Community Discussions and Support
Unable to receive email from Microsoft Office 365

For the past few days, I have suddenly been unable to receive email from my office 365 email. Outgoing email works fine. This has happened sporadically over the past year or two and typically 24 hours later it starts working even though nothing was changed before or after. I can receive email through outlook so definitely a Pegasus issue


I have tried researching the issue and figure the most likely issue cause is to do with MFA and third party apps restrictions in Gmail and Microsoft. MFA is off though as far as I can tell. Any ideas? I am a long time user of Pegasus but I will be forced to ditch it if I can't find a solution soon.


For the past few days, I have suddenly been unable to receive email from my office 365 email. Outgoing email works fine. This has happened sporadically over the past year or two and typically 24 hours later it starts working even though nothing was changed before or after. I can receive email through outlook so definitely a Pegasus issue I have tried researching the issue and figure the most likely issue cause is to do with MFA and third party apps restrictions in Gmail and Microsoft. MFA is off though as far as I can tell. Any ideas? I am a long time user of Pegasus but I will be forced to ditch it if I can't find a solution soon.

Did you check this thread by any chance: https://community.pmail.com/index.php?u=/topic/11731/how-do-i-use-oauth2-for-office-365-email ?


David's instructions as quoted in there can be found at https://www.pmail.com/gmail.htm.


Did you check this thread by any chance: https://community.pmail.com/index.php?u=/topic/11731/how-do-i-use-oauth2-for-office-365-email ? _David's instructions_ as quoted in there can be found at https://www.pmail.com/gmail.htm.
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C
edited Oct 19 '22 at 4:28 pm

The problem is that from some days after October 1, 2022 it is NOT possible to use pop3 or IMAP without OAUth2.


Microsoft - Deprecation of basic authentication


The problem is that from some days after October 1, 2022 it is NOT possible to use pop3 or IMAP without OAUth2. [Microsoft - Deprecation of basic authentication](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online "Microsoft - Deprecation of basic authentication")

tonec, did you read the post I linked to in my first reply? It's about using two factor autentication instead of OAuth2 since Pegasus Mail doesn't yet support the latter. If you have any information about using two factor authentication in this context we would like to know about it.


This thread here is only about OAuth2 in so far as to work around it. And it's definitely not about "basic authentication".


tonec, did you read the post I linked to in my first reply? It's about using two factor autentication instead of OAuth2 since Pegasus Mail doesn't yet support the latter. If you have any information about using two factor authentication in this context we would like to know about it. This thread here is only about OAuth2 in so far as to work around it. And it's definitely _not_ about "basic authentication".
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C
edited Oct 23 '22 at 3:40 am

This is the Microsoft decision. They don't allow anymore pop3 or imap without OAuth2. It was possible till some days ago to use two factor authentication with additional password. But read MS message on the page I posted link before: " Important If Basic authentication has been disabled in your tenant and users and apps are unable to connect, you have a short period of time in which you can re-enable the affected protocols. Follow the re-enablement process in this blog. This temporary re-enablement will only delay the change we're making to secure Exchange Online. Read the rest of this article to fully understand the changes we're making and how these changes might affect you.


and: "Note.
On September 1, 2022, we announced there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be turned off early in January 2023, with no possibility of further use. See the full announcement at Basic Authentication Deprecation in Exchange Online – September 2022 Update.


So I hope the some kind of OAuth2 for PM will be available soon. Best regards!


This is the Microsoft decision. They don't allow anymore pop3 or imap without OAuth2. It was possible till some days ago to use two factor authentication with additional password. But read MS message on the page I posted link before: " Important If Basic authentication has been disabled in your tenant and users and apps are unable to connect, you have a short period of time in which you can re-enable the affected protocols. Follow the re-enablement process in this blog. This **temporary re-enablement will only delay the change we're making to secure Exchange Online**. Read the rest of this article to fully understand the changes we're making and how these changes might affect you. and: "Note. On September 1, 2022, we announced there will be one final opportunity to postpone this change. Tenants will be allowed to re-enable a protocol once between October 1, 2022 and December 31, 2022. Any protocol exceptions or re-enabled protocols will be **turned off early in January 2023**, with no possibility of further use. See the full announcement at Basic Authentication Deprecation in Exchange Online – September 2022 Update. So I hope the some kind of OAuth2 for PM will be available soon. Best regards!

