Introduction

Microsoft is retiring Basic Authentication for SMTP Auth in Exchange Online, effective March 1, 2026. After this date, Microsoft will permanently disable Basic Authentication for client SMTP submission, requiring the use of modern authentication methods such as OAuth 2.0. 

Spindle Self Serve uses SMTP Auth to send email notifications, as of version 1.7.8 the below method will be required to configure the OAuth SMTP connector to use Exchange Online endpoints. 

Applies to

Spindle Self Serve v1.7.8 onwards

Resolution

 3.Take a copy of your <client-id> and <tenant-id>.

Add the SMTP.SendAsApp permission

10. Scroll down and Tick SMTP.SendAsApp

12. Open Windows Powershell and run:

 

• Install-Module -Name ExchangeOnlineManagement
• Import-module ExchangeOnlineManagement 
• Connect-ExchangeOnline -Organization <tenant-id>

Keep this powershell open – we will run more commands in here soon.
 

14. Copy your <application-id> and <object-id>.
These may be different to application and object ids listed elsewhere, it is important you get them from here.

 

15.In the same powershell as earlier run:

 

• New-ServicePrincipal -AppId <application-id> -ObjectId <object-id>
• Get-ServicePrincipal | f

l

16. Copy the <sid> and run the command below:

 

• Add-MailboxPermission -Identity <email-address>  -User <sid> -AccessRights FullAccess

17. In the same powershell as earlier run:

 

• Set-CASMailbox -Identity <email-address> -SmtpClientAuthenticationDisabled $false
• Get-CASMailbox -Identity <email-address>  | Format-List SmtpClientAuthenticationDisabled

18. The details you will need to enter into S3 Settings > Advanced > Email Settings:

 

• <email-address> (Username)
• <client-id>
• <tenant-id>
• <client-secret>

Knowledge Base Article Details