Microsofts retirement of basic auth

damianhalloran · May 9, 2022, 11:40pm

With Microsoft’s retirement of basic auth on October 1, 2022 I cannot see any settings to enable MFA within self-hosted bitwarden so that it can send emails, specifically these settings:

globalSettings__mail__replyToEmail=	Email address used for invitations, typically `[email protected]__host`.
globalSettings__mail__smtp__host=	Your SMTP Server hostname (recommended) or IP address.
globalSettings__mail__smtp__port=	The SMTP port used by the SMTP Server.
globalSettings__mail__smtp__ssl=	(Boolean) Whether your SMTP Server uses an encryption protocol:

true = SSL
false = TLS|
|globalSettings__mail__smtp__username=|A valid username for the smtp__host.|
|globalSettings__mail__smtp__password=|A valid password for the smtp__host.|
|globalSettings__disableUserRegistration=|Specify true to disable new users signing up for an account on this instance via the Registration page.|

Is this possible or planned?
Thanks.

dh024 · May 10, 2022, 2:06am

Hello @damianhalloran - welcome to the community forums!

I could not find a source to confirm this, but I believe Microsoft intends to continue using app passwords for clients that cannot perform MS MFA.

damianhalloran · May 10, 2022, 2:08am

Thanks for the response David. Here is a link to the announcement here: Basic Authentication Deprecation in Exchange Online – May 2022 Update - Microsoft Tech Community

dh024 · May 10, 2022, 3:26am

Thanks for the link. The article states that SMTP Auth will not be affected, so it looks like any Bitwarden customers who are self-hosting and using a Microsoft SMTP address should be OK, right?

damianhalloran · May 10, 2022, 4:06am

Thanks David - I should read these things more closely