north7
Field notes
M
Outbound link · From the field Microsoft Tech Community
https://techcommunity.microsoft.com/

A short reaction to a long-awaited removal — and the thing that comes next, which nobody is talking about yet.
Commentary

Microsoft kills basic auth, finally. Some thoughts.

north7 · 3 min read · 14 May 2026

The retirement was announced years ago. The retirement happened gradually. The retirement is now, finally, done, and most of us have a single SMTP relay or a forgotten LOB app that hasn’t noticed.

A few thoughts, while the dust settles:

  • The replacement isn’t OAuth2. The replacement is OAuth2 and a tenant policy that requires it. If you only do the first half, the next “temporary” exception will quietly become a permanent one.
  • The help desk knows. The help desk has been telling you about the one app that “still needs basic” for two years. Believe them and give them air cover to break it on a schedule.
  • The audit trail matters more than the cutover. When the auditor asks why your basic-auth coverage report shows zero, you want a paper trail of attempts, exceptions, and closures — not a single email saying “done.”

Read the original post for the official timeline. Read your sign-in logs for the unofficial one.