Microsoft 365 SMTP OAuth Configuration

Deprecation of Basic Authentication in Microsoft 365

As part of Microsoft’s ongoing security enhancements, Basic Authentication in Exchange Online (part of Microsoft 365) will be fully deprecated and disabled by March 2026. (See Microsoft’s official announcement.)

Impact on Tenable Identity Exposure

Tenable Identity Exposure includes a feature that delivers email reports and alerts. If you currently use Basic Authentication to connect to Microsoft 365 for SMTP, you will no longer receive email reports or alerts from Tenable Identity Exposure after Basic Authentication is disabled.

To prevent any disruption, Tenable Identity Exposure supports OAuth, Microsoft 365’s modern and secure authentication protocol. Tenable Identity Exposure strongly recommends that you prepare for this change to ensure continued access to email notifications.

Use the following procedures to configure SMTP OAuth authentication in Microsoft 365 to enable secure email sending capabilities in Tenable Identity Exposure.

Prerequisites

  • Microsoft 365 Administrator access

  • PowerShell with administrator privileges

  • Active Microsoft 365 tenant

  • Installed PowerShell module ExchangeOnlineManagement [see step 6]

  • Installed PowerShell module ExchangePowerShell [see step 6]

OAuth Configuration