Looks to me like you're quoting the wrong section, what I found is this:



The deprecation of basic authentication will also prevent the use of app passwords with apps that don't support two-step verification.



But I must confess that I don't really understand it because it doesn't make any sense to me: It's mixing up two different ways of authentication into one, if "two-step verification" is different from "basic authentication" why would it be affected as well? It either is "two-step verification" or it's not, how can it be both? And aside from this: "Deprecation" doesn't sound like it doesn't work anymore and isn't usually used this way, it's just not the desired default anymore. Is this a new way of keeping things as obscure as possible? But maybe it's just that it's not my native language ...


Looks to me like you're quoting the wrong section, what I found is this: > The deprecation of basic authentication will also prevent the use of app passwords with apps that don't support two-step verification. But I must confess that I don't really understand it because it doesn't make any sense to me: It's mixing up two different ways of authentication into one, if "two-step verification" is different from "basic authentication" why would it be affected as well? It either _is_ "two-step verification" or it's not, how can it be both? And aside from this: "Deprecation" doesn't sound like it doesn't work anymore and isn't usually used this way, it's just not the desired default anymore. Is this a new way of keeping things as obscure as possible? But maybe it's just that it's not my native language ...
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

I think I understand it. MS is stating that they are doing away with "app passwords" which has been the workaround to not having OAuth 2. Once they do, there is no longer a way for Pegasus Mail to authenticate. I believe the relevance of "two-step verification" is that, like Google, it was required to be enabled in order to obtain an app password. Those of us with Gmail accounts should be concerned about Google following MS's lead.


So far I have only seen this change impacting Exchange. If I read the original post correctly, the OP stated that his Outlook account was working, it is his office Exchange account (Office 365) that is affected. MS's target appears to be enterprises, at least for now. This is still bad for anyone using Pegasus Mail to access an Exchange account though.


I think I understand it. MS is stating that they are doing away with "app passwords" which has been the workaround to not having OAuth 2. Once they do, there is no longer a way for Pegasus Mail to authenticate. I believe the relevance of "two-step verification" is that, like Google, it was required to be enabled in order to obtain an app password. Those of us with Gmail accounts should be concerned about Google following MS's lead. So far I have only seen this change impacting Exchange. If I read the original post correctly, the OP stated that his Outlook account was working, it is his office Exchange account (Office 365) that is affected. MS's target appears to be enterprises, at least for now. This is still bad for anyone using Pegasus Mail to access an Exchange account though.
edited Oct 23 '22 at 2:48 pm

Yes, @BrianFluet, that is the way MS is limiting use of app passwords. And I'm on enterprise Exchange account. So I hope that OAuth2 will be soon available fully in PM. The time is ticking... App passwords will be "deprecated" by the end of 2022.

Yes, @BrianFluet, that is the way MS is limiting use of app passwords. And I'm on enterprise Exchange account. So I hope that OAuth2 will be soon available fully in PM. The time is ticking... App passwords will be "deprecated" by the end of 2022.

A quick follow up. Thanks to everyone who responded. Tonec was right. I had to get basic authentication enabled again to be able to get Pegasus working. I had to jump through a bunch of hoops using Powershell to finally make it happen. That may not necessarily be the case for everyone. I had to do so in order to allow changes to be made to my configuration.


Unless there is an update to Pegasus by December 31st though then that will be the end of the road for me with Pegasus at least as far as my Microsoft emails. Hoping for the best but I will have to prepare for the worst. At least now I have a couple of months to plan my move.


A quick follow up. Thanks to everyone who responded. Tonec was right. I had to get basic authentication enabled again to be able to get Pegasus working. I had to jump through a bunch of hoops using Powershell to finally make it happen. That may not necessarily be the case for everyone. I had to do so in order to allow changes to be made to my configuration. Unless there is an update to Pegasus by December 31st though then that will be the end of the road for me with Pegasus at least as far as my Microsoft emails. Hoping for the best but I will have to prepare for the worst. At least now I have a couple of months to plan my move.

:-) Thank you, @danielsan
Hope we have PM updated till then.
What would be alternatives?

