Microsoft has announced that it will permanently discontinue Basic Authentication for SMTP AUTH (Client Submission) in Exchange Online. While this may sound like a minor technical change happening behind the scenes, it can have real and immediate consequences for organizations that automate email
through Microsoft 365. This also affects users of Advanced-Forms®.
What exactly is changing?
As of March 1, 2026, Microsoft has begun gradually blocking email connections that still rely on Basic Authentication. On April 30, 2026, this method will be fully disabled. Applications or systems that continue to sign in via smtp.office365.com using only a username and password will simply no longer be able to connect. Emails sent this way will be rejected.
Why is Microsoft making this change?
Basic Authentication is an outdated sign-in method where a username and password are transmitted with every connection. Although it has long been the standard, it carries significant security risks. Credentials can be intercepted or misused.
To address this, Microsoft is moving to modern authentication using OAuth 2.0, which works with secure tokens instead of static passwords. This significantly improves security.
From a technical perspective
Microsoft is also encouraging organizations to adopt Microsoft Graph, the modern API layer of Microsoft 365. While SMTP is primarily designed for the technical delivery of email, Microsoft Graph provides a more secure and future-ready way to interact directly with Microsoft 365 services, including email functionality.
What steps should you take?
To avoid surprises, we recommend the following approach:
1. Check whether Basic Authentication is still being used
Within Microsoft 365, you can use the SMTP AUTH Clients Report to identify which mailboxes or applications are still relying on this authentication method.
2. Move to OAuth (preferred solution)
If your application supports OAuth, this is the best and most future-proof option.
For Advanced-Forms® users, this typically means:
- Upgrading the software if necessary;
- Adjusting the configuration.
3. Consider Microsoft Graph as a modern alternative
In addition to SMTP with OAuth, Advanced-Forms® also supports sending email through Microsoft Graph. This is Microsoft’s latest technology for communicating with Microsoft 365.
Benefits of Microsoft Graph include:
- Fully based on modern authentication (OAuth 2.0);
- No dependency on traditional SMTP AUTH;
- Better alignment with future Microsoft 365 developments.
For organizations looking to build a future-proof architecture, Microsoft Graph is a logical next step.
What does this mean for Advanced-Forms® users?
Advanced-Forms® often plays a key role in digital processes. Think of form submissions, confirmation emails to customers, internal notifications, workflow alerts, or automatically sending documents. Behind all these actions is an email integration. In many environments, this integration currently runs through Microsoft 365 SMTP using Basic Authentication.
As long as this setup remains unchanged, everything may appear to function normally for now. However, after April 2026, forms may still be submitted successfully while confirmation emails or internal notifications are no longer delivered. In other words, processes might seem to work, but communication stops. That is exactly the risk of this change: it is not a visible system failure, but a silent disruption in email delivery.
Organizations therefore have several options:
- Continue using SMTP, but switch to OAuth 2.0;
- Move to sending email via Microsoft Graph;
- Switch to an external email provider
OAuth 2.0 and Microsoft Graph are already available
Within Advanced-Forms®, OAuth 2.0 has already been implemented for quite some time. Transitioning to modern authentication can therefore be done within the existing software environment. There is no need for an external solution or alternative email service.
In addition, Advanced-Forms® supports sending email via Microsoft Graph, allowing you to leverage Microsoft’s latest technology for handling email within Microsoft 365. This offers additional future-proofing and aligns well with modern cloud architectures.
It is important, however, to run a recent version of the software. We recommend using at least version 2023.7.2 or higher. In older environments, the configuration may still rely on Basic Authentication. Reviewing your current SMTP or Graph settings is therefore strongly advised.
Why take action now?
The phase-out process has already begun. Since March 1, 2026, Microsoft has been gradually blocking connections that still use Basic Authentication for SMTP AUTH. This means organizations may already experience disruptions if their configuration has not yet been updated. Waiting until April 30, 2026 — when Basic Authentication will be completely disabled — introduces unnecessary risk.
Because this change can affect automated email processes, it is important to gain immediate insight into your current configuration. Reviewing SMTP or Graph settings, performing any required software upgrades, and testing OAuth 2.0 all take time. Addressing these steps now helps prevent disruptions in confirmation emails, notifications, and workflow communications.
This change is also part of a broader shift. Basic Authentication is being phased out in other Microsoft products as well, including SharePoint Server. Although no final end date has been announced there yet, the direction is clear: modern authentication is no longer optional. It is becoming the standard.
What does this mean in practice?
The bottom line is straightforward: if Advanced-Forms® sends emails through Microsoft 365 using only a username and password, this must be updated before April 30, 2026. The configuration needs to be switched to OAuth 2.0 or replaced with email delivery through Microsoft Graph. Organizations that make this change in time will likely notice no disruption at all. Those who do nothing, however, risk automated emails stopping without immediate visibility.
If you have questions about your specific situation or want to confirm whether your environment already uses OAuth 2.0 or Microsoft Graph, feel free to contact Quadira Support or Sales. We are happy to review your setup so your forms continue to communicate smoothly in 2026 and beyond.
English 
Nederlands