End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
mtv
New user
New user
Posts: 2
Joined: 2020-05-13 12:45

End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by mtv » 2020-05-13 12:54

hI,

I use hmail to connect to my office365 as an external account (pop3).

When MS discontinue their simple authentication for office365, how are you planning to connect to office365 using OAUTH2?


https://developer.microsoft.com/en-us/o ... customers/


Thanks
Masi

User avatar
mattg
Moderator
Moderator
Posts: 20845
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by mattg » 2020-05-13 16:55

30 October is fair way off, and they may change their mind again

30 October 2018 they were going to turn off TLSv1.0 and TLSv1.1 and force all users to access Office365 with TLSv1.2 only - but on the day, they changed their minds, and still haven't implemented that. And just about everyone except Microsoft does TLSv1.3 now

Personally I don't believe that OAUTH 2.0 will stop spammers, it'll just add an extra step for them to overcome

gMail is making the same noises, so I guess that we had better start making some inroads
This will ONLY affect POP3 external downloads
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

mtv
New user
New user
Posts: 2
Joined: 2020-05-13 12:45

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by mtv » 2020-05-14 01:16

True, It will not stop the spammer but it will make it more difficult for the brute force hackers to hijack people's account.


Since OAUTH2 two-legged (machine-2-machine) authentication will require an access token to be tied to a specific client machine, hackers will have to be lot more clever.
This will separate the boys from the men :-)

Anyway, yahoo is also migrating to OAuth2 and they are a lot more advanced in that field than MS.

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by SorenR » 2020-05-14 01:28

Hmm ... Yahoo! ... Always wondered how they manage to stay in business for this long :mrgreen:

- "You Always Have Other Options"
- "An ignorant rural person"
- "Australian slang word meaning uncouth lout."
- "Yahoo is an uneducated person with a backwoods mentality."

I'd like to see a good stable OAUTH 2.0 library.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jimimaseye
Moderator
Moderator
Posts: 8587
Joined: 2011-09-08 17:48

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by jimimaseye » 2020-05-14 09:31

I use Yahoo (for me and my family) and Very happy with them. Been using them for 10 years or more. Disposable addresses (as plus addressing) very handy and the inspiration for the script I provided. I have over 20 different different addresses all under the one account all serving different purposes (and personally have 2x Yahoo accounts). And set similar uses for other members of the extended family for their benefit too.

Recommended.

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

User avatar
SorenR
Senior user
Senior user
Posts: 3582
Joined: 2006-08-21 15:38
Location: Denmark

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by SorenR » 2020-05-14 10:01

jimimaseye wrote:
2020-05-14 09:31
I use Yahoo (for me and my family) and Very happy with them. Been using them for 10 years or more. Disposable addresses (as plus addressing) very handy and the inspiration for the script I provided. I have over 20 different different addresses all under the one account all serving different purposes (and personally have 2x Yahoo accounts). And set similar uses for other members of the extended family for their benefit too.

Recommended.

[Entered by mobile. Excuse my spelling.]
I scrapped mine when Yahoo closed down in Denmark... I created my first Yahoo address for our internal company ICQ Geek Hotline in 1998.
I've had my own mailserver since 2001 so never had much need for off-site disposable email.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
jim.bus
Senior user
Senior user
Posts: 357
Joined: 2011-05-28 11:49
Location: US

Re: End of support for Basic Authentication access to Exchange Online API’s for Office 365 customers

Post by jim.bus » 2020-05-18 07:00

I'm not sure if this is relevant but I read the following link https://docs.microsoft.com/en-us/office ... office-365.

If I read this link correctly, it seems to indicate that the removal of support for TLS v1 and 1.1 only applies to connections made to Office 365 Business, Sharepoint Server 2016, and Sharpoint Server 2010 and it looks like Exchange Server Online.

mtv, does not state which version of Office 365 is being used but assuming Office 365 non business or GCC version, then the webpage in the link does not seem to indicate that mtv will have any issue. And the only information I could find on removal of Basic Authentication was in reference to Exchanger Server online.

Post Reply