Exchange Online: Client Credential Flow for SMTP AUTH available (July 2023)

Exchange Logo[German]Quick addendum from this week: Microsoft's Exchange team has already announced the availability of Client Credential Flow (CCF) for SMTP AUTH in Exchange Online on July 10, 2023. Client Credential Flow (CCF) for SMTP AUTH enables applications to use modern authentication to deliver authenticated email to Exchange Online without requiring an interactive login. Using OAuth reduces the risk of credentials being compromised during authentication.


Advertising

The following tweet from the Exchange team at Microsoft points out this issue, which is described in the Techcommunity post Announcing Client Credential Flow for SMTP AUTH in Exchange Online.

What is Client Credentials Flow?

Client Credentials Flow (defined in OAuth 2.0 RFC 6749, section 4.4) allows an application to exchanges its credentials, such as client ID and client secret, for an access token. Microsoft described this in March 2023 for Azure in this support post. Microsoft says:

Client Credential Flow (CCF) for SMTP AUTH enables applications to use modern authentication to deliver authenticated email to Exchange Online without requiring interactive sign-on. Using OAuth reduces the risk of credentials being compromised during authentication.

How can it be used?

CCF for SMTP AUTH is now available in all Microsoft environments, the Teccommunity post says. Administrators can use the steps under Authenticating an IMAP, POP or SMTP Connection with OAuth for SMTP. The following steps are required to use it:

Details may be read within the linked articles.


Advertising


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Security, Software and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *