Microsoft has announced significant changes to its High Volume Email (HVE) service within Microsoft 365, extending support for Basic Authentication until September 2028. This extension aims to provide organizations with additional time to transition to more secure authentication methods, such as OAuth 2.0.
Starting next month, HVE will be restricted to sending emails exclusively within an organization. This internal-only policy is intended to simplify Microsoft's email offerings and clearly define HVE's role within the Microsoft 365 ecosystem. Organizations that need to send bulk emails externally are encouraged to utilize Azure Communication Services (ACS) as an alternative. Detailed setup instructions and documentation for ACS are available on Microsoft's official site.
In addition to these changes, Microsoft is lifting certain limitations that were introduced during HVE's preview phase in April 2024. Organizations can now create up to 100 HVE accounts, and internal recipient rate limits have been removed. These adjustments are designed to enhance the flexibility of HVE for larger organizations utilizing Microsoft 365.
While the extension of Basic Authentication support until 2028 offers a temporary reprieve, Microsoft emphasizes that this is not a long-term solution. The company strongly encourages organizations to transition to modern authentication methods as soon as possible to enhance security. Microsoft acknowledges that some organizations may require additional time to make this transition, which is the primary reason for the extension.
These developments underscore Microsoft's commitment to improving security and streamlining email services within the Microsoft 365 ecosystem. Organizations are advised to take proactive steps in adopting modern authentication methods and to adjust their email strategies in accordance with these upcoming changes.
Source: Windows Report Microsoft extends Basic Authentication for HVE in Microsoft 365 until 2028