General Consultant Discussion

 View Only
Back to discussions
Expand all | Collapse all

Office 365 Basic Authentication Deprecation: KB Published

  • 1.  Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-16-2022 23:33
    Edited by George Khairallah 08-31-2022 01:15
    We have just concluded testing a few scenarios for workarounds regarding the Basic Authentication and TLS1.0/1.1 deprecation and have published a detailed article for our customers. Thought I'd share this here, as some here might find it useful as well. 

    We have included information on using SMTP2GO, SendGrid, and Office365 Relay, of course, with the first recommendation being to upgrade to a supported version of Sage.

    While we couldn't necessarily mimic exactly what Microsoft will be doing on October 1st, we have gone through some rigorous tests by altering certain settings in Office 365 tenants, like turning on/off security defaults on the domain and other controls that would enable/disable Basic Authentication and observed the behavior in all scenarios. 

    The recommendations in the below KB have been tested successfully with Basic Authentication turned off. 

    https://support.gotomyerp.com/portal/en/kb/articles/office-365-basic-authentication-deprecation-and-emailing-from-hosted-applications

    One additional question we were trying to answer is whether the legacy-smtp.office365.com will still work as per this KB and this article. 
    We found that while the legacy-smtp option will still be possible, it will only allow the tenant to revert back to using TLS 1.0/1.1 at their own risk but does not allow for Basic Authentication. So this will not be a viable option for a workaround. (We are not 100% sure of this, but based on our testing so far, we think that this is the case)

    Hope you find this useful. If anyone has any additional useful information, I'd be happy to take it to our team to update this KB, if you would find it useful as a general resource for these workarounds.

    UPDATE (08/30/2022): We had a client with Sage 100 2021 Premium PU1, and they were able to configure OAuth successfully (without installing PU4). 
    Also, we have amended the article the KB article with the following. we're not sure if this was specific to this client. But in case anyone faces the issue, try this: 

    In addition, it appears that (at least on Server 2016), the OAuth process from within Sage (with PU1) is spawning Internet Explorer, which will work ok, but make sure that you have TLS1.2 enabled in the Advanced Settings in Internet Options, or the redirect will result what looks to be a DNS failure with a "This page can't be reached" message.

    Cheers,

    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------


  • 2.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-17-2022 08:26
    Great stuff @George Khairallah!!!  Thank you very much for taking the time to put this together and share with the rest of us non-IT people.​

    ------------------------------
    Brian Kelly
    Accounting Systems, Inc. (ASI)
    ------------------------------



  • 3.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-17-2022 17:14
    Great job @George Khairallah!

    A couple FWIW

    1. Sage has an Aug 23, 2022 webinar scheduled - Sage 100 and Sage 300: TLS and Basic Authentication
    Tue | Aug 23 | 11 am PT/2 pm ET | 1 hr.

    2. Sage has a public page on the TLS and OAuth changes here -Sage 100 upgrade information

    3. Sage continues to update various internal only FAQ in the Sage Partner Hub with new dates and presumably updated info regarding this issue.

    I think it is worth noting that the TLS 1.2 issue may be of more importance since I'm not sure there will be a workaround when Sage requires TLS 1.2 for license check ins. And the TLS compatibility requirement is at a lower Sage version than the OAuth compatibility ( source - Sage )


    ------------------------------
    Wayne Schulz
    wayne@s-consult.com
    Schulz Consulting
    (860) 516-8990
    Moodus, CT
    ------------------------------



  • 4.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-19-2022 14:07
    Hi George
      Your link goes "nowhere" for me.  Is there I way I can see the writeup?  I am very interested in the use of SMTP2go..

    Thanks in advance!

    ------------------------------
    Bob Osborn
    Consultant
    ACI Consulting
    ------------------------------



  • 5.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-19-2022 14:10
    Maybe try a different browser? I just tried it and it's working. 
    What do you get when you go to it?

    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 6.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-19-2022 19:41

    HI George,

      Very odd.  Something in my network.  I get the "Hmmm....  Can't reach this page" message no mater what brouser.  Tried on a client remote and was able to open it ok.  Thanks!!

     

    Thank you,

     

    Bob Osborn

    ACI Consulting

    p 714.282.0378    f 714.282.0235  Direct 714.439.9467

     

    Bob@ACIconsulting.com

     

     ACISignature1                  

    This communication, including attachments, is confidential and may contain proprietary information intended only for the proposed recipient. Please notify the sender and delete this message if you believe that you have received this message in error or if you are not the proposed recipient. Unauthorized disclosure, copying, or distribution of the information is strictly prohibited.

     




    Original Message


  • 7.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 08-19-2022 19:46
      |   view attached
    Wonder if something is going on with your DNS that could be blocking ¯\_(ツ)_/¯

    In any case, I've saved the article as a PDF (attached)  in case you would like to download it for offline reference. The PDF formatting is slightly wonky, but I think it'll have the necessary info.


    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 8.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 14:18

    @George Khairallah references smtp.office365.com above.  I'm wondering what folks have been telling clients re: OAuth when using this in Comp Maint.​  To me that says "Office365", therefore web-based e-mail, therefore they may be impacted.  However, I've also heard others looking at that and saying, "oh, traditional smtp, they should be fine".



    ------------------------------
    Brett Zimmerman
    Net at Work
    Greater Boston Area
    ------------------------------

    Original Message


  • 9.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 14:36
    Edited by Kevin Moyes 09-14-2022 14:37
    SMTP is a protocol, like HTTP, FTP, POP, IMAP...
    Office 365 services can be connected with using multiple different protocols.
    Sage Paperless emails are sent using the SMTP protocol (not IMAP...).
    Sage Partner Hub has the latest news (...Wayne posed a copy in the "Sage Issues OAuth Update" thread).


