IMAP server, there's a lot things that becomes irrelevant - like spam detection, ip reputation etc.