Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Delivered
Created by Guest
Created on Sep 15, 2020

Microsoft Exchange disabling basic Authentication based connections to Exchange online

Microsoft have announced that they will be disabling basic Authentication based connections to Exchange online. Basic Authentication means that the client application passes the username and password with every request. Although simple to setup and use, Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials and increases the chance of credential re-use against other endpoints or services. The announcement by Microsoft is that they will be disabling basic authentication by end of October 2020. This means that new or existing applications using one or more of these API’s/protocols will not be able to use Basic Authentication when connecting to Office 365 mailboxes or endpoints and will need to update how they authenticate.

What you Need to do

You will need to perform the following action to ensure your application now supports OAuth 2.0 when connecting to Exchange online mailbox:

  • If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication.

  • Reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication

The deadline for making changes to you application to support OAuth 2.0 is by end of June 2021.

What is your industry? Consumer Products
How will this idea be used?

Running mail itnerfaces

  • Guest
    Reply
    |
    Jun 23, 2022

    Good question. You are correct that this solution only works with IMAP and not POP3


    We will update the documentation with that information. I'm told from my team that is an old protocol and we should move to IMAP.


    Is this something that will pose any challenges?

  • Guest
    Reply
    |
    Jun 22, 2022

    Hi Ryan, thank you for the update on this. After reading through the related documentation, I just wanted to verify that OAuth 2.0 will only work for IMAP and will not work for POP3, is that correct? Thanks.

  • Guest
    Reply
    |
    Jun 22, 2022

    Hello all, thank you for all the feedback and participation for this request. We are happy to announce availability of the enhancement to the B2B Mail Client Adapters to support OAUTH modern authentication ahead of Microsoft's planned deprecation of Basic Authentication.

    Please find the details here of the rollout schedule:

    https://www.ibm.com/support/pages/node/6595109

    Our goal in making this enhancement available is to align to upcoming releases as to mitigate issues that come from unique hot fixes. If you have any questions or concerns, please reach out. More information will be published over the next few weeks with additional guidance and documentation.

  • Guest
    Reply
    |
    Apr 5, 2022

    Hi Con, thank you for your note. I'd like to discuss this in further detail with you and members of our Engineering team. Could you please send me an email at woodry@us.ibm.com so we may set up a meeting?

  • Guest
    Reply
    |
    Apr 4, 2022

    Hi Ryan - as a Sterling developer across many customer sites in Australia / APAC I see this becoming more urgent. Many customers will be impacted if left without modern authentication to MS 0365 "Email". They are currently all using B2B Mail Client Adapters with POP or IMAP for receiving & SMTP Adapters for Sending - (with multiple accounts).

    I see this article which looks to be related and has Java level implementations.

    https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki

    Although we could write something that can establish a connection (from an external program) - getting this to align and work with the next steps of receiving emails & MIME processing with Sterling, may not be well integrated from a completely external API. Needing to get this Connection & Authentication embedded into an Adapter.

  • Guest
    Reply
    |
    Mar 30, 2022

    Microsoft has recently published updated guidance to their customers

    https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

    Of note is the following

    "SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022"

    While we still want to address the concern with basic auth with SMTP in B2Bi, it does not look like it will affect the SMTP adapter in B2Bi after this cut off date.

    However, we still utulize IMAP and POP. I understand the concern and we are working to provide a firmer response to this RFE. Please feel free to reach out if you would like to discuss in further detail with your team.


    Ryan Wood - woodry@us.ibm.com


  • Guest
    Reply
    |
    Jan 27, 2022

    I'm voting for and asking for any ETA for this requirement so that the same can be communicated to our IT teams as they are pushing on this and need ETA on when they can disable the basic authentication.

  • Guest
    Reply
    |
    Sep 29, 2021

    Hello all, we seem to have duplicate entries on this enahncement. I'll keep this one updated as well.

    Microsoft has released the following update:

    Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that)."

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

    We are continuing to monitor this and test our exposure and working with other IBM teams to ensure we have a common approach across our Sterling platforms to address this requirement before October 1, 2022



  • Guest
    Reply
    |
    Sep 28, 2021

    Hi Ryan,

    Can you provide any ETA for this requirement so that the same can be communicated to our IT teams as they are pushing on this and need ETA on when they can disable the basic authentication.

