OTRS and (not only) Microsoft Exchange Online

Date: 13 August 2021


The new security policy

In the second half of 2019 Microsoft announced the Basic Authentication for Exchange Online services to deprecate in the near future. Previously scheduled for October 13th 2021 deprecation has been postponed due to COVID-19. But despite the pandemic Microsoft did not withdraw from initial plans and on February 2021 posted an update:

Microsoft has postponed disabling Basic Auth for protocols in active use by tenants until further notice but will continue to disable Basic Auth for protocols not in use. Overall scope of this change now covers EWS, EAS, POPIMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB.

Source: https://docs.microsoft.com/en-us/lifecycle/announcements/exchange-online-basic-auth-deprecated

Simply put, Microsoft announced that from now only new services are affected with this security policy. For ongoing services deprecation is suspended until further notice.

And from now on Basic Authentication is being replaced with OAuth2.0 standard.

Moreover, Microsoft is not the only company to make these changes. Basic Authentication for SMTP, POP3 and IMAP protocols is going to be deprecated with Google GMail/GSuite services also.

What’s going on with OTRS?

Microsoft announcement is significant for all the companies with OTRS / ((OTRS)) Community Edition and Exchange-based communication. Given the fact that OTRS AG currently provides absolutely no support at all for open-source OTRS, action must be taken to prevent any failure with e-mail communication.

The answer is OTOBO!

As mentioned above, OTRS system has no official support anymore, we cannot expect new features and patches anymore. That’s another reason to make a plan for migration of your ((OTRS)) Community Edition to an alternative solution. One of the main successors to OTRS is OTOBO by RotherOSS. Free and full of new features, until now most of them available only with OTRS Business Solution.

One of these cool features is out-of-the-box support for OAuth2.0 authentication. So no handcrafted sorcery is needed to maintain the e-mail communication, just two clicks here and there.

We are really satisfied to see the path OTOBO has taken. As OTOBO Premium Partner, we can together deliver modern and enterprise-grade solutions to our customers world-wide.