Basic Authentication Access for Office 365 and G-Suite Email accounts

What’s this about?

Both Microsoft and Google are improving security for users by disabling older and less secure methods of authentication (‘Basic Authentication’ and ‘Less Secure Access’ respectively) for their cloud offerings.

What is Microsoft changing?

There’s an announcement from Microsoft available, about Exchange Online Deprecating Basic Authentication.

Please note that due to COVID-19 they have also released an April 2020 Update about their plans:

“In response to the COVID-19 crisis and knowing that priorities have changed for many of our customers we have decided to postpone disabling Basic Authentication in Exchange Online for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation. We will continue to disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage starting October 2020.”

“This change only affects commercial M365 at this time, not our consumer service users. It impacts Exchange ActiveSync (EAS), IMAP, POP, and Remote PowerShell.

Microsoft are taking a gently-gently approach too. From their article:

“Please note this change does not affect SMTP AUTH – we will continue supporting Basic Authentication for the time being. There is a huge number of devices and appliances that use SMTP for sending mail, and so we’re not including SMTP in this change – though we are working on ways to further secure SMTP AUTH and we’ll share more on that in due course.” See their ‘Improving Security Together’ article for more information.

What is Google changing?

Delayed until further notice: note that due to COVID-19, Google has announced that this will be delayed until further notice.

There’s an annnouncement from Google available, about Turning off less secure app access to G Suite accounts.

Starting in June 2020, Google will limit the ability for less secure apps (LSAs) to access G Suite account data. From their article:

  • After June 15, 2020 - Users who try to connect to an LSA for the first time will no longer be able to do so. Users who have connected to LSAs prior to this date will be able to continue using them until usage of all LSAs is turned off.
  • After February 15, 2021 - Access to LSAs will be turned off for all G Suite accounts.

What does this impact with PaperCut?

  • Email to Print: will be impacted
  • Email notifications (under Options → Notifications → SMTP Server Options): will be impacted if using gmail for SMTP.
  • Scan to Email: will be impacted if using gmail for SMTP.
  • Scan to OneDrive, Scan to Google Drive: will not be impacted - we already use OAuth2.0.
  • Google Single Sign on (see here for what that is): will not be impacted.

What is the plan?

We are working on a fix for PaperCut authenticating to your email service - which will be ready prior to the deadlines listed above.

We’ll update this page as we have more information.

Still have questions?

Let us know! We love chatting about what’s going on under the hood. Feel free to leave a comment below or visit our Support Portal for further assistance.

Categories: Known Issues, Authentication

Keywords: microsoft authentication, google authentication, oauth, basic access, less secure access,