Last year, we announced that we would enable OAuth 2.0 support for IMAP, SMTP AUTH protocols and retire Basic Authentication access to Exchange Online mailboxes.
Today, we’re announcing the availability of OAuth 2.0 authentication for IMAP, SMTP AUTH protocols to Exchange Online mailboxes. If you have an existing application that reads or sends email using one or more of these two protocols, the new OAuth authentication method will enable you to implement secure, modern authentication experiences for your users. This functionality is built on top of Microsoft Identity platform (v2.0) and supports access to email of Microsoft 365 (formerly Office 365) users.
Detailed step-by-step instructions for authenticating to IMAP, SMTP AUTH protocols using OAuth are now available for you to get started.
While you can use IMAP, SMTP AUTH to access Exchange Online mailboxes, Microsoft Graph continues to be the best way to access Microsoft 365. It provides a unified programmability model that you can use to access the tremendous amount of data in Microsoft 365. You can learn more at Microsoft Graph documentation.
What’s supported with this release?
With this release, your app can use one of the following OAuth flows to authorize and get access tokens on behalf of a user.
OAuth2 client credentials grant flow that enables access without a user is not supported. If your application needs persistent access to ALL mailboxes in a Microsoft 365 organization, we recommend that you use the Microsoft Graph APIs, which allow access without a user in addition to access on behalf of a user, enable granular permissions, and let administrators scope such access to a specific set of mailboxes.
We are in the process of rolling out OAuth 2.0 support for POP protocol and will update this blog whenthe rollout is complete.
What are you waiting for? Follow these detailed step-by-step instructions to implement OAuth 2.0 authentication in your application to access IMAP and SMTP AUTH protocols in Exchange Online.
The Exchange Team