Deprecation of Basic authentication in Exchange Online

Microsoft is deprecating Basic authentication in Exchange Online, as announced here:  https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

“This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication. For example, OAuth access tokens have a limited usable lifetime, and are specific to the applications and resources for which they are issued, so they cannot be reused. Enabling and enforcing multifactor authentication (MFA) is also simple with Modern authentication.”

Implementing OAuth 2.0 authentication from a web app or from a desktop application is relatively easy.  The technical implementation is the same, regardless of the OAuth2 server (such as Microsoft, Google, etc.).  First, you must define an “App” on your resource server.  In the case of Microsoft, it’s to login online to the Azure Portal, go to Azure Active Directory  –> App registrations, and define an App, as shown here:

 

To get the initial OAuth2 access token, you’ll need values for the following:

  • Authorization Endpoint:  This is the URL to begin the Authorization Code Flow  (see https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow )  It is https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
  • Token Endpoint: This is the URL to complete the Authorization Code Flow.  It is https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
  • Redirect URI: This is the URL where the response from the browser is redirected.  For desktop applications, it will be of the form:  http://localhost:<portNumber>/
  • Scope:  This is a SPACE separated list of access permissions being requested.

Conceptually, it is easy.  However, the extreme complexity has to do with your Microsoft Account, the App you defined in Azure Active Directory, how you setup the App, permissions, scopes, etc.

Getting an OAuth2 token is easy.

And Chilkat can help with the mechanism for getting the OAuth2 token.

Getting an OAuth2 token that has the necessary access permissions
to do what you want in the specified Microsoft Account is NOT easy.

Unfortunately, Chilkat cannot help with your Microsoft Account, tenants, permissions, ACLs, settings, options, etc. that are found within Azure Portal, and supposedly are related to a particular email account to allow you to send or read email.  You’ll need a Microsoft consultant to help understand your Microsoft Account..