Microsoft has announced that Basic Authentication for SMTP in Microsoft 365 Exchange Online email will end in 2026 for security and data protection. Before Basic Authentication ends, all SMTP connections that still use Basic Authentication need to change to Modern Authentication (OAuth 2.0).

Starting March 1, 2026, there will be gradual rejection of Basic Auth submissions. On April 30, Basic Authentication will no longer work and all attempts to connect will fail with an error, “550 5.7.30 Basic authentication is not supported for Client Submission.” Basic Authentication has already been removed from all other Microsoft protocols.

This change will affect:

• Automated systems or scripts that send email using hardcoded credentials
• Multifunction devices, like printers or scanners, that email files and lack OAuth support. Note: Devices that send through AppSMTP (which is most of them) will not be affected by this change
• Any legacy application in use at Cornell that is still configured to use Basic Authentication

For details, see Microsoft’s Exchange Online to retire Basic auth for Client Submission.

Review the following list to make sure systems you manage are not still using Basic Authentication for SMTP.

Legacy applications

• Older web apps or internal tools that send email notifications (for example, password resets or alerts) using hardcoded SMTP credentials
• Custom scripts written in languages like PHP, Python, or PowerShell that authenticate with username/password

Multifunction devices

• Printers, copiers, and scanners that email documents directly to users. These may lack OAuth support.

Monitoring and alerting systems

• Network monitoring tools that send alerts via SMTP
• Security systems that email logs or intrusion alerts

Batch jobs and scheduled tasks

Automated jobs that send reports, data extracts, processes, or scheduled scripts that email status updates

Other integrations

• Older integrations between systems and Microsoft 365 that rely on SMTP Basic Authentication for outbound mail
• Portals or registration systems that send confirmations
• Event management tools that email attendees