Microsoft has made some changes to authentication for their hosted email services for business and academic accounts. This article describes these changes and how to adjust to them.
As of October 2024, this information is still evolving and subject to change. Please update Thunderbird to the latest release in order to he the best experience with Microsoft's email services. Due to Microsoft's ever-changing diversity of email servers and deployments, issues can emerge without warning that cause Thunderbird and other non Microsoft email clients to suddenly stop working after working for some time. Table of Contents1 Changes to Authentication2 Changes or problems you may encounter2.1 Your Outlook or Hotmail password no longer works with Thunderbird and you cannot send or receive email2.2 A screen that indicates IT administrator approval is required for the app2.3 An account worked on Thunderbird 102.6.1, but does not work on 102.7.1 or later2.4 IMAP/POP3 work, but SMTP does not work2.5 Calendar does not work3 Where to get help Changes to AuthenticationMicrosoft has instituted the following changes:
Deprecated basic authentication (username/password), and is instead now requiring OAuth authentication. In some cases, SMTP authentication has been completely disabled. For new accounts, SMTP always starts disabled. In addition, there are some restrictions on SMTP that are not currently understood.Microsoft has also changed the way they classify certain clients, and Thunderbird’s previous OAuth setup does not properly qualify as a desktop client. As a result, we he been forced to make configuration changes to Thunderbird, which may he side effects for users.
Changes or problems you may encounterFor outlook.com, hotmail.com, Microsoft 365 (formerly known as Office 365 and often abbreviated as O365) or other Microsoft-hosted email services, you may see the following issues:
Your Outlook or Hotmail password no longer works with Thunderbird and you cannot send or receive email Thunderbird might display an error message similar to: Login to server outlook.office365.com with username youremail@hotmail.com failed. Solution Ensure two-step verification is turned on for your Microsoft account (see Microsoft's Knowledge Base article: How to use two-step verification with your Microsoft account). Enable cookies for Microsoft's Outlook or Hotmail websites in Thunderbird, otherwise you will not be able to log in to your Outlook or Hotmail account using OAuth2 authentication. Click ≡ > Settings > Privacy & Security. Under Web Content section, tick Accept cookies from sites. Click Exceptions… next to Accept cookies from sites to make sure you are not blocking cookies from Microsoft sites, such as outlook.com, hotmail.com or office365.com. Change Thunderbird authentication method for incoming mail (IMAP or POP). Click ≡ > Account Settings. On the left side, click Server Settings for your outlook.com or hotmail.com account. Select Authentication method: OAuth2 (instead of Normal password).
Change Thunderbird authentication method for sending messages (SMTP):
Click ≡ > Account Settings.
On the left side, click Outgoing Server (SMTP).
On the right side, select your Microsoft account and click Edit…
Select Authentication method: OAuth2 (instead of Normal password).
Server Name might need to be changed from smtp.mail.outlook.com to smtp.outlook.com, or from smtp.outlook.com to smtp.office365.com.Warning: As documented by Microsoft, smtp-mail.outlook.com may not work in Thunderbird releases older than 128.4.1.
Click OK to se your changes.
A screen that indicates IT administrator approval is required for the app
You must ask your administrator to authorize Thunderbird – approval must be done, but only once.
Per Microsoft documentation, administrators should visit https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753 and grant the following permissions in order to authorize Mozilla Thunderbird: IMAP.AccessAsUser.All, POP.AccessAsUser.Al, SMTP.Send and offline_access
An account worked on Thunderbird 102.6.1, but does not work on 102.7.1 or later
Try to sign in with a new Thunderbird profile (see Profile Manager - Create and remove Thunderbird profiles for instructions on how to create a new profile).
If a new Thunderbird profile works, we recommend continuing using the new profile.For experienced users who want to keep other changes made in the config editor: Use the Thunderbird profile manager to switch back to the old Thunderbird profile and use the Config Editor to filter for oauth2, find the appropriate server(s), and delete the entries for oauth2.issuer and auth2.scope.
Otherwise, ask for support.
IMAP/POP3 work, but SMTP does not work
If you he a Microsoft 365 business account, ensure that SMTP authentication is enabled or ask your IT administrator to check and turn it on if disabled. Read Microsoft's article Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online for instructions.
If you he a Microsoft 365/Hotmail/etc. personal account, use basic authentication (read Microsoft's guide POP, IMAP, and SMTP settings for Outlook.com for instructions).
Calendar does not work
Thunderbird does not support Exchange calendars. If you are using an add-on or other software to enable calendar, then you will need to seek support from the author of that add-on or software.
Where to get help
If you are a user within a business or academic institution that provides Microsoft accounts, you should seek assistance within your organization.
If you he a personal account through one of Microsoft's hosted services, ask for support.