Deprecation of basic authentication for Exchange Online and Gmail
Google and Microsoft deprecated basic authentication for their email services in 2022. Both companies consider Basic authentication as an outdated industry standard, and thus they are suggesting its customer move to OAuth 2.0 token-based authorization.
What has changed?
Microsoft – Outlook: Starting on October 1, 2022, Basic authentication was disabled for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will be an exception and will only be disabled if it is not being used, when it comes to new tenants it will be a configurable parameter disabled by default. Meaning that applications that already use SMTP Auth won’t be affected by these changes and users who want to keep using SMTP Auth will be able to do it. (Source)
Google – Gmail: Starting with May 30, 2022, Google no longer supports Basic authentication and “Less secure app access” option will disappear from the google account management console if it’s not being used. (Source)
What are Qlik's plans for the future?
Qlik follows Google's and Microsoft's recommendations not to use their services for bulkemailing, as both services have restrictive rate limiting in play for their cloud services. This makes the quality of service for supporting OAuth2 credentials on GMail and Exchange for alerting and subscriptions not a suitable option for an enterprise reporting tool to implement.
For that reason, Qlik recommends using a bulk e-mail service such as Sendgrid, Mailchimp, or Mailgun. These services provide purpose-built solutions to handle the volume alerting and reporting solutions produce.
Qlik is currently investigating OAuth2 as an authorization scheme for SMTP from bulk mail solutions.