I had a call from a customer in Abingdon (just a few miles from Oxford) who could no longer configure his Microsoft Office 365 email account inside a Windows 10 desktop email client. After a bit of back and forth, it became clear that he was using IMAP / SMTP configuration and some sort of “ancient” email client (I didn’t have a TeamViewer connection and could not tell what software exactly he was using). He was entering the correct IMAP / SMTP server details (shown below) and the correct Microsoft 365 username and password. Regardless, the email client was repeatedly asking for a password and throwing errors, something IMAP and SMTP servers were rejecting the connection…
- IMAP: outlook.office365.com, port 993 SSL/TLS
- SMTP: smtp.office365.com, port 587 STARTTLS
A bit of background – traditionally IMAP / SMTP setup used basic authentication where username and password are saved by the email client and sent to an email provider for authentication. This is now considered outdated and insecure, and most email providers (including Microsoft and Google) prefer “modern” OAuth authentication. With OAuth, the user is presented with with Microsft / Google login prompt and after entering the correct login details must grant the application required access.
The application itself never needs to see or save the user’s password. Additionally, the OAuth system supports multi-factor authentication and other security improvements.
Microsoft has disabled basic authentication for all Microsoft Office 365 users sometime in 2022. While there was a transitional period when admins could still re-enable it, I believe that as of 2024 it is only possible to enable basic authentication for SMTP (Microsoft 365 admin portal > Users > Active Users > username > Mail > Manage Email Apps > Authentication SMTP).
IMAP now requires modern OAuth authentication without exceptions.
Going back to my client, his email software didn’t support OAuth and was trying to use basic authentication which Microsoft was rejecting. The user didn’t want to use webmail and didn’t have a Microsoft Outlook license (by the way, Microsoft Outlook doesn’t actually support OAuth modern authentication for Office 365 IMAP / SMTP accounts, instead, it uses native Exchange protocol).
The solution was to download and install an up-to-date Thunderbird mail client. Thunderbird supports Microsoft Office 365 IMAP/SMTP accounts with OAuth and even finds all the server details by itself.
You can also use native Exchange / Office 365 protocol, avoiding IMAP/SMTP completely. But this requires a paid add-on (Owl).
