Versionen vergleichen

Changes to OAuth authentication for Microsoft 365 (formerly Office 365; often abbreviated as “o365”) business and academic hosted email accounts and services.

Microsoft has made some changes to authentication for their hosted email services for business and academic accounts. This article describes these changes and how to adjust to them. {warning}As of October 2024, this information is still evolving and subject to change. Please upgrade to the current release of Thunderbird in order to have the best experience with Microsoft's email services. Due to Microsoft's ever-changing diversity of email servers and deployments, issues can emerge without warning that cause Thunderbird and other non Microsoft email clients to suddenly stop working after working for some time.{/warning} __TOC__ == Changes to Authentication == Microsoft has instituted the following changes: * [https://learn.microsoft.com/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online Deprecated basic authentication] (username/password), and is instead now requiring OAuth authentication. * In some cases, SMTP authentication has been completely disabled. For new accounts, SMTP always starts disabled. In addition, there are some restrictions on SMTP that are not currently understood. Microsoft have also changed the way they classify certain clients, and Thunderbird’s previous OAuth setup does not properly qualify as a desktop client. As a result, we have been forced to make configuration changes to Thunderbird, which may have side effects for users. == Changes or Problems You May Encounter == For outlook&#46;com, hotmail&#46;com, Microsoft 365 (formerly known as Office 365 and often abbreviated as “O365”) or other Microsoft-hosted email services, you may see the following issues: === Your Outlook or Hotmail password no longer works with Thunderbird and you cannot send or receive email === * Thunderbird might display an error message similar to: <code>Login to server outlook&#46;office365&#46;com with username youremail@hotmail&#46;com failed.</code> * Solution ** Ensure two-step verification is turned on for your Microsoft account (see Microsoft's Knowledge Base article: [https://support.microsoft.com/en-us/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4 How to use two-step verification with your Microsoft account]). ** Enable cookies for Microsoft's Outlook or Hotmail websites in Thunderbird, otherwise you will not be able to log in to your Outlook or Hotmail account using ''OAuth2'' authentication. **# Click {menu ≡} > {menu Settings} > {menu Privacy & Security}. **# Under ''Web Content'' section, tick '''Accept cookies from sites'''. **# Click {button Exceptions…} button next to ''Accept cookies from sites'' to make sure you are not blocking cookies from Microsoft sites, such as ''outlook&#46;com'', ''hotmail&#46;com'' or ''office365&#46;com'' ** Change Thunderbird authentication method for incoming mail (IMAP or POP). **# Click {menu ≡} > {menu Account Settings}. **# On the left side, click {button Server Settings} for your ''outlook&#46;com'' or ''hotmail&#46;com'' account. **# Select ''Authentication method:'' {menu OAuth2} (instead of ''Normal password'').<br>[[Image:Tb115-server-settings-oauth2|width=720]] ** Change Thunderbird authentication method for sending messages (SMTP): **# Click {menu ≡} > {menu Account Settings}. **# On the left side, click {menu Outgoing Server (SMTP)}. **# On the right side, select your Microsoft account and click {button Edit…}<br>[[Image:Tb115-SMTP-settings-edit|width=720]] **# Select ''Authentication method:'' {menu OAuth2} (instead of ''Normal password'').<br>[[Image:Tb115-SMTP-settings-oauth2|width=460]] **# ''Server Name'' might need to be changed from smtp.mail.outlook.com to smtp.outlook.com, or smtp.outlook.com to smtp.office365.com. {warning}Note: smtp-mail.outlook.com as [https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040 documented by Microsoft] many not [https://bugzilla.mozilla.org/show_bug.cgi?id=1921313 work in releases older than 128.4.1].{/warning} **# Click {button OK} to save your changes. === A screen that indicates IT administrator approval is required for the app === * You must ask your administrator to authorize Thunderbird – approval must be done, but only once. * Per Microsoft documentation, administrators should visit '''<code>https://login.microsoftonline&#46;com/{tenant-id}/adminconsent?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753</code>''' and grant the following permissions in order to authorize ''Mozilla Thunderbird'': '''IMAP.AccessAsUser.All''', '''POP&#46;AccessAsUser&#46;Al''', '''SMTP.Send''' and '''offline_access''' === An account worked on Thunderbird 102.6.1, but does not work on 102.7.1 or later === * Please try signing in with a new Thunderbird profile (see [[profile manager create and remove thunderbird profiles]] for instructions on how to create a new profile). * If a new Thunderbird profile works, then for most people it is best to continue using the new profile. *;{note} '''More technical folks who want to keep other changes made in the config editor''': Use the Thunderbird profile manager to switch back to the old Thunderbird profile and use the [[Config Editor]] to filter for '''oauth2''', find the appropriate server(s), and delete the entries for '''oauth2.issuer''' and '''auth2.scope'''.{/note} * Otherwise, [https://support.mozilla.org/questions/new/thunderbird/form ask for support]. === IMAP/POP3 work, but SMTP does not work === * If you have a Microsoft 365 business account, ensure that SMTP authentication is enabled or ask your IT administrator to check and turn it on if disabled. Microsoft has some instructions in their article: [https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online]. * If you have a Microsoft 365/Hotmail/etc. '''personal''' account, use basic authentication ([https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-for-outlook-com-d088b986-291d-42b8-9564-9c414e2aa040 Microsoft’s guide] on how to change this). === Calendar does not work === * Thunderbird does not support Exchange calendars. If you are using an add-on or other software to enable calendar, then you will need to seek support from the author of that add-on or software. == Where to Get Help == * If you are a user within a business or academic institution that provides Microsoft accounts, you should seek assistance within your organization. * If you have a personal account through one of Microsoft's hosted services, [https://support.mozilla.org/questions/new/thunderbird/form ask for support].