Move on from Exchange Online SMTP Basic Authentication with Client Submission

Intro

Link to full Microsoft article:
https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750

Microsoft are closed one of the older legacy protocols; SMTP with basic authentication.
Due late september 2025, now is the time to prepare your systems for the decommission of SMTP relay using the old basic authentication.

This article talks about a few ways to modernize sending mails.

High volume email (HVE) – Public Preview

https://learn.microsoft.com/da-dk/Exchange/mail-flow-best-practices/high-volume-mails-m365
High volume email is still in public preview, therefore we can not be sure Microsoft will not change the service or decommission it again if they encounter issues.

Send email with Microsoft Graph – Create app in Entra ID

For customers who use Office 365, Microsoft Graph is the recommended email provider modern apps. This email provider replaces the deprecated Basic SMTP Authentication with Client Submission.

You must have the following permissions to set up the Microsoft Graph integration:

  • Entra ID Applications Administrator

To create an app, follow these steps.

  • Sign in to Entra Admin Center.
  • Go to > App registrations > New application.
  • Enter the following values:
  • Name – Enter the name of your app.
  • Supported account types – Enter only accounts that are directly in this organization (single tenant).
  • Select Register.

Important
Make a note of the Application (client) ID value. You will use this value to connect to the Microsoft Graph service from your application later.

Important
Be sure to capture the Application (client) ID value before you continue.

To add permissions, follow these steps:

  • Select Manage > API permissions > Add a permission > Microsoft APIs > Microsoft Graph.
  • Select Application permissions, and enable Mail.Send.

Tip
By default, the app should include the User.Read delegated permission for Microsoft Graph. If that permission is missing, you must add it from the delegated permissions.

  • Select Add permissions.
  • Select Grant admin consent for to allow emails to be sent.

To create a client secret, follow these steps:

  • Select Manage > Certificates and secrets.
  • On the Client secrets tab, select New client secret.
  • Enter a value in the Description and Expires fields, and then select Add.
  • Make a note of the Secret value value. You will use this value to connect to the Microsoft Graph service from your application.

SendGrid – Microsoft trusted 3. party SMTP service

https://sendgrid.com/en-us/solutions/email-api/smtp-service
Customers with legacy applications that require basic authentication, can opt in for SendGrid.

Plans can be purchased via Azure subscription, using the Azure Marketplace. Search for Twillo SendGrid and get started within minutes.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *