leoperboNov 3, 2022
Thunderbird: Free Your Inbox

If you discover that your Microsoft 365 / Exchange mail account password is no longer working in Thunderbird, please take note of this:

Microsoft is force rolling out deprecation of normal password authentication, so you'll need to switch to "Authentication Method: OAuth2" in the account's Server Settings.

This should resolve your issue.

You can read more about this change here: https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

Basic Authentication and Exchange Online – September 2021 Update

Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update. In February 2021, we announced some changes to our plan for turning off Basic Authentication in Exchange Online. In sum...

TECHCOMMUNITY.MICROSOFT.COM
Nov 3, 2022 at 10:56amWeb
Show threadmimi89999Nov 3, 2022
@thunderbird why isn't it standardized?
Show threadMartinNov 3, 2022
@thunderbird
Fantastic! I ran into this issue yesterday and now it´s solved. Thank YOU!
Show threadDawn Tåke 🏳️‍⚧️Nov 3, 2022
@thunderbird
Is this for all MS emails? I have a hotmail still and thus far it still seems to be connecting.
Show threadPTNNov 3, 2022
@Tourma @thunderbird
It seems to be affecting only exchange servers. Services like Hotmail and Yahoo aren't affected, so ur ok
Show threadJosh SorefNov 8, 2022
@Tourma @thunderbird It's a progressive migration. They're doing it slowly on a tenant-by-tenant basis using selective brownouts. This approach lets them ease users and admins over. It will also push clients to better handle this. Once Exchange Online migrates completely, I'd expect they'll eventually plan a similar migration for Hotmail and Outlook.com.
Show threadThunderbird: Free Your InboxNov 8, 2022

@jsoref @Tourma Related https://bugzilla.mozilla.org/show_bug.cgi?id=1798875

We'll attempt to make migration smoother behind the scenes, as we did with Google/Gmail's switch to OAuth2.

1798875 - migrate Office365 accounts to OAuth2 authentication (password only, Less secure apps will not work starting Oct 1, 2022)

NEW (nobody) in Thunderbird - General. Last updated 2022-11-04.

Show threadJosh SorefNov 8, 2022

@thunderbird @Tourma yes. Note that a starting point would be to just support setting the security to OAuth2 for existing SMTP accounts instead of only at creation. Wizards are great, but take time. Making "create" and "edit" share more code should be easier.

Sorry, I don't have enough users using this to justify rolling up my sleeves.

Show threadMajik BearNov 3, 2022
@thunderbird I'm concerned that the reason companies are cramming 2fa down our throats is so they can start displaying ads in 2fa apps and prompts.
Show threadkazordNov 3, 2022
@Bear @thunderbird have you try to buy a fido2 device ?
Also if it’s only about ads, stop worrying about ads in app you don’t like . use a greater app without ads instead of one from big tech giant :)
Show threadMajik BearNov 4, 2022
@kazord @thunderbird I'm pretty sure they'll force you to use their own app so you have to look at the ads.
Show threadJosh SorefNov 8, 2022
@Bear @thunderbird the nice thing about 2FA is that it's built on industry standards. We've found the Microsoft and Google clients to be painful for various reasons and have selected Authy for #TOTP instead.
Show threadJosh SorefNov 8, 2022
@Bear @thunderbird the reason they're pushing 2FA is that the support costs for account takeovers are exceeding the support costs for 2FA (mostly account lockouts).
Show threadJosh SorefNov 8, 2022

@thunderbird oh, wow, I didn't realize this was a brownout and not a total drop. Anyway, it'd be nice if Thunderbird made the migration easier. For SMTP, we had to create new servers and copy over the settings, selecting OAuth2 – the option wasn't there for the old outbound server.

Similarly, a wizard-nudge to select OAuth2 for servers that appear to be Exchange Online would be welcome.