    ------------------------------
    Kevin Moyes
    Technical Systems Analyst
    Munjal White Consulting Co.
    ------------------------------

    Original Message


  • 10.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 15:49
    Brett, I'm not 100% sure I understand your question, but I will provide some info anyway. Hopefully, it'll address some or all of your concerns.

    I think there is confusion in general because many users don't really understand the nuances. Because of the different variants within each tenant (for example: do they have "Security Defaults" enabled on their tenant?  

    If Security Defaults are enabled, then you cannot turn ON Basic Authentication, even before October 1st,
    If Security Defaults are disabled, then Basic Authentication will be enabled before October 1st (and now December 31st. if opted out), and use a 2FA App Password to still authenticate without Modern Authentication (OAuth)"

    After October 1st (or December 31st), none of the above will work anymore, regardless of your tenant settings, and the only options will be OAuth or a 3rd party SMTP Server (i.e: SMTP2Go). 

    Sage customers using paperless will be affected by the above. 
    3rd party solutions within Sage that have their emailing systems will also be affected by the above. 

    All of the above may still use a 3rd party SMTP workaround per the article we published, so the instructions we have on the KB don't only apply to Sage, but any product that may not yet support OAuth.

    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 11.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 16:21
    Where does SMTP AUTH Fit into this scenario? Is SMTP AUTH another name for SMTP Relay?
    Microsoft's latest postings indicate SMTP AUTH will still be around.

    ------------------------------
    Wayne Schulz
    wayne@s-consult.com
    Schulz Consulting
    (860) 516-8990
    Moodus, CT
    ------------------------------

    Original Message


  • 12.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 16:49
    SMTP Auth is a checkbox option enabled through https://admin.microsoft.com/ by whoever administers your email.



    ------------------------------
    Kevin Moyes
    Technical Systems Analyst
    Munjal White Consulting Co.
    ------------------------------

    Original Message


  • 13.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 17:21
    Ok, so I discussed this internally to clarify my understanding. This is indeed confusing!   So, bear with me... 

    Modern Authentication (OAUth) 

    Think of this as the "Mechanism" used to authenticate. (as opposed to Basic Authentication aka: Username and Password

    Authenticated SMTP (aka SMTP Auth), Exchange ActiveSync (aka EAS):

    Those are protocols that require an authentication method. 
    (I mentioned Exchange Active Sync, just so that we get away a bit from the source of confusion in terms, which is "SMTP Auth," but is really irrelevant to our current discussion.)

    Before October 1st, Authenticated SMTP and EAS, could use Basic Authentication. 
    After October 1st, when Basic Authentication is disabled, both of the protocols (SMTP Auth and EAS) will STILL work BUT will require Modern Authentication support (OAuth)

    Hopefully, this clarifies things a bit more.




    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 14.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 17:38
    Now I'm even more confused.  The Microsoft announcement practically equated "SMTP AUTH" with basic authentication for SMTP, explicitly stating that they won't enforce modern authentication for SMTP to allow older devices (incapable of OAuth) to continue functioning.


    ------------------------------
    Kevin Moyes
    Technical Systems Analyst
    Munjal White Consulting Co.
    ------------------------------

    Original Message


  • 15.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 17:46
    Edited by George Khairallah 09-14-2022 17:46
    I agree that this is confusing! and to be honest, I'm not entirely sure whether it will remain enabled by default on October 1st. this would just not make sense, because "disabling Basic Authentication" by definition means that it'll cripple older devices. 

    OR 

    You would need to temporarily extend the Basic Auth, per Microsoft' blog post, which would make the statement in the screenshot you shared, true (at least through December 2022)

    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 16.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 17:56
    Very confusing indeed!
    My understanding is that the Basic Authentication being disabled is everything other than SMTP (which can still be enabled for basic authentication, no stated time limit)... with the temporary reactivation applying to those other protocols (eg. you have an app that uses IMAP functionality, and need time to implement OAuth for that app).

    ... but of course, I could be wrong.
    *shrug*

    Sage's mea culpa seems to indicate Microsoft telling Sage specifically that Sage 100 email, using non-OAuth authentication, will still work fine after Oct 1st.

    ------------------------------
    Kevin Moyes
    Technical Systems Analyst
    Munjal White Consulting Co.
    ------------------------------

    Original Message


  • 17.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-14-2022 18:13
    Edited by George Khairallah 09-14-2022 20:40
    Hmm.. maybe? ... we're all shrugging over here as well! ¯\_(ツ)_/¯

    So if that is the case, and until Microsoft's next announcement to actually disable SMTP Auth (i.e: specifically for smtp outbound emailing), then all older devices that still use Basic Authentication as well as Sage 100 <2020.6 will still function without issue until further notice? 

    Would this be your understanding as well?

    ------------------------------
    George Khairallah
    CTO | gotomyerp, LLC
    george.k@gotomyerp.com |
    ------------------------------

    Original Message


  • 18.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-15-2022 10:01
    That is what I'm understanding George, yes... but it's hard to be sure at this point.
    *fingers crossed*

    ------------------------------
    Kevin Moyes
    Technical Systems Analyst
    Munjal White Consulting Co.
    ------------------------------

    Original Message


  • 19.  RE: Office 365 Basic Authentication Deprecation: KB Published

    Posted 09-15-2022 10:22
    So glad I inquired {eyeroll}.  :)

    ------------------------------
    Brett Zimmerman
    Net at Work
    Greater Boston Area
    ------------------------------

    Original Message


Related Content