Exchange Online – Get ready for the retirement of Basic Authentication
In the process of re enforcing security, one of the key is to use robust and secure authentication protocols and methods.
1 min read
If you are working with Exchange Online, chances are you have some components in your environment (applications, network devices…) which need to access mailboxes hosted in Exchange Online.
Well, until now the only way for most of these components was to use POP/IMAP/SMTP connections; which we all know is not the most secure protocols.
Good news, following the previous announcement of the Basic Authentication retirement, support for OAuth authentication for IMAP and SMTP (POP is currently being rolled out) is now available to access Exchange Online mailboxes.
To start enjoying this, you need first to register an application in Azure AD (see https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app), delegate permissions to this Azure AD application for IMAP/POP/SMTP using the Delegated permissions blade using Microsoft Graph
The permissions to be delegated depend of the protocol you are using
| Protocol | Permission Scope |
| IMAP | IMAP.AccessAsUser.All |
| POP | POP.AccessAsUser.All |
| SMTP Auth | SMTP.Send |
![image_thumb[1]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb1-142.png "image_thumb[1]")
![image_thumb[2]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb2-113.png "image_thumb[2]")
Then using the MSAL client libraries, you need to fetch an access token which will be used for authenticating your application.
OAuth integration with your application requires the use of SASL XOAUTH2 format for encoding and transmitting the access token.
base64(“user=” + userName + “^Aauth=Bearer ” + accessToken + “^A^A”)
Details are available here: