ModerAuth and Jamf's failure to resolve

Email workflows and Microsoft products are a deep part of my past. Although I don't support end users like I used to do, I try to keep up on things.

First, while Modern Auth has been around for a dozen years, that's been interactive Modern Auth. That's intended for clients like Microsoft Outlook where the end user will interactively authenticate with personal credentials and possibly two-factor authentication (2FA) on top of that.

However, Microsoft only introduced non-interactive Modern Auth around July 2023.

https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-client-credential-flow-for-smtp-auth-in-exchange/ba-p/3869966

Service accounts like those used for SMTP server settings have different needs from personal accounts — specifically, we don't want them to expire because it's impractical to have to repeatedly update credentials, and 2FA is impractical because it's usually tied to a personal device.

Also, a while back Microsoft announced the deprecation of simple auth for SMTP for their Exchange Online service.

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

They turned it off by default for new tenants in favor of Modern Auth as well as for tenants they didn't see using it. But they haven't removed it.

Modern Auth for SMTP is a dramatically more secure set of protocols than simple auth, but simple auth has been the industry-standard for many years. Because email is so critical to all sorts of workflows and because systems that use it still need to catch up, simple auth isn't likely going to go away any time soon.

With all that said, you should really check out the Jamf Pro betas to keep on top of what's coming. Log in to your Jamf Account and click Feedback in the sidebar. ;-)