Exchange Online (Microsoft 365, Outlook.com) will stop working with Dolibarr (IMAP-connection to read E-Mails) from September

Hi there,

I just came across this article from Microsoft: Deprecation of Basic authentication in Exchange Online | Microsoft Docs

This affects Exchange Online, which you may have come across under various names like Outlook.com or Microsoft 365.

In their language: they will deprecate “basic authentication” end of September 2022 and only support “modern authentication”.

What this really means: It will be impossible to connect with an IMAP account as before (using username and password), but it will be mandatory to use OAuth2 authentication. Currently they still make an exception for SMTP (sending emails), but reading emails via IMAP, as it is done by the email collector, will not work any more from October onwards. And it is unclear, how long the exception for sending mails will last.

I have worked with the Microsoft IMAP protocol in the past - and found that, like some other big companies, they care little about fully complying with the standards, to phrase it in a friendly way. So it comes with little surprise, that they take away the choice from their users to use authentication methods defined in the IMAP standard (and combined with TLS and app specific passwords, they can be considered secure) but rather force a method, which is under full control of Microsoft. We will see what kinds of certifications are required long term to have the OAuth2 client access authorized by Microsoft, Google has already a (very expensive) program in place, requiring a paid source code review by a licensed third party to be able to access Google with OAuth2.

What are your thoughts? Are many users out there using Exchange Online in combination with Dolibarr?

Joachim

Hi,
yes i am using Exchange Online with IMAP, i was able to extend the use of IMAP, but Microsoft will force to shut it down within the next 7 Days, i read in the “New Feature List of Dolibarr Version 17” that OAUTH2 will be available, in the meantime i am thinking of redirekting the Mails to a provider which still uses the basic athentication.