IBM Sterling Ideas

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Post your ideas

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Start by posting ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,
1. Post an idea
2. Upvote ideas that matter most to you
3. Get feedback from the IBM team to refine your idea

Help IBM prioritize your ideas and requests

The IBM team may need your help to refine the ideas so they may ask for more information or feedback. The offering manager team will then decide if they can begin working on your idea. If they can start during the next development cycle, they will put the idea on the priority list. Each team at IBM works on a different schedule, where some ideas can be implemented right away, others may be placed on a different schedule.

Receive notifications on the decision

Some ideas can be implemented at IBM, while others may not fit within the development plans for the product. In either case, the team will let you know as soon as possible. In some cases, we may be able to find alternatives for ideas which cannot be implemented in a reasonable time.

Microsoft Exchange disabling basic Authentication based connections to Exchange online

Microsoft have announced that they will be disabling basic Authentication based connections to Exchange online. Basic Authentication means that the client application passes the username and password with every request. Although simple to setup and use, Basic Authentication makes it easier for attackers armed with today’s tools and methods to capture users’ credentials and increases the chance of credential re-use against other endpoints or services. The announcement by Microsoft is that they will be disabling basic authentication by end of October 2020. This means that new or existing applications using one or more of these API’s/protocols will not be able to use Basic Authentication when connecting to Office 365 mailboxes or endpoints and will need to update how they authenticate.

What you Need to do

You will need to perform the following action to ensure your application now supports OAuth 2.0 when connecting to Exchange online mailbox:

  • If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication.

  • Reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication

The deadline for making changes to you application to support OAuth 2.0 is by end of June 2021.

  • Guest
  • Sep 15 2020
  • Planned for future release
What is your industry? Consumer Products
How will this idea be used?

Running mail itnerfaces

  • Admin
    Ryan Wood commented
    23 Jun 01:13pm

    Good question. You are correct that this solution only works with IMAP and not POP3

    We will update the documentation with that information. I'm told from my team that is an old protocol and we should move to IMAP.

    Is this something that will pose any challenges?

  • Guest commented
    22 Jun 02:39pm

    Hi Ryan, thank you for the update on this. After reading through the related documentation, I just wanted to verify that OAuth 2.0 will only work for IMAP and will not work for POP3, is that correct? Thanks.

  • Admin
  • Admin
    Ryan Wood commented
    22 Jun 01:16pm

    Hello all, thank you for all the feedback and participation for this request. We are happy to announce availability of the enhancement to the B2B Mail Client Adapters to support OAUTH modern authentication ahead of Microsoft's planned deprecation of Basic Authentication.

    Please find the details here of the rollout schedule:

    Our goal in making this enhancement available is to align to upcoming releases as to mitigate issues that come from unique hot fixes. If you have any questions or concerns, please reach out. More information will be published over the next few weeks with additional guidance and documentation.

  • Admin
    Ryan Wood commented
    5 Apr 01:45am

    Hi Con, thank you for your note. I'd like to discuss this in further detail with you and members of our Engineering team. Could you please send me an email at so we may set up a meeting?

  • Guest commented
    4 Apr 01:53am

    Hi Ryan - as a Sterling developer across many customer sites in Australia / APAC I see this becoming more urgent. Many customers will be impacted if left without modern authentication to MS 0365 "Email". They are currently all using B2B Mail Client Adapters with POP or IMAP for receiving & SMTP Adapters for Sending - (with multiple accounts).

    I see this article which looks to be related and has Java level implementations.

    Although we could write something that can establish a connection (from an external program) - getting this to align and work with the next steps of receiving emails & MIME processing with Sterling, may not be well integrated from a completely external API. Needing to get this Connection & Authentication embedded into an Adapter.

  • Admin
    Ryan Wood commented
    30 Mar 07:30pm

    Microsoft has recently published updated guidance to their customers

    Of note is the following

    "SMTP AUTH will still be available when Basic authentication is permanently disabled on October 1, 2022"

    While we still want to address the concern with basic auth with SMTP in B2Bi, it does not look like it will affect the SMTP adapter in B2Bi after this cut off date.

    However, we still utulize IMAP and POP. I understand the concern and we are working to provide a firmer response to this RFE. Please feel free to reach out if you would like to discuss in further detail with your team.

    Ryan Wood -

  • Guest commented
    27 Jan 12:25pm

    I'm voting for and asking for any ETA for this requirement so that the same can be communicated to our IT teams as they are pushing on this and need ETA on when they can disable the basic authentication.

