Microsoft is retiring Basic Authentication for SMTP AUTH in Exchange Online. If your applications still connect to smtp.office365.com using a stored username and password, those connections will stop working.
Exchange Online historically supported SMTP submission using either Basic Authentication (username and password) or Modern Authentication with OAuth 2.0. Microsoft is removing the first option, requiring applications to move to OAuth.
From a security perspective, this makes sense. Static credentials are difficult to manage and easy to exploit, whereas token-based authentication better aligns with modern identity standards. However, the reality for many organisations is very different.
Many systems do not support OAuth or Microsoft Graph. Printers, ERP systems, monitoring tools and legacy business applications often only support SMTP AUTH. When Microsoft disables Basic Authentication, those systems suddenly lose their ability to send email. For many IT teams, the question is therefore not architectural theory. It is much simpler:
How do we keep our systems sending email safely without rebuilding them?
The practical problem: many systems only support SMTP
Across most organisations, there are dozens of systems that send automated email. Think of:
- ERP systems sending invoices
- CRM platforms sending notifications
- Monitoring tools sending alerts
- Multifunction printers sending scan-to-email messages
- Legacy applications built years ago
Many of these systems only support SMTP authentication with username and password. They cannot use OAuth or connect via Microsoft Graph. Once Microsoft disables SMTP AUTH in Exchange Online, these systems will no longer be able to send email through Microsoft 365.
Replacing or rewriting those systems is often unrealistic. Some of them are deeply embedded in operational processes and have limited integration options. This is where organisations need a practical and secure alternative.
A practical solution: keep SMTP, move the delivery layer
Spotler SendPro allows these systems to continue sending email via SMTP AUTH, but through a secure delivery layer that sits between your applications and the email ecosystem.
Instead of authenticating directly to Exchange Online, applications send email to SendPro. SendPro manages authentication, delivery, retry logic, bounce handling and reputation management.
This means legacy systems can continue to use SMTP while the underlying infrastructure remains secure and controlled. In other words: you do not have to redesign every system that sends email.
More than an SMTP relay
SendPro is not just an SMTP relay. It can also integrate directly with Microsoft 365 or Exchange via mail flow connectors. This means SendPro operates at the infrastructure layer of your email environment rather than at the application layer.
With this model, Exchange can route selected mail flows through SendPro while maintaining Microsoft’s internal trust model. Internal Exchange headers can remain intact, allowing messages to continue being recognised as internal communication where appropriate.
This prevents a common problem seen with external relays or transactional email platforms. When messages are routed through those services, they are often treated as external mail by Exchange. That can trigger additional filtering, warning banners or distribution list restrictions. With connector-based integration, internal communication can remain internal. The result is less operational friction and fewer false positives in security filtering.
Infrastructure integration instead of app integration
Most transactional email providers operate at the application layer. They expect systems to authenticate using API keys or SMTP credentials. Documented SMTP integrations are typically credential-based, using API keys or tokens that function as passwords.
This works well for applications, but it does not fit well with how enterprise email infrastructure is usually integrated.
Enterprise IT teams often prefer connector-based trust relationships based on IP, TLS or certificates. This allows explicit trust boundaries and centralised configuration without relying on application credentials.
SendPro supports this infrastructure model. Instead of distributing credentials across multiple systems or relying on plugins, the integration can be configured once at the mail-flow level. Exchange routes traffic according to defined policies, and SendPro handles delivery and reputation management.
For many organisations, this aligns much better with how secure email infrastructure is normally designed.
Decoupling without breaking Exchange
Traditionally, applications send mail directly to Exchange using SMTP authentication. With Basic Authentication being removed, those applications must either support OAuth or stop sending mail.
By introducing SendPro as a delivery layer, that dependency is removed.
Applications send to SendPro using SMTP. Exchange can route traffic through SendPro using connectors. Transactional email flows are separated from user communication, while internal trust handling remains intact. This creates a cleaner architecture.
Transactional workloads are isolated. Reputation can be managed independently. Delivery behaviour becomes observable and controllable.
At the same time, employees continue using Exchange exactly as before.
A strategic opportunity
Microsoft’s SMTP AUTH deprecation forces organisations to make a change anyway. Some will simply update authentication where possible.
Others will use this moment to rethink how outbound email is handled across their organisation.
Instead of treating transactional email as a side effect of Exchange, it can be managed as a dedicated infrastructure layer.
With SendPro, organisations can:
- Keep legacy systems sending email via SMTP in a secure way
- Integrate with Microsoft 365 using mail-flow connectors
- Preserve internal email trust and avoid unnecessary filtering
- Separate transactional workloads from user communication
Microsoft’s decision is about authentication. The real opportunity is architectural.
If you want to maintain compatibility with existing systems while gaining more control over how your organisation sends email, this is the moment to evaluate how SendPro fits into your mail flow.
Source: Updated Exchange Online SMTP AUTH Basic Authentication Deprecation Timeline
