Microsoft extends Basic Authentication for HVE in Microsoft 365 until 2028

Microsoft has announced that High Volume Email (HVE) in Microsoft 365 will continue to support basic authentication until September 2028.

The idea is to give businesses more time to move to modern authentication methods like OAuth. That’s not all; Microsoft also said it’s cutting some of HVE’s features, and those changes start next month.

No more external emails with HVE in Microsoft 365

Starting next month, you won’t be able to use HVE to send emails outside your organization. It’s going internal-only. Microsoft explains that, “This change is intended to simplify our email offerings and clearly define HVE’s purpose within the Microsoft 365 ecosystem.“

If your systems still need to send bulk messages externally, Microsoft suggests using Azure Communication Services (ACS) instead. You can find setup details and documentation on Microsoft’s official site.

Also read: Microsoft 365 Copilot Chat gets SafeLinks for better user safety

Fewer limits within the tenant

There’s one upside, though. Microsoft is lifting some of the limits introduced during HVE’s preview in April 2024. Under the new rules:

• You can create up to 100 HVE accounts.
• Internal recipient rate limits are gone.

This should make internal use of HVE much more flexible for larger organizations using Microsoft 365.

Also read: Microsoft is now showing Microsoft 365 ads in the PC Manager app

Basic Authentication in Microsoft 365 will stick around for a few years

The biggest update is the three-year extension for Basic Authentication. It’s staying until September 2028. But Microsoft makes it clear this isn’t a long-term solution.

The company is actively encouraging anyone concerned to get switched over to modern authentication as soon as possible to boost their security. Microsoft also says it understands some organizations aren’t ready yet—and that’s the only reason for the delay.