:-) Thank you, @danielsan Hope we have PM updated till then. What would be alternatives?

:-) Thank you, @danielsan
Hope we have PM updated till then.
What would be alternatives?

:-) Thank you, @danielsan Hope we have PM updated till then. What would be alternatives?

Assuming no update to Pegasus, my default option would be to use Outlook. I have 2 months to figure it out though.


Assuming no update to Pegasus, my default option would be to use Outlook. I have 2 months to figure it out though.

"Deprecation" doesn't sound like it doesn't work anymore and isn't usually used this way, it's just not the desired default anymore.

Maybe I found the reason why they don't say outright it'll completely stop working since reading further on in the quoted article I found this:



SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible.



But then we have another ambiguity in this part: Basic authentication is permanently disabled on October 1, 2022, really? Didn't they just explain it'll still work until end of the year if you want so (i.e. manually reenable it)? I bet they have lawyers write this kind of stuff ...


[quote="pid:54600, uid:2133"]"Deprecation" doesn't sound like it doesn't work anymore and isn't usually used this way, it's just not the desired default anymore.[/quote] Maybe I found the reason why they don't say outright it'll completely stop working since reading further on in the quoted article I found this: > SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022. The reason SMTP will still be available is that many multi-function devices such as printers and scanners can't be updated to use modern authentication. However, we strongly encourage customers to move away from using Basic authentication with SMTP AUTH when possible. But then we have another ambiguity in this part: _Basic authentication is permanently disabled on October 1, 2022_, really? Didn't they just explain it'll still work until end of the year if you want so (i.e. manually reenable it)? I bet they have lawyers write this kind of stuff ...
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

But then we have another ambiguity in this part: Basic authentication is permanently disabled on October 1, 2022, really?

They really should have included the phrase "except SMTP" anytime they mentioned the disabling of Basic authentication. It is understandable that they had to allow Basic auth for SMTP. There are too many devices out there that have email capability but are limited to basic auth for the SMTP connection. Thinking back to my days in a small business environment we had two UPS's, a multi-function printer/scanner/copier, and a phone system that were all configured to email alerts, documents, and/or notifications. The SMTP configuration in all three was limited to Basic authentication. I can't imagine how many non-PC email capable devices there could be in a large enterprise or manufacturing facility.


[quote="pid:54613, uid:2133"]But then we have another ambiguity in this part: Basic authentication is permanently disabled on October 1, 2022, really?[/quote] They really should have included the phrase "except SMTP" anytime they mentioned the disabling of Basic authentication. It is understandable that they had to allow Basic auth for SMTP. There are too many devices out there that have email capability but are limited to basic auth for the SMTP connection. Thinking back to my days in a small business environment we had two UPS's, a multi-function printer/scanner/copier, and a phone system that were all configured to email alerts, documents, and/or notifications. The SMTP configuration in all three was limited to Basic authentication. I can't imagine how many non-PC email capable devices there could be in a large enterprise or manufacturing facility.

My post from a few weeks ago has been quoted in this thread as the way to get Pegasus working again with Office 365 using an App password obtained via 2FA. Yesterday my Pegasus login went intermittent too. Today it is solidly failing. Can't see any detailed explanation - just a bald fail pop-up.


At the moment I am using the Web Outlook Access route to read/send emails - but that means I am not able to save messages in Pegasus on my PCs. It also means I have lost the ability to use the many alias addresses that are configured in the Office 365 account.


What is the "tenant" that has been mentioned with a setting to re-enable the App Password mechanism until the end of the year?


My post from a few weeks ago has been quoted in this thread as the way to get Pegasus working again with Office 365 using an App password obtained via 2FA. Yesterday my Pegasus login went intermittent too. Today it is solidly failing. Can't see any detailed explanation - just a bald fail pop-up. At the moment I am using the Web Outlook Access route to read/send emails - but that means I am not able to save messages in Pegasus on my PCs. It also means I have lost the ability to use the many alias addresses that are configured in the Office 365 account. What is the "tenant" that has been mentioned with a setting to re-enable the App Password mechanism until the end of the year?

