Microsoft OAuth Authentication and Thunderbird in 2024

Revision Information
  • Revision id: 275525
  • Created:
  • Creator: Roland Tanglao
  • Comment: disclaimer that things could break, add cookies and 2fa note
  • Reviewed: Yes
  • Reviewed:
  • Reviewed by: rtanglao
  • Is approved? Yes
  • Is current revision? No
  • Ready for localization: No
Revision Source
Revision Content

Microsoft has made some changes to authentication for their hosted email services for business and academic accounts. This article describes these changes and how to adjust to them.

As of January 2024, this information is still evolving and subject to change. Due to Microsoft's ever evolving diversity of email servers and deployments, issues can emerge without warning that cause Thunderbird and other non Microsoft email clients to suddenly stop working after working for some time.

Changes to Authentication

Microsoft has instituted the following changes:

  • Deprecated basic authentication (username/password), and is instead now requiring OAuth authentication.
  • In some cases, SMTP authentication has been completely disabled. For new accounts, SMTP always starts disabled. In addition, there are some restrictions on SMTP that are not currently understood.

Microsoft have also changed the way they classify certain clients, and Thunderbird’s previous OAuth setup does not properly qualify as a desktop client. As a result, we have been forced to make configuration changes to Thunderbird, which may have side effects for users.

Changes or Problems You May Encounter

For outlook.com, hotmail.com, Microsoft 365 (formerly known as Office 365 and often abbreviated as “o365”) or other Microsoft-hosted email services, you may see the following issues:

Your Outlook or Hotmail password no longer works with Thunderbird and you cannot send or receive email.

  1. IMAP (or POP): Click > Account Settings > On the left side, click Server Settings for your outlook.com or hotmail.com account > select Authentication method: OAuth2 (instead of Normal password).
    tb115-server-settings
  2. SMTP:
    1. Click > Account Settings > On the left side, click on your outlook.com or hotmail.com account e.g. thunderbirdrocks@hotmail.com > Edit SMTP server…
      tb115-smtp-settings
    2. Select Authentication method: OAuth2 (instead of Normal password) > OK.
      tb115-smtp-oauth2-setting


A screen that indicates IT administrator approval is required for the app

  • You must ask your administrator to authorize Thunderbird - approval must be done, but only once.

Per Microsoft documentation, administrators should visit https://login.microsoftonline.com/{tenant-id}/adminconsent?client_id=9e5f94bc-e8a4-4e73-b8be-63364c29d753 and grant the following permissions in order to authorize Mozilla Thunderbird: IMAP.AccessAsUser.All, POP.AccessAsUser.Al, SMTP.Send and offline_access

An account worked on Thunderbird 102.6.1, but does not work on 102.7.1 or later

  1. Please try signing in with a new Thunderbird profile (see Profile Manager - Create and remove Thunderbird profiles for instructions on how to create a new profile). If a new Thunderbird profile works, then for most people it is best to continue using the new profile. More technical folks with other config editor changes: Use the Thunderbird profile manager to switch back to the old Thunderbird profile and use the config editor (see Config Editor) to filter for oauth2, find the appropriate server(s), and delete the entries for oauth2.issuer and auth2.scope
  2. Otherwise, ask for support.

IMAP/POP3 work, but SMTP does not work

Calendar does not work

  • Thunderbird does not support Exchange calendars. If you are using an add-on or other software to enable calendar, then you will need to seek support from the author of that add-on or software.

Where to Get Help

  • If you are a user within a business or academic institution that provides Microsoft accounts, you should seek assistance within your organization.
  • If you have a personal account through one of Microsoft's hosted services, ask for support.