Microsoft has recently announced significant changes to its High Volume Email (HVE) service within Microsoft 365, alongside an extension of support for Basic Authentication until September 2028. These updates are designed to provide organizations with additional time to transition to more secure authentication methods and to refine the scope of HVE's functionality.
High Volume Email (HVE) Service Updates
Effective next month, Microsoft will restrict the use of HVE to internal communications only. This means that HVE can no longer be utilized for sending emails to external recipients; its use will be confined to messages within the same tenant. Microsoft explained that this change aims to simplify email offerings and clearly define HVE's purpose within the Microsoft 365 ecosystem.
For organizations that need to send high-volume emails to external recipients, Microsoft recommends transitioning to Azure Communication Services (ACS) for email. ACS is designed to handle large-scale email communications and offers robust features suitable for external messaging needs.
In a positive development, Microsoft is removing previous limitations on the number of HVE accounts and internal recipient rate limits. Organizations will now be able to create up to 100 HVE accounts, and the internal recipient rate limits have been eliminated entirely. This enhancement provides greater flexibility for internal communications within organizations.
Extension of Basic Authentication Support
Microsoft has extended support for Basic Authentication in HVE until September 2028. This extension is intended to give businesses additional time to transition to modern authentication methods, such as OAuth. While this extension provides a longer runway, Microsoft strongly encourages organizations to adopt modern authentication protocols as soon as possible to enhance security. The company acknowledges that not all organizations are currently in a position to make this transition, which is the primary reason for extending the deadline.
Implications for Organizations
These changes underscore Microsoft's commitment to enhancing security and streamlining email services within Microsoft 365. Organizations should take proactive steps to:
- Assess Current Email Practices: Evaluate current use of HVE and determine the impact of the new internal-only restriction.
- Plan for Transition: If external high-volume email capabilities are required, plan to migrate to Azure Communication Services for email.
- Upgrade Authentication Methods: Begin transitioning from Basic Authentication to modern authentication methods like OAuth to improve security and comply with future requirements.
