Modern Authentication (Oauth) support for the Microsoft Exchange ActiveSync (e-mail, contacts, calendar)

Thank you lot for this! I had completely missed the fact that you could use a different authentication app for this.

My employer turned basic authentication off this morning and all calendar, email, and contact synchronisation stopped for my Exchange account in Sailfish. So can confirm: this MS change is breaking the Exchange feature in Sailfish.

2 Likes

My employer also switched to OAuth2, with no option to add device passwords. So I’m currently not able to access my work mail and calendar on my phone :frowning:

2 Likes

I wonder if there’s any update on this?

No news unfortunately, i suspect mfa requires a major upgrade in the exchange stack

2 Likes

Yeah, now that you mentioned, might be quite an undertaking; might be something that needs to be though through for other type accounts as well.

Thank you for the prod. As noted earlier, but just to reiterate, we’re aware of the importance of this issue, but I don’t have any updates for you at this time.

2 Likes

OK, I admit, this is just another ‘any news?’ post :slightly_smiling_face: But let’s pretend I have at least something to add: Microsoft will start disabling basic authentication on random tenants beginning October 11th, Basic Authentication Deprecation in Exchange Online – May 2022 Update - Microsoft Tech Community

Up until now MS has been disabling the feature on tenants where it’s not used at all. Tenant admins have obviously always had the option to disable it at will. After Oct 11th though, “There is no way to request an exception after October. Tenant selection is random, and we cannot put your tenant to the back of the queue to give you more time”.

As already discussed on this thread, please note that app passwords count as basic authentication as well, so that won’t help either.

4 Likes

Thanks again for the info. It’s always good to have as much clarity as possible and we appreciate any info shared on this topic. The impending cut-off is definitely something we’re conscious of.

4 Likes

I’m kind of curious how long it will take before this is fixed. I’d like to be able to use my phone again to check my work mail.

And the don’t offer Application passowrds?
Both outlook and business office365 allowed me to do that in account settings, then I could use that instead of password and it has been working great on SFOS since.

Somehow I am able to log in using thunderbird, but not using the mail client on Sailfish. I’m using the same username, password and server settings.

I don’t see application passwords in my Office 365 account settings, nor can I add a device in devices.

I can create an app password here, logged in with my work account: My Sign-Ins
Hope it works for you, as a temporary workaround. But yeah, I also hope they are able to introduce Oauth, so mail can work reliably for everyone.

1 Like

I’m also using app passwords. Since app passwords are application-specific, this could explain why the password you use for Thunderbird isn’t working on Sailfish @0nn0: you’d need to generate a separate password to use there.

2 Likes

Not all exchange setups allow app password tho, that’s my case for some time now.

3 Likes

I can’t find the option when I go to my account in the office 365 web environment for my company.

Some companies and institutions may have disabled this. This is the case for my university and its IT department is not willing to grant an exception to individuals, sadly.

2 Likes

I can edit the App-Passwords under Microsoft-Account → Security → Enhanced Security Options → App-Passwords (Create New or Remove).

But maybe this Security-Policy is controlled by your Administrator.

1 Like

My company uses “Conditional Access based multi-factor authentication policies”.
App passwords don’t work with Conditional Access MFA.

1 Like

For anyone interested in this topic, we plan to have some discussion about it in the Community Meeting tomorrow morning. Feel free to join us (or take a look at the minutes if you’re reading this after the event):