  • Guest
    Reply
    |
    Sep 27, 2021

    Thank you all for the continous feedback and guidance you're receiving from your Microsofts team. The following update by Microsoft was called to our attention:

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

    Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that).

    We are continuing to research to determine the risk this poses to our community, (given the option to re-enable), and keeping up with latest security standards (which would include deprecating basic authentication).

    We will be reaching out to those interested in this RFE as we get closer to ensure we are on track to meet your business requirement.

  • Guest
    Reply
    |
    Sep 27, 2021

    Hi Ryan,

    I would like to understand the status on this requirement as we have been getting pushed from our organization to implement the Modern Authentication on our SI mailboxes by end of Oct 2021. We have raised the same to them as well and would like to understand if you will be able to help out to get on a call with out SMTP teams to understand and get on a plan for this implementation.

    You can reach out to me on - Shadab.kazi@ingrammicro.com

    Awaiting your feedback.

  • Guest
    Reply
    |
    Jun 2, 2021

    Please see information below from our Office 365 ADMIN -

    Microsoft allowed us to temporarily turn basic authentication back on following the incident on May 6th. This will buy us some time but we’ll likely lose the ability to flip this bit when they fully deprecate basic authentication later in the year. We don’t have an exact date but the consensus is 2nd half of 2021.

    IBM should consider the Graph API solution which allows non-interactive sign-ins.

    https://docs.microsoft.com/en-us/graph/auth-v2-service

  • Guest
    Reply
    |
    May 18, 2021

    Hello all, we are prepared to start working on this enhancement. In digging into the requirement we have studied the communication from Microsoft a bit more and found the following verbiage:


    Today, we’re excited to announce the availability of OAuth 2.0 authentication for IMAP and SMTP AUTH protocols to Exchange Online mailboxes. This feature announcement is for interactive applications to enable OAuth for IMAP and SMTP. At this time, there are no plans to enable IMAP and SMTP OAuth for non-interactive applications using client credentials flow. For that, we suggest to use our Graph API.


    https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/ba-p/1330432


    As you can see, IBM Sterling B2B Integrator, does NOT conduct an 'interactive session' - it is a 'non-interactive' process

    At this point we need more information on this request. I'm requesting those following this request to please help with the following:


    1) Open a support ticket with your IT staff that manages your Microsoft SMTP Servers (if possible, have that team open a support ticket directly with Microsoft)

    2) Engage myself (woodry@us.ibm.com) - I will bring my developers to the call to ensure we all understand the requirement and have clear cut dates from Micrsoft on the cut over and the scope of the change.


    Any questions or concerns please reach out to me.



  • Guest
    Reply
    |
    May 18, 2021

    Hi Ryan,


    Is there any more updates on this request. What is the estimated time that this will be available in the product so we can plan on upgrading.


    Are there any thoughts of adding this feature as part of a Patch to Version 6.0 or the direction will be to upgrade to 6.1?

  • Guest
    Reply
    |
    Apr 29, 2021

    Hi Ryan Wood ,


    There are planning to disable the basic auth by the end of month september-october. Do we have any update on the developemnt of this part. If you can want , we can connect over a call for the same

  • Guest
    Reply
    |
    Apr 16, 2021

    April 2021 Update - We are tracking this item for delivery this year on the 6.1 stream. We are still looking for a firm date from Microsoft on this cut over. If anyone has additional information, or is willing to open a ticket with Microsoft and work with IBM, please reach out to me directly woodry@us.ibm.com

  • Guest
    Reply
    |
    Apr 7, 2021

    Hi Ryan Wood,

    Could you please advise when this enhancement will be ready?

    We have been asked to disable basic authentication and move to OAUTH2.0 by 30th June 2021.

    We have multiple Trading partners using mail client adapter and it is a critical interface.


    Thanks

    Kavitha

  • Guest
    Reply
    |
    Feb 26, 2021

    We have accepted this request for enhancement. We understand Microsoft has extended this deadline until the end of 2021