Timeline
The end of Basic Authentication for SMTP (SMTP Auth) has been postponed from September 2025 to March 1, 2026, with a final cutoff planned for April 30, 2026.
The new deadlines are shown in the image below.

SMTP Auth Report
Via Exchange Admin Center
To identify accounts or addresses using Basic SMTP Authentication, Microsoft provides reports.
Go to Exchange Online Admin Center > Reports
> Mail Flow
> SMTP AUTH clients report
(Direct link: https://admin.cloud.microsoft/exchange?#/reports/smtpauthmailflowdetails)
In the report, check the Authentication protocol
column and look for the value Basic Authentication
to identify accounts that use this.

If you want more details about the specific emails, you can request a full report by clicking on Request Report
.

You’ll need to enter a name, a start and end date, and an email address to receive the download link. Depending on your email volume, report generation may take several hours.

You’ll receive a download link at the address specified. Depending on your email volume, report generation may take several hours.

SMTP Auth Report via PowerShell
If you follow this blog or my posts on LinkedIn, you know I’m not a fan of too much "click-click", I prefer going straight to the point (via PowerShell or other tools).
As previously mentioned, you can request a report from the report page. But if you prefer to do it directly via PowerShell, it’s possible:
Start-HistoricalSearch -ReportTitle "Custom SMTPBasicAuth" -ReportType "SmtpCSReport" -StartDate (Get-Date).AddDays(-2) -EndDate (Get-Date) -NotifyAddress [email protected]
To check the progress status:
Get-HistoricalSearch | Select-Object Identity, SubmitDate, Status, ReportTitle, EstimatedCompletionTime, JobProgress

You’ll receive a download link at the address specified in NotifyAddress
. Depending on your email volume, report generation may take several hours.
Early end of SMTP Basic Auth
My tenant is already blocked for sending via SMTP Basic Auth
Mon tenant est déjà bloqué pour l'envoi SMTP Basic Auth
If you have never used Basic Authentication, it is likely that Microsoft has already disabled SMTP Basic Auth. In fact, in their article about the end of Basic Auth on other protocols at the end of 2022:
What we are changing
We removed the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Autodiscover, Outlook for Windows, and Outlook for Mac.
We also disabled SMTP AUTH in all tenants where it wasn't being used.
You can check this with the command :
Get-TransportConfig | Select SmtpClientAuthenticationDisabled
If it's True
, then it's already disabled on your tenant.
Although I don't recommend reactivating it, you can reactivate it using :
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
I want to disable SMTP Basic Auth globally now
If you don't want to wait for Microsoft to disable it, you can disable SMTP Basic Auth for your entire organization right now:
Set-TransportConfig | Select SmtpClientAuthenticationDisabled
I want to disable SMTP Basic Auth on only a few mailboxes right now
You can also block SMTP Basic Auth on most of your mailboxes, while retaining a few for the time it takes to migrate them. To block SMTP Basic Auth on a box :
Set-CASMailbox -Identity <MailboxIdentity> -SmtpClientAuthenticationDisabled $false
Replacement Solutions for SMTP Auth
You have several options:
- Third-party solution: I recommend Postmark, which I’ve used for years:
- No SPF modification needed (a big plus in some cases)
- Template management
- Access via API and classic SMTP
- Sending from a specific address or domain
Perfect for applications, developers, and automation platforms (available modules in Make, n8n, and Zapier)
- Azure ACS
- Microsoft High Volume EMAIL (HVE): Still in preview. Mainly for internal recipients. The account must be excluded from conditional access policies, especially MFA. A dedicated article will be published soon.
- SMTP relay with connector in Exchange Online
- Exchange Online account with SMTP OAuth
- Any other e-mail solution (Postfix, etc.).
General recommendations regardless of your choice:
- uses a currently supported solution to avoid having to start all over again in a few months' time. That's why I haven't included IIS SMTP (which is based on IIS 6, unsupported for many, many years and even discontinued as of Windows Server 2025), nor hMail, which have been widely used solutions but are no longer supported.
- do not use Exchange Online’s Direct Send as a replacement (anonymous sending without a connector), it’s even recommended to block it: https://itpro-tips.com/block-direct-send-in-exchange-online/
- secure your sending platform: unauthorized access can be a serious risk, especially if you handle client domains (marketing, mass mailing, etc.)
- use a dedicated subdomain like
app.domain.com
for application messaging.
Comments