If you use FileMaker to send Outlook emails, significant changes are coming. Microsoft is officially retiring Basic Authentication for SMTP, which means systems still using Basic Auth will soon stop sending emails. If you don’t prepare, you could face sudden email failures, error messages, and workflow disruptions. The good news? You can keep everything running smoothly by migrating to OAuth 2.0, Microsoft’s modern and secure authentication method. This guide explains why Basic Auth is being phased out, what happens if you don’t upgrade, and how to set up FileMaker with Outlook using OAuth.

Why Basic Auth is Being Retired

This change is part of Microsoft's long-term security initiatives, which involve transitioning to a more secure network and implementing Modern Authentication (OAuth 2.0). With this change, they hope they can better protect their customers and their data from issues such as:

• Security risks: Password storage across devices, sending credentials in plain text format, and limited support for multi-factor authentication.

• Cybersecurity: This entails aligning with modern cybersecurity standards and enhancing security across Microsoft, ensuring that customers are protected from cyberattacks.

You can read more about the retirement of Basic Authentication on the Exchange Team Blog on Microsoft's website.

Impact

So, what does Microsoft's retirement of Basic Authentication mean for you? It will impact your current devices and applications that utilize it. Here's what may happen if you don't update or make the switch to OAuth 2.0.

• Disruptions: After the deprecation date, any app, device, or service still using Basic Authentication for SMTP (e.g., hardware devices, custom apps, website forms, email clients, and Exchange Online services) will be unable to send emails.

• List of affected Functions:

  • Scan-to-email from Multifunction Printers will be lost

  • Internet faxing

  • Email-to-print if using an Office 365 SMTP connection with basic authentication

  • On-demand email notifications will stop.

However, you can continue to send emails in this same fashion and without interruption by updating your application to support OAuth 2.0. Haven't made the switch? Here's how you can and why it may be your best option!

Why Switch To OAuth Emailing

OAuth is a more secure way to connect your app to Outlook, which is why Microsoft deprecates basic authentication. For businesses that use email to send invoices, schedules, or other vital information, it is essential to make the switch now to maintain your current workflows without interruption. If you wish to know more about the difference between OAuth and SMTP or how OAuth works, you can check out our previous article: Claris FileMaker OAuth Emails.

Outlook OAuth Setup Requirements

You will need the following items to configure OAuth emailing via Outlook:

• Access to the Microsoft Entra console (Entra ID)

• A Microsoft 365 subscription with Microsoft Graph API access

Account Setup

This guide from Claris can help you configure your Outlook account and connect it to your FileMaker solution. For the Graph API, the client secret expires every 2 years at the maximum and must be manually refreshed from the Entra console. You can view the expiration date for the credentials within the Entra console to plan your rotations.

Sending OAuth Emails From FileMaker

To set up your OAuth emails, you must first create a secure location to store your app ID, tenant ID, client secret, and user principal name credentials. For security purposes, it is recommended that you store these fields in a preferences table. To prevent these values from being misused, set them to concealed edit boxes so users cannot copy values from them. This does not prevent users from exporting the field values or full-access users from viewing the values in the data viewer. To prevent unintended access, you should lock the preferences screen from users who should not have access.

Once your app is set up in the Entra console, you can paste the values into the text boxes on the OAuth settings screen.

The next step is to set up the send email step in a script to use OAuth. You can do this by switching the drop-down from 'Send Via Client' to 'OAuth'. Then click the specify button, choose your OAuth provider (Microsoft), and enter the following information to allow your app to send OAuth email requests.

The final step is to provide an interface. Suppose the user can customize these emails, or they are automatically generated, script-scheduled emails. In that case, you need to pass the information for the To, From, CC, BCC, Subject, Body, and any attachments. In our example, we allow the user to specify all that information and click a button to send the request. That's it! You've now successfully set up OAuth emailing with FileMaker.

Conclusion

The clock is ticking to switch to OAuth 2.0 for apps using Basic Authentication with Microsoft. By switching to OAuth now, you can avoid service interruptions, gain security benefits, and streamline your apps' email integrations. If you need help configuring OAuth into your Claris FileMaker application emails, contact us at DB Services. We would be happy to help!