Microsoft 365 is Retiring SMTP Basic Authentication

Microsoft is retiring Basic Authentication for SMTP connections across Microsoft 365 accounts. By September 2025, support will be discontinued completely. Any website that sends email through Microsoft 365 using SMTP will need to switch to OAuth 2.0 for authentication. If not updated, affected emails will fail to send.

This applies to any website using a Microsoft 365, Outlook.com or Hotmail.com mailbox to send automated emails like contact form submissions, auto-replies, booking confirmations via SMTP.

What’s Changing

Basic Authentication uses static credentials, usually just an email address and password, to send mail. OAuth 2.0 replaces this with a token-based system that doesn’t transmit login credentials directly. Microsoft is phasing out Basic Authentication to prevent potential misuse and improve security across its platform.

The change affects:

• WordPress websites using SMTP plugins such as WP Mail SMTP, FluentSMTP, Post SMTP and similar
• Custom-built systems or applications integrated with Microsoft 365 for outbound mail
• Any SMTP setup using Microsoft 365 credentials without OAuth

Platforms like HubSpot or Mailchimp send emails through their own mail servers and won’t be affected in most cases. However, if any of these services are configured to send through Microsoft 365 using SMTP login credentials, you’ll need to update those connections too.

What Could Happen If No Action Is Taken

If your website is still using Basic Authentication after Microsoft disables it, emails sent through Microsoft 365 won’t send. This won’t result in any visual errors on the site. Forms will continue to load and appear to work as expected, but the emails will not be delivered. Unless someone checks the logs or regularly tests submissions, the issue may not be picked up straight away.

What You Should Do

If you’re using Microsoft 365 to send emails from your website, we recommend the following steps:

• Check if your SMTP setup is still using Basic Authentication
• Update your site or plugin configuration to use OAuth 2.0
• Make sure your plugin or integration supports OAuth (many have released patches to support it)
• Test form submissions and email notifications after applying changes

Sites with older codebases or complex integrations may need more work to complete the switch, so it’s worth reviewing well ahead of the deadline.

Support for Clients Making the Transition

If you’d like support with this change, DesignerNest offers a fully managed SMTP service. We handle the setup, testing and ongoing updates to make sure your website emails continue working as expected.

If you’d prefer not to use our SMTP service, we recommend speaking to your IT provider to make sure an OAuth 2.0-compatible solution is in place before September 2025.