In the second half of 2021, Microsoft stopped supporting basic authentication for Exchange Web Services (EWS) to access Exchange Online. Basic authentication was replaced with modern authentication (based on OAuth 2.0). Please see Exchange Online deprecating Basic Authentication - Microsoft Lifecycle | Microsoft Docs for more details.
Starting from the 8.3.0 version Cayosoft Administrator uses only modern authentication for Exchange Online-related operations (like mailbox management) and requires Exchange Online PowerShell Module (EXO V2).
So, if you use an SMTP server other than office365.smtp.com, you can block basic authentication via the Conditional Access Policy (CAP): Block legacy authentication - Azure Active Directory - Microsoft Entra | Microsoft Docs.
According to the Microsoft article, after October 1, 2022, basic authentication will be deprecated but email notifications through SMTP will continue working in your tenant: Basic Authentication Deprecation in Exchange Online – May 2022 Update - Microsoft Tech Community. It means if you use Microsoft 365 SMTP server for email notifications and can't create such a CAP to block basic authentication after October 1, 2022, you should not see basic authentication sign-in events in the Azure AD sign-in logs.
Please sign in to leave a comment.