Effectively September 2022, Exchange online has blocked IMAP/POP so if you have connected exchange online account to any of your applications to send email notifications, they won’t work again because Microsoft has Blocked that. Do the following to reactivate it.
open the Microsoft 365 admin center and click the green Help & support button in the lower right-hand corner of the screen.
When you click the button, you enter our self-help system. Here you can enter the phrase “Diag: Enable Basic Auth in EXO”
Customers with tenants in the Government Community Cloud (GCC) are unable to use the self-service diagnostic covered here. Those tenants may opt out by following the process contained in the Message Center post sent to their tenant today. If GCC customers need to re-enable a protocol following the Oct 1st deadline they will need to open a support ticket.
Opting Out (not available since October 1)
Update October 2: As per our original timeline, diagnostic opt-out mode is not available anymore. Customers can now use diagnostic only to re-enable basic authentication. Please see the flow chart below.
During the month of September 2022, the diagnostic will offer only the option to opt-out. By submitting your opt-out request during September, you are telling us that you do not want us to disable basic for a protocol or protocols during October. Please understand we will be disabling basic auth for all tenants permanently in January 2023, regardless of their opt-out status.
The diagnostic will show a version of the dialog below, and you can re-run it for multiple protocols. It might look a bit different if some protocols have already been disabled. Note too that protocols are not removed from the list as you opt-out but rest assured (unless you receive an error) we will receive the request.
Update 10/2/2022: Every customer who has opted out so far, can now see a Message Center post if we have received their opt-outs. MC441440. That post summarizes the opt-outs on record for the tenant. If you don’t see MC441440, you did not register an opt-out in time or at all. Please do not call support to request an opt-out, they will not be able to help. You will have to wait for protocols to be disabled in your tenant, and then re-enable per the section below.
Re-Enabling Basic for protocols (available since October 1)
During the month of September, the diagnostic can not be used to re-enable basic auth (it is in opt-out only mode). If you require one of the protocols to be re-enabled for basic auth during the month of September, please open a support ticket with Microsoft. Note – you can re-enable basic auth for SMTP Auth by yourself and follow best practices; see this article.
Starting October 1, the diagnostic will only allow you to re-enable basic auth for a protocol that it was disabled for.
If you did not opt-out during September, and we disabled basic for a protocol you later realize you need, you can use this to re-enable it.
Within an hour (usually much sooner) after you run the diagnostics and ask us to re-enable basic for a protocol, basic auth will start to work again.
At this point, we have to remind you that by re-enabling basic for a protocol, you are leaving your users and data vulnerable to security risks, and that we have customers suffering from basic auth-based attacks every single day (but you know that already).
Starting January 1, 2023, the self-serve diagnostic will no longer be available, and basic auth will soon thereafter be disabled for all protocols.