Quoted from: https://learn.microsoft.com/en-us/microsoft-365/solutions/tenant-management-overview?view=o365-worldwide


"A Microsoft 365 tenant is a dedicated instance of the services of Microsoft 365 and your organization data stored within a specific default location, such as Europe or North America. This location is specified when you create the tenant for your organization."


The way I am understanding Microsoft, it is the MS 365 host admin who must reenable whatever mechanism grants access using an app password.


I wonder if existing app passwords became invalid in the disable/reenable process. Have you tried creating a new app password?


Quoted from: https://learn.microsoft.com/en-us/microsoft-365/solutions/tenant-management-overview?view=o365-worldwide "A Microsoft 365 tenant is a dedicated instance of the services of Microsoft 365 and your organization data stored within a specific default location, such as Europe or North America. This location is specified when you create the tenant for your organization." The way I am understanding Microsoft, it is the MS 365 host admin who must reenable whatever mechanism grants access using an app password. I wonder if existing app passwords became invalid in the disable/reenable process. Have you tried creating a new app password?

As far as I can tell app passwords are gone. The admin of the account has to send a request to Microsoft to enable basic authentication. You can supposedly only do this once. So no switching back and forth and come December 31st no more use of basic authentication at all. So pegasus is dead(ok you can still send because smtp will remain on basic but big whoop) at that point unless a new update comes out. This link will tell you how to submit a request


https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210


As far as I can tell app passwords are gone. The admin of the account has to send a request to Microsoft to enable basic authentication. You can supposedly only do this once. So no switching back and forth and come December 31st no more use of basic authentication at all. So pegasus is dead(ok you can still send because smtp will remain on basic but big whoop) at that point unless a new update comes out. This link will tell you how to submit a request https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

Cleared my App Password in O365 - and set up a new one. Still gets an opaque fail. However danielsan seems to have nailed the reason - so the next thing is to try kicking Microsoft.


My account is a Demon transfer via Namesco - which was an automatically enrolled O365 subscription. Namesco appear also to have their own email service that is cheaper than their O365 scheme. Plan B was (and now definitely is) to explore that option further to see if Pegasus will do IMAP with their service without all these horrendous labyrinthine convoluted O365 opaque procedures. The sales blurb is promising - for a simple send/receive with aliases on my domain.


Hoping David will be able to subdue the OAuth2. Otherwise I will be reduced to no aliases on Gmail or my web site service until they also break Pegasus logins.


Cleared my App Password in O365 - and set up a new one. Still gets an opaque fail. However danielsan seems to have nailed the reason - so the next thing is to try kicking Microsoft. My account is a Demon transfer via Namesco - which was an automatically enrolled O365 subscription. Namesco appear also to have their own email service that is cheaper than their O365 scheme. Plan B was (and now definitely is) to explore that option further to see if Pegasus will do IMAP with their service without all these horrendous labyrinthine convoluted O365 opaque procedures. The sales blurb is promising - for a simple send/receive with aliases on my domain. Hoping David will be able to subdue the OAuth2. Otherwise I will be reduced to no aliases on Gmail or my web site service until they also break Pegasus logins.

Further down the Rabbit hole.
Trying to activate the Basic Authentication re-enable diagnostic as per MS instructions


"The organization configuration is dehydrated. In the Microsoft datacenters, an organization configuration being dehydrated means that it has certain objects consolidated to save space. In this state, configuration cannot be modified. This can be changed by running the Enable-OrganizationCustomization cmdlet."


And trying to do that leads to a Help page saying to run a command line style incantation - possibly in Exchange or Powershell?


Where the ... do I enter the command? Is this the W7 command prompt? This is getting beyond ridiculous. In my 50 years of IT support I have never seen such a mess of obfuscation.


Further down the Rabbit hole. Trying to activate the Basic Authentication re-enable diagnostic as per MS instructions "The organization configuration is dehydrated. In the Microsoft datacenters, an organization configuration being dehydrated means that it has certain objects consolidated to save space. In this state, configuration cannot be modified. This can be changed by running the Enable-OrganizationCustomization cmdlet." And trying to do that leads to a Help page saying to run a command line style incantation - possibly in Exchange or Powershell? Where the ... do I enter the command? Is this the W7 command prompt? This is getting beyond ridiculous. In my 50 years of IT support I have never seen such a mess of obfuscation.
12
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft