Microsoft has been tightening the security of their email services over the last several months, and plans to continue this trend.  Programs that use Microsoft Exchange/Office 365 accounts to send email may encounter difficulty, even if nothing has appeared to change.

Microsoft is making two significant changes:

• They are requiring a secure, encrypted connection between a mail sender and Microsoft’s servers, using TLS 1.2 or more recent standards.  This may mean that older versions of programs, including some older unsupported Sage programs, may be unable to connect and send or receive email if they use unencrypted connections, or connections that rely on older encryption, like SSL, TLS 1.0 and 1.1.
• They are requiring a newer authentication protocol for mailing programs to identify the account they are sending/receiving from.  This is a much more difficult change, and some mail senders (like office scanners, phone systems, and security devices) may not ever support this.  As a result, Microsoft is allowing this requirement to be bypassed per-account through settings in Exchange/Office administration for SMTP (the mail sending protocol).

Each of these changes may require different actions on your part if you use Microsoft accounts to send mail, especially from older versions of software.

For (1), be sure you are running a current and supported version of software that sends mail, and confirm with the software publisher/author that it supports “TLS 1.2” encrypted connections.

For (2), you will need to contact your IT/Email support team to ensure that “Legacy Authentication” is allowed for sending accounts.  (This is part of the Microsoft account setup.)  Alternatively, new applications may support “OAUTH 2” authentication.

There are some other technical alternatives to each, which introduce additional complexity and have different risks, depending on the situation. Among these are:

• Using a local proxy service to support non-TLS 1.2 connections
• Obtaining premium email delivery services from a provider other than Microsoft.

Contact your application or IT support team for more information or assistance.  If you use Microsoft accounts to send email, this is best addressed quickly, to avoid an expected loss of outbound email service.

Microsoft references:

• TLS 1.0/1.1 Disablement: https://docs.microsoft.com/en-us/lifecycle/announcements/transport-layer-security-1x-disablement
• Basic Authentication Depreciation: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

In many cases, these changes are being enforced at different times for different customers.