Exchange Online (Office365) custom SMTP authentication deprecation
Overview
In September 2021, Microsoft announced that effective October 1, 2022, they will begin disabling Basic Authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used.
If you have connected any distribution lists or Exchange Online mailboxes to Front via custom SMTP, SMTP Auth should still be enabled for you. As long as your IT team does not disable Front’s ability to leverage Basic Authentication with SMTP Auth, your team‘s experience on Front will continue as normal.
However, we encourage moving away from Basic Authentication with SMTP Auth when possible. Front supports modern authentication protocols through Microsoft Graph API and OAuth when using Exchange Online individual and shared mailboxes.
For more information, see the following Microsoft articles:
Important to know
Have your IT Team double-check that SMTP Auth is enabled for any distribution lists or custom SMTP mailboxes connected to Front. See below for more information.
If you are a new Front customer and have security defaults enabled in your Exchange Online organization, SMTP Auth is already disabled. For more information, see Microsoft’s article: What are security defaults?
If your authentication policy disables basic authentication for SMTP, clients cannot use the SMTP Auth protocol even if you enable the settings outlined in this article. For more information, see Microsoft’s article: Disable Basic authentication in Exchange Online.
Available options
Convert distribution lists to shared mailboxes
As a best practice, Front recommends using shared mailboxes in lieu of distribution lists as the connection between Front and your Exchange tenant would then leverage modern authentication protocol (OAuth), recommended by Microsoft. This option would also allow you to retain all inbound/outbound messages in your own Exchange instance.
Step 1: Convert your distribution list to a shared inbox
Step 2: Add the shared inbox to Front via two-way sync (OAuth)
Enable SMTP Auth at the mailbox level
If you still need to use SMTP Auth for your custom SMTP channels in Front, you can disable SMTP Auth in your Exchange Online organization (tenant level), and enable it at the mailbox level for the mailboxes that require it.
There are two settings that can help you do this:
An organization-wide setting to disable (or enable) SMTP Auth.
A per-mailbox setting that overrides the tenant-wide setting.
Check out Microsoft’s article here for detailed instructions.
Reply using user mailboxes
If you don't mind sharing your personal work email addresses with your customers, you can consider updating your personal preference to replying with your work email address. This will ensure all outbound messages will be delivered through and retained on your exchange server.
FAQ
Should we move off of Basic Authentication?
Not necessarily. As a best practice, Front recommends using shared mailboxes in lieu of distribution lists as the connection between Front and your Exchange tenant would then leverage modern authentication protocol (OAuth), recommended by Microsoft. However, if you’re unable to transition your distribution lists to shared mailboxes, Microsoft recommends enabling SMTP Auth at the mailbox level.
If I disable SMTP Auth in Exchange Online, can I re-enable it?
Yes. You can re-enable SMTP Auth using Microsoft’s instructions here.