Important update for Exchange Online users – Changes to SMTP authentication
Microsoft has announced that Basic Authentication for SMTP client submission in Exchange Online will be retired in March 2026. This change affects all services that use SMTP AUTH with username/password, including our self-hosted password management solution if configured to send emails through Exchange Online.
Microsoft Announcement – Retirement of Basic Auth for SMTP AUTH
Want the full details? Click the link below!
Why OAuth isn’t a practical alternative for our use case
While Microsoft recommends OAuth 2.0 for SMTP authentication, it unfortunately is not a feasible option for our product:
- OAuth requires interactive user consent during the authentication flow.
- Our SMTP implementation is headless and fully automated, running in the background on customer infrastructure.
- Implementing and maintaining OAuth in this context would require secure storage and periodic refresh of access tokens, introducing complexity and potential points of failure for customers.
Because of this, we do not plan to support OAuth-based SMTP authentication in our product at this time.
Recommended alternatives for Microsoft 365 / Exchange Online users
To continue sending email notifications reliably, we recommend switching to one of Microsoft’s modern and supported options:
Microsoft Email Communication Service (ECS)
- Designed for application-to-person (A2P) email delivery.
- Fully managed, scalable and supports secure authentication.
- Ideal for password reset emails, alerts, and other transactional messages.
Microsoft High Volume Email (HVE)
- Suitable for sending large volumes of system-generated email.
- Requires setting up a connector in Microsoft 365 and assigning a static IP.
- More complex to set up, but powerful for larger installations.
We strongly recommend ECS for most customers due to its ease of integration and lower setup effort.
What you should do
If you’re currently using Exchange Online SMTP with Basic Auth in our product:
- Start planning your transition now.
- Evaluate ECS as the preferred alternative.
- Update your SMTP configuration accordingly before March 2026.
If you are using another SMTP provider (e.g. on-prem Exchange, Postfix, SendGrid, etc.), no action is required at this time. This change only applies to Exchange Online.
If you need assistance or have questions about how to reconfigure your setup within Netwrix Password Secure, please reach out via our support channel or community forum.
Need help?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Password Secure > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Password Secure > Ideas |
| If you have something cool to show… | Show everyone what you built: Password Secure > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!