You are viewing limited content. For full access, please sign in.

Question

Question

Microsoft Deprecation of Basic Authentication

Administration
Updated December 9, 2022
asked on December 9, 2022

Hello, I'm trying to confirm if this change to email security that Microsoft is enforcing December 31st will affect Workflow/Forms ability to send basic email notifications from an O365 email account.  We have several customers on version 10.4 that rely on email notifications from Workflow and Forms.

 

This kb article (https://support.laserfiche.com/kb/1014391/deprecation-of-basic-authentication-in-exchange-online ) makes it sound like it will only affect Workflow's ability to create exchange items and the Forms email approval server.  From what I can tell, it doesn't even look like version 11 of WF config manager and Forms Email Notification page has the option to configure it with OAuth.

 

We're in the process of scheduling upgrades to version 11 for these customers but need to know if there will be additional configuration required to make sure the email notifications don't stop after Dec 31st.  

 

Thanks!

1 0

Replies

replied on December 9, 2022

The article details functionality affected by the deprecation of basic authentication for IMAP (which is used in Forms for direct approval emails and Email Archive to connect to an Exchange mailbox)  and Exchange Web Services (EWS) (which is used in WF to connect to Exchange in the activities that interact with a calendar).

The article also explains that most Laserfiche products use SMTP to send emails and are not affected because Microsoft has not deprecated basic authentication for SMTP. There are, however, additional security measures that Microsoft recommends for hardening security for your mail server for SMTP connections. A link to Microsoft's recommendation is provided in the article.

0 0
replied on December 9, 2022

Hey Miruna, thanks for the quick response.  You mention that most LF products use SMTP to send out notifications but in this article, Microsoft does state this:

"We're also disabling SMTP AUTH in all tenants in which it's not being used."

I'm assuming this is also something we shouldn't be concerned with but just want to make doubly sure as we have several customers who will be very upset if their notifications go dark on January 1st 2023

0 0
replied on December 9, 2022

You shouldn't be concerned. According to Microsoft, customers already using SMTP AUTH in their tenants will not have it disabled. Anyone whose notifications would "go dark" if SMTP AUTH were disabled should, by definition, not have it disabled.

On the off chance Microsoft screws up their rollout and inadvertently disables SMTP in tenants using it, I strongly suspect they will almost immediately receive a barrage of angry support tickets and rapidly revert the change.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...