This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Planned termination of Basic Authentication for Outlook 365: Does this affect you?

Microsoft is planning to no longer allow Basic Authentication when accessing Outlook/Microsoft 365 using POP3 or IMAP. Authentication will be handled using OAuth2.

Environment

SBM / TeamTrack accessing mailboxes in the Outlook 365 cloud for the following functionality:  Email Submit and SBM Notelogger.

Situation

Microsoft will retire Basic Authentication for accessing mailboxes on Outlook 365/Exchange Online as of October 2022.  It will be necessary to update SBM to 11.8 or better in order to be able to setup SBM Email Submit and SBM Notelogger to access these mailboxes for submitting new items or attaching notes to existing items.  The following is a list of changes that can be made.

  1. Setup SBM 11.8 or better to use OAuth2 when accessing Exchange Online.  
  2. An alternative to setting up SBM to use OAuth2 with Exchange Online is to run an internal mail server that SBM can use to access email

The change from O365 basic authentication to OAuth2 authentication uses the MS Graph API and User Consent.  Because this involves working in your company Azure tenant, the setup will require working closely with your tenant administrator.  There are many ways that your O365 tenant can be configured.  We have included as many tips / troubleshooting issues in the KB as possible, but the setup is still complicated.  If you are looking to put your SBM email submit and or note logger into your O365 cloud, we urge you to start early.

  • 0

    Thank you for putting this together David. Very good summary and advice with the very detailed KB article. As we prepare for our transition we have to first upgrade to 11.8 in order to setup OAuth. As such we'll be attempting to test out OAuth in an 11.8 Sandbox we already have setup.  Since we only use mailclient for Email Responses we'll need to establish a new mailbox for testing so we don't pull and process messages from our single Prod mailbox.  Our Prod mailbox is associated with a service account.  One question I have is whether or not it matters whether we do the same for testing or can simply setup a shared mailbox?  I didn't know if mailclient has any requirements in this regard

  • 0   in reply to 

    Derek,

    It may be possible to use shared mailbox if you add the correct graph privilege to access the shared mailbox. I will test this out shortly.

    David

  • 0 in reply to   

    Thank you for checking.  Please do let me know as I'll soon put a request in for the new mailbox for testing, whether shared or via full service account like our existing one.

  • 0

    David:

    Will this change by Microsoft affect the regular Notification Engine?

  • 0   in reply to 

    It really only impacts incoming emails into SBM. So, this is the email submit and the notelogger (which records replies to notifications). It does not impact outgoing emails such as normal notifications (from notifications rules) and item emails (from the Actions menu of an individual item).  I think the notelogger is the trick for most customers. As I mentioned, outgoing email from an items' action menu will go out. But, if the person who gets that emails replies back, that reply is added to the item via notelogger.  Without notelogger, those email discussions won't be recorded in the item.

  • 0 in reply to 

    In addition to what Vickie mentions.....Email Responses to notifications is another area as that configuration allows users to respond to emails, with links or buttons, in order to take action on the item.  Think of Approve or Rejecting an item from email and this performs that transition.  It does this by sending an email to the mailbox configured with a special token and will perform the transition.  For this to work it is also a case where a mailbox must be connected to and read from.  Hope that helps.

  • 0 in reply to   

    hello David, checking back to see if you were able to test this out and have any recommendations for our new test mailbox yet.  Thank you!

  • 0   in reply to 

    Hi Derek.  I did not have any luck getting shared mailboxes to work with OAuth2.  

    Dave

  • 0   in reply to 

    Good point Derek. You are right. Replies from links or buttons within a notification emails are still done by the incoming notelogger engine and would be impacted.

  • 0   in reply to 

    Paul, 

    Microsoft says "SMTP AUTH will still be available when Basic authentication is permanently disabled".  They do recommend moving off of SMTP Auth.  Most customers that I have seen are currently using SMTP relays to O365.  

    Regards, 

    David