Microsoft has announced the retirement of Basic Authentication for SMTP (SMTP AUTH) in Exchange Online—an important change that will impact many applications, devices, and on‑premises systems that rely on Basic Auth to send email.
Originally scheduled for retirement in early 2026, Microsoft published an updated deprecation timeline on January 27, 2026, giving organizations additional time to transition to modern authentication.
Here is the official statement from Microsoft:
“We understand that many customers continue to face real challenges modernizing legacy email workflows and need sufficient time to adopt viable, secure alternatives. Based on customer feedback and visibility into adoption progress, we are refining the Exchange Online SMTP AUTH Basic Authentication Deprecation timeline to provide clearer milestones and additional runway."
- Now to December 2026: SMTP AUTH Basic Authentication behavior remains unchanged.
- End of December 2026: SMTP AUTH Basic Authentication will be disabled by default for existing tenants. Administrators will still be able to enable it if needed.
- New tenants created after December 2026: SMTP AUTH Basic Authentication will be unavailable by default. OAuth will be the supported authentication method.
- Second half of 2027: Microsoft will announce the final removal date for SMTP AUTH Basic Authentication.
These updates are intended to give customers with tenants in our service (all cloud environments) more time to plan, validate, and deploy modern authentication alternatives, while maintaining a clear path toward stronger default security.”
Source: https://techcommunity.microsoft.com/blog/exchange/updated-exchange-online-smtp-auth-basic-authentication-deprecation-timeline/4489835
This change may affect Business Central, NAV, and other on‑prem applications, as well as multifunction devices and scanners that still rely on SMTP Basic Auth.
Below is a breakdown of what to expect and how to prepare.
What This Means for Business Central SaaS Customers
If your Business Central SaaS environment uses SMTP email accounts with Basic Auth, those accounts must be migrated to OAuth before March 1, 2026, to avoid disruptions.
Not affected
If you are using:
-
Current User email accounts
-
Shared Mailbox email accounts
-
These two options can also replace SMTP/OAuth email setups and are preferred configurations.
These already support modern authentication and are not impacted by the Basic Auth retirement.
What This Means for Business Central On-Prem (Versions 18–27+)
Business Central On-Prem versions 18 through 27+ support SMTP with OAuth using an Azure App Registration.
To prepare:-
- Reconfigure SMTP accounts to authenticate via OAuth
- Register an application in Azure AD
- Update BC SMTP settings with OAuth credentials
- SMTP Relay/Direct send noted below will work for BC18+ as well
Not affected
Environments that exclusively use:
- Current User email authentication
- Shared Mailbox accounts
Business Central 17 and Below + All NAV On‑Prem Environments
Older versions of Business Central and Microsoft NAV only support SMTP Basic Authentication, which means they cannot authenticate directly via OAuth.
However, there are several alternative options:
1. SMTP Relay through Microsoft 365 (Recommended for many on‑prem customers)
- Requires creating an Exchange Online connector
- Exchange must trust your public static IP address
- SPF records must be updated to authorize that IP
2. Direct Send via Microsoft 365
- Does not require authentication
- Only works for internal recipients within your tenant
3. Azure Communication Services (ACS)
Microsoft provides an SMTP compatible service through ACS that uses modern auth.
4. Use a third‑party email service
Many external providers (e.g., SendGrid) will continue to support SMTP submissions with Basic Auth or offer API‑based alternatives.
5. Use an on‑prem SMTP relay
This can include:
- An on‑premises Exchange Server
- Third‑party SMTP relay software installed locally
Don’t Forget About Multifunction Devices & Legacy Systems
Printers, copiers, scanners, and older applications often use SMTP Basic Auth for:
- Scan‑to‑email
- Alerts & notifications
- System‑generated messages
Many vendors have already released firmware updates to support OAuth or other modern auth methods—check with your device provider before the cutoff date.
Summary
With Microsoft’s updated retirement timeline, organizations now have additional flexibility:
- Basic Auth SMTP continues through December 2026.
- It becomes disabled by default for existing tenants at the end of 2026.
- New tenants after 2026 cannot use Basic Auth at all.
- Final removal date will be announced in 2H 2027.
However — Basic Auth is still going away, and planning should continue.
Whether you’re running Business Central SaaS, Business Central On‑Prem, older BC versions, or NAV, transitioning to OAuth or a supported relay method ensures uninterrupted email workflows and alignment with Microsoft’s security standards.
