Sage 100

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

The Q&A from the Aug 30 2022 TLS/OAuth webinar - which are now available in Sage Partner Hub - started me thinking the issue might not be as broad as Sage made it out to be.

There were several instances such as when a customer was self-hosting Exchange that the OAuth issue did not apply ( or at least that was the answer ).

Should Sage have handles this better? Probably.

They pushed out several rounds of FAQ and held a webinar on the topic so there definitely was a lot of light shining on the issue.

My recommendation to customers is staying the same - you want to be on 2022.x if at all possible. If you can't get to 2022 get to 2021.

If you're hung at an older version due to some third-party solution then  you just made a bad life choice of ISV. Period.



There is 0.00% incentive to make Sage 100 an easy upgrade because doing so removes incentive to move to the cloud where upgrades happen seamlessly.

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

The Q&A from the Aug 30 2022 TLS/OAuth webinar - which are now available in Sage Partner Hub - started me thinking the issue might not be as broad as Sage made it out to be.

There were several instances such as when a customer was self-hosting Exchange that the OAuth issue did not apply ( or at least that was the answer ).

Should Sage have handles this better? Probably.

They pushed out several rounds of FAQ and held a webinar on the topic so there definitely was a lot of light shining on the issue.

My recommendation to customers is staying the same - you want to be on 2022.x if at all possible. If you can't get to 2022 get to 2021.

If you're hung at an older version due to some third-party solution then  you just made a bad life choice of ISV. Period.



There is 0.00% incentive to make Sage 100 an easy upgrade because doing so removes incentive to move to the cloud where upgrades happen seamlessly.

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info

The Q&A from the Aug 30 2022 TLS/OAuth webinar - which are now available in Sage Partner Hub - started me thinking the issue might not be as broad as Sage made it out to be.

There were several instances such as when a customer was self-hosting Exchange that the OAuth issue did not apply ( or at least that was the answer ).

Should Sage have handles this better? Probably.

They pushed out several rounds of FAQ and held a webinar on the topic so there definitely was a lot of light shining on the issue.

My recommendation to customers is staying the same - you want to be on 2022.x if at all possible. If you can't get to 2022 get to 2021.

If you're hung at an older version due to some third-party solution then  you just made a bad life choice of ISV. Period.



There is 0.00% incentive to make Sage 100 an easy upgrade because doing so removes incentive to move to the cloud where upgrades happen seamlessly.

• Microsoft is locking down their services in a way that will break Paperless email functionality in Sage 100.
• Microsoft is locking down their services with enhanced security, and we want to help you make your systems more secure too.

OAuth has been discussed and delayed by both Google and Microsoft.
I'm not an expert in this area.

I followed Sage's lead expecting they analyzed and knew what protocol was needed.

I think Microsoft started making plans for OAuth prior to Covid.

I believe the article that Sage is referencing is this one dated September 9, 2022 from Microsoft.

I do not think this is new information however Microsoft has issued several updates regarding Oauth and none of them went out of their way to be especially clear about exactly which type of user would be impacted.

In September 2021 Microsoft was talking about NOT disabling SMTP AUTH here.

via their 9/2021 FAQ above

I thought you said you were not going to completely disable SMTP AUTH?
You're right, we did, in blog posts here and here. We're going to continue to disable SMTP AUTH for tenants who don't use it, but we will not be changing the configuration of any tenant who does. We can't tell though if the usage we see is valid or not, that's down to you to determine. So you still should move away from using Basic and SMTP AUTH though if you can, as it does leave you exposed. Don't forget, you can disable it at the tenant level, and re-enable on a per-user/account level as described here.

So far as I can tell --- and I'm NOT AN EXPERT --- it appears that SMTP AUTH is what most/all Sage users were using prior to the OAuth capabilities being added to Sage 100 in 2020.6, 2021.4, 2022.1+.

Updates, correction and browbeating welcomed for the above info