End of Life for Basic SMTP Authentication: August 2025 Update, Report and PowerShell

Timeline

The end of Basic Authentication for SMTP (SMTP Auth) has been postponed from September 2025 to March 1, 2026, with a final cutoff planned for April 30, 2026.

The new deadlines are shown in the image below.

SMTP Auth Report

Via Exchange Admin Center

To identify accounts or addresses using Basic SMTP Authentication, Microsoft provides reports.
Go to Exchange Online Admin Center > Reports > Mail Flow> SMTP AUTH clients report (Direct link: https://admin.cloud.microsoft/exchange?#/reports/smtpauthmailflowdetails)

In the report, check the Authentication protocol column and look for the value Basic Authentication to identify accounts that use this.

If you want more details about the specific emails, you can request a full report by clicking on Request Report.

You’ll need to enter a name, a start and end date, and an email address to receive the download link. Depending on your email volume, report generation may take several hours.

You’ll receive a download link at the address specified. Depending on your email volume, report generation may take several hours.

SMTP Auth Report via PowerShell

If you follow this blog or my posts on LinkedIn, you know I’m not a fan of too much "click-click", I prefer going straight to the point (via PowerShell or other tools).

As previously mentioned, you can request a report from the report page. But if you prefer to do it directly via PowerShell, it’s possible:

 Start-HistoricalSearch -ReportTitle "Custom SMTPBasicAuth" -ReportType "SmtpCSReport" -StartDate (Get-Date).AddDays(-2) -EndDate (Get-Date) -NotifyAddress [email protected]

To check the progress status:

Get-HistoricalSearch | Select-Object Identity, SubmitDate, Status, ReportTitle, EstimatedCompletionTime, JobProgress

You’ll receive a download link at the address specified in NotifyAddress. Depending on your email volume, report generation may take several hours.

Replacement Solutions for SMTP Auth

You have several options

• Third-party solution: I recommend Postmark, which I’ve used for years:
  • No SPF modification needed (a big plus in some cases)
  • Template management
  • Access via API and classic SMTP
  • Sending from a specific address or domain
    Perfect for applications, developers, and automation platforms (available modules in Make, n8n, and Zapier)
• Azure ACS
• Microsoft High Volume EMAIL (HVE): Still in preview. Mainly for internal recipients. The account must be excluded from conditional access policies, especially MFA. A dedicated article will be published soon.
• SMTP relay with connector in Exchange Online
• Exchange Online account with SMTP OAuth

General recommendations regardless of your choice:

• Do not use Exchange Online’s Direct Send as a replacement (anonymous sending without a connector), it’s even recommended to block it: https://itpro-tips.com/block-direct-send-in-exchange-online/
• Secure your sending platform: unauthorized access can be a serious risk, especially if you handle client domains (marketing, mass mailing, etc.)
• Use a dedicated subdomain like app.tondomaine.com for application messaging.