DISABLING SMTP AUTH.

Microsoft is fundamentally changing how email is sent via Microsoft 365: The classic SMTP-AUTH procedure with basic authentication will be permanently removed from the network in the coming months.

This change is part of a broader security strategy by Microsoft. The goal is to replace outdated and vulnerable authentication procedures and make the cloud email infrastructure more resistant to attacks.

Until now, many companies have been using the SMTP AUTH protocol with basic authentication to send emails via Microsoft 365 – for example, from web forms, applications, printers, or multifunction devices.

All that is required is a user name and password, which is technically simple but is increasingly considered insecure. Microsoft has announced that it will remove this basic authentication from the SMTP context. The shutdown will take place in stages:

• · Starting March 1, 2026, the first connections that still use basic authentication will be rejected.

• · Starting April 30, 2026, basic authentication for SMTP AUTH will be completely disabled, and all connections will fail.

After the shutdown, Microsoft typically displays the error message “550 5.7.30 Basic authentication is not supported for Client Submission.” This means that email delivery via SMTP is blocked until a modern authentication method is used.

The change primarily affects scenarios in which applications or devices send emails without modern authentication:

• · Website forms (e.g., contact, support, registrations)
• · CRM or ERP systems that send emails automatically
• · Multifunction devices such as scanners or printers
• · Monitoring and alarm functions that send emails
• · Scripts or integrations that use SMTP with username and password

Email clients such as Outlook, which already use modern OAuth-based authentication methods, are generally not affected. The problem arises where existing software or devices still use Basic Auth.

The main reason for this change is security: Basic Authentication often transmits access data with insufficient protection and is vulnerable to attacks, credential theft, and automated brute force attempts. Modern authentication (mainly OAuth 2.0) no longer passes passwords directly to applications, but uses a token-based system instead.

First, you should check which systems still use basic authentication, for example, via the SMTP AUTH Client Submission Report in the Exchange Admin Center. For applications and devices that still require SMTP, there are several options:

• Use OAuth 2.0: Many modern software solutions already support modern authentication.

• Alternative interfaces: The Microsoft Graph API offers a secure alternative to classic SMTP for many use cases.

• Use relay solutions or third-party SMTP relays that support modern authentication.
   

Those who fail to make the switch risk important emails no longer being sent from April 2026 onwards – such as automatic confirmations, system alerts, or customer communications. Especially when these processes are deeply embedded in business operations, this can lead to company-wide disruptions.

Disabling SMTP AUTH with basic authentication in Microsoft 365 is a significant step toward greater security and modern IT standards. However, for many companies, it means that technical action is required. This is particularly true in areas where automated emails are part of daily business.

You should plan and implement the switch to OAuth-based authentication or alternative email interfaces now. Otherwise, there is a risk of interruptions in email communication from spring 2026 onwards.

We are happy to assist you with the transition: from analyzing your existing email processes and evaluating technical options to implementing secure procedures in consultation with your IT partners.

We will update your authentication.