About 2 weeks ago my Office 365 OWA login unexpectedly changed its logged-in Timeout - and MFA insisted on a smartphone app. The Pegasus SMTP connection was rejected as invalid login details.

The first problem was eventually solved by me setting up Legacy MFA again and asking for new text MFA details at login. The process for getting an SMTP authentication code seems to have become a rabbit hole of jargon covering a multitude of potential administration requirements. Catch-22 and brickwalls everywhere. Including suggesting SMTP client API has changed to require Graph?? The Pegasus application registration had disappeared. Now sort of recreated but is not appearing in my users so it can be assigned.

I note that there are also warnings that MS will close the Azure AD service in September. My suspicion is that my account was transitioned to the new service without my knowledge or possibly even the ISP help desk's. Anyone any ideas?

AFAIK, "OWA" is an acronym for "Outlook on the web" when associated with Office 365. I'm not sure how Pegasus Mail fits into that. Awhile ago, MS started requiring email clients to use app passwords. I do not have any first hand knowledge or experience, only what I read and see discussed in the support resources. Anyways, see if either of these site shed any light.

https://support.microsoft.com/en-us/account-billing/manage-app-passwords-for-two-step-verification-d6dc8c6d-4bf7-4851-ad95-6d07799387e9

https://evermap.com/Tutorial_AMM_AppPasswordOffice365.asp

I don't know whether this is related, but as of this morning I can not access my outlook.com account from Pegasus Mail nor can I use its SMTP service. All attempts result in invalid login credentials. POP3 attempts indicate an invalid password. A new app password has not solved the problem. Back in February Microsoft stated "In the coming months, we will be working to fully remove support for Basic authentication from Outlook.com..." (source below). In that article they did not specify a timeline. Perhaps that time is now although that seems unlikely since the app password creation function still works. Perhaps the problem is transient as alluded to in the source document.

Source: https://support.microsoft.com/en-us/office/outlook-and-other-apps-are-unable-to-connect-to-outlook-com-when-using-basic-authentication-f4202ebf-89c6-4a8a-bec3-3d60cf7deaef

Edit: My connection is working now, with the app password. An unknown is whether the problem was indeed transient or whether my creation of an app password took longer to go into effect than I expected.

Thanks for that Brian. I will try your app password route again. It is possible that the six-inch nail "solution" applied by my ISP support wiped out my Pegasus settings completely. Other MS documents have indicated that administration things will change in September 2024. How they are all interdependent is unclear. The MS walled garden is getting much too difficult to navigate for people who do not have specialist MS knowledge. My apparently big email/domain provider's technical support seems unaware of what might be happening.

Somewhere in the MS documents was an indication that their new user administration changes may take 60 minutes to become effective.

A question Brian: do you use a smart phone app to login to OWA? Looking at your previous posting about getting an app password seemed to "possibly" impose that as the ordinary user login method for OWA at the same time. That was the rabbit hole that unexpectedly opened for me about two weeks ago - out of the blue. I have managed to reset OWA login back to using only my dumb phone text as 2FA - which I regard as perfectly secure for most purposes.

I note that MS are also imposing 2 year expiry on new app passwords. That will cause future confusion for domestic users.

Incidentally I have never been able to use IMAP with my OWA account since the oauth change a few years ago. I used the "printer" SMTP app password workround to send using my OWA registered alias addresses. Apparently MS are currently providing a beta ability to use aliases in "From" for OWA email sends. They regard this a a rather new novel user requirement. Tried their method to switch the feature on - and hit a brickwall of needing an Azure PowerShell subscription to effect the setting.

My email supplier steadfastly fails to answer my query about whether a switch to their "webmail" will be any better. The alternative is to lose my historical emails apparently irretrievably only stored in OWA folders - and switch my domain to another supplier with whom Pegasus does already communicate for another domain..

I have an outlook.com email account. I have only ever accessed by the web interface and by using Pegasus Mail to retrieve mail via POP3 and send via their SMTP. This is not an active account. I created it years ago when I was searching for a best-for-me email service. Outlook.com was not it. I use it now solely for testing purposes.

Regarding your comment about user admin changes taking up to 60 minutes, that is about right if indeed the app password is what got mine working.

I have spent several hours now going down the MS rabbit holes. It appears that they will retire several products in September 2024. One of these is the 365 "Legacy" MFA. They allude to nudging users to the new system by the sort of login glitches I have seen in the last couple of weeks.

They appear to be resetting MFA selections to produce a logout timer - and after a few logins enforce a mandatory smartphone app for future authorisation. They retain the mobile number initially - but you have to clear your MFA options and resubmit the text phone number to get rid of the app tick box. They appear to say that they will also arbitrarily clear any current app passwords.

That is all consistent with what suddenly happened to my account two weeks ago.

In my OWA experimentation I unticked the "Authenticate SMTP" box. Then discovered that MS will not allow you to tick it again afterwards.

Trying to get the account set for "Send As Aliases" is another Catch-22. Had to borrow a Windows 10 laptop for the required incantations using PowerShell. After overcoming several hurdles - it decided it couldn't find the ConnectExchangeOnline module that it had just apparently installed successfully.

Another nasty change in September 2024 is the mandatory replacing of current desktop Outlook - with a "New Outlook for Windows". People who have been trying it as recently as March 2024 are posting very unhappy comments. MS have long wish-list of features they may eventually add - which would then give similar functionality to the old Outlook.

Some of my informal "users" are refusing to believe MS would do such a thing - but will expect me to get it working again in September. My standard line for several years has been "I have no competence since Windows 7".

I feel you! I retired 3½ years ago after 35 years of working for the same family in two different small businesses. IT was one of my responsibilities (I am self-taught Netware 3.11 to Windows Server 2008, Windows 3.11 to Windows 10). One of the reasons I retired was because I was tired of having to learn new server and desktop OSes, as well as the ever-evolving office applications. I had zero interest in "apps" and no trust in anything cloud related. It annoyed me when coworkers brought me their cell phones looking for help. I was done.

It sounds like you are fighting the similar windmills. Good luck to you!