Update: On April 3rd 2020, the Exchange Team announced that due to the COVID019 crisis, they will postpone disabling legacy authentication until the second half of 2021.

Update: On April 30 2020, the Exchange Team announced that OAuth 2.0 authentication for IMAP and SMTP AUTH protocols is now available. In order to leverage this functionality mail clients need to start using it (so they need an update). Michel de Rooij did a nice article on how to configure Thunderbird for oAuth2 which you can read here: Configuring Exchange Online with IMAP & OAuth2

Update: On May 28 2020, the Exchange Team announced that OAuth support for POP is now also available for Exchange Online.

Update: On June 30th 2020, the Microsoft Exchange Team announced support for Modern Authentication in scripts using the new Exchange PowerShell module, see: Modern Auth and Unattended Scripts in Exchange Online PowerShell V2

On March 7, 2018 the Microsoft Exchange Team announced that on October 13, 2020 it would stop the support for Basic Authentication (also called Legacy authentication) for Exchange Web Services (EWS) in Exchange Online (EXO), the version of Exchange offered as a service part of Office 365. EWS is a web service which can be used by client applications to access the EXO environment. The team also announced that EWS would not receive any feature updates anymore, and suggests customers to transition towards using Microsoft Graph to access EXO.

One and a half year later, on November 20, 2019 the Exchange Team also announced to stop supporting Basic Authentication for Exchange ActiveSync (EAS), Post Office Protocol (POP), Internet Message Access Protocol (IMAP) and Remote PowerShell on October 13 2020 as well. Authenticated Simple Mail Transfer Protocol (SMTP) will stay supported when used with Basic Authentication.

Instead of supporting Basic/Legacy authentication Microsoft will move towards only supporting Modern Authentication for most of the methods used to connect to Exchange Online.

Read More