  • Admin
    Ryan Wood commented
    29 Sep, 2021 08:10pm

    Hello all, we seem to have duplicate entries on this enahncement. I'll keep this one updated as well.

    Microsoft has released the following update:

    Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that)."

    We are continuing to monitor this and test our exposure and working with other IBM teams to ensure we have a common approach across our Sterling platforms to address this requirement before October 1, 2022

  • Guest commented
    28 Sep, 2021 07:08am

    Hi Ryan,

    Can you provide any ETA for this requirement so that the same can be communicated to our IT teams as they are pushing on this and need ETA on when they can disable the basic authentication.

  • Admin
    Ryan Wood commented
    27 Sep, 2021 07:46pm

    Thank you all for the continous feedback and guidance you're receiving from your Microsofts team. The following update by Microsoft was called to our attention:

    Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that).

    We are continuing to research to determine the risk this poses to our community, (given the option to re-enable), and keeping up with latest security standards (which would include deprecating basic authentication).

    We will be reaching out to those interested in this RFE as we get closer to ensure we are on track to meet your business requirement.

  • Guest commented
    27 Sep, 2021 01:22pm

    Hi Ryan,

    I would like to understand the status on this requirement as we have been getting pushed from our organization to implement the Modern Authentication on our SI mailboxes by end of Oct 2021. We have raised the same to them as well and would like to understand if you will be able to help out to get on a call with out SMTP teams to understand and get on a plan for this implementation.

    You can reach out to me on -

    Awaiting your feedback.

  • Guest commented
    2 Jun, 2021 01:02pm

    Please see information below from our Office 365 ADMIN -

    Microsoft allowed us to temporarily turn basic authentication back on following the incident on May 6th. This will buy us some time but we’ll likely lose the ability to flip this bit when they fully deprecate basic authentication later in the year. We don’t have an exact date but the consensus is 2nd half of 2021.

    IBM should consider the Graph API solution which allows non-interactive sign-ins.

  • Admin
    Ryan Wood commented
    18 May, 2021 02:29pm

    Hello all, we are prepared to start working on this enhancement. In digging into the requirement we have studied the communication from Microsoft a bit more and found the following verbiage:

    Today, we’re excited to announce the availability of OAuth 2.0 authentication for IMAP and SMTP AUTH protocols to Exchange Online mailboxes. This feature announcement is for interactive applications to enable OAuth for IMAP and SMTP. At this time, there are no plans to enable IMAP and SMTP OAuth for non-interactive applications using client credentials flow. For that, we suggest to use our Graph API.

    As you can see, IBM Sterling B2B Integrator, does NOT conduct an 'interactive session' - it is a 'non-interactive' process

    At this point we need more information on this request. I'm requesting those following this request to please help with the following:

    1) Open a support ticket with your IT staff that manages your Microsoft SMTP Servers (if possible, have that team open a support ticket directly with Microsoft)

    2) Engage myself ( - I will bring my developers to the call to ensure we all understand the requirement and have clear cut dates from Micrsoft on the cut over and the scope of the change.

    Any questions or concerns please reach out to me.

  • Guest commented
    18 May, 2021 05:44am

    Hi Ryan,

    Is there any more updates on this request. What is the estimated time that this will be available in the product so we can plan on upgrading.

    Are there any thoughts of adding this feature as part of a Patch to Version 6.0 or the direction will be to upgrade to 6.1?

  • Guest commented
    29 Apr, 2021 09:09pm

    Hi Ryan Wood ,

    There are planning to disable the basic auth by the end of month september-october. Do we have any update on the developemnt of this part. If you can want , we can connect over a call for the same

  • Admin
    Ryan Wood commented
    16 Apr, 2021 04:09pm

    April 2021 Update - We are tracking this item for delivery this year on the 6.1 stream. We are still looking for a firm date from Microsoft on this cut over. If anyone has additional information, or is willing to open a ticket with Microsoft and work with IBM, please reach out to me directly

  • Guest commented
    7 Apr, 2021 06:37am

    Hi Ryan Wood,

    Could you please advise when this enhancement will be ready?

    We have been asked to disable basic authentication and move to OAUTH2.0 by 30th June 2021.

    We have multiple Trading partners using mail client adapter and it is a critical interface.



  • Admin
    Ryan Wood commented
    26 Feb, 2021 01:45am

    We have accepted this request for enhancement. We understand Microsoft has extended this deadline until the end of 2021

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.