OAuth2 is REQUIRED now for MS Outlook email, now I get prompts for passwords
I got an email from Microsoft saying my Live.com or Outlook.com email accounts won't be supported in Thunderbird UNLESS I change the settings to OAuth2 in incoming and outgoing server settings.
I even REMOVED the email account and re-added it making sure it was OAuth2.
But for my live.com & outlook.com email accounts I continually get prompts for passwords from Thunderbird. Sometimes I can't even click the RED X at the upper right to shut the prompt down. I just happens over and over until I give it what it wants.
I am tempted to shut down all Microsoft email accounts and switch to Gmail.
I have Thunderbird version 115.12.2 (64-bit) I used Windows 11 23H2 build 22631.3810 Windows Feature Experience Pack 1000.22700.1020.0
Any idea how to stop these prompts?
I like Thunderbird much more than any other email program I have ever used, and would like to keep it
Chosen solution
I just wanted to say I was JUST ABOUT to delete most if not all of my outlook.com accounts because of the constant nagging me for passwords and then the problem resolved itself...I HOPE.
An update to Nebula seemed to fix it. I hope it stays fixed!
Fingers and toes crossed!
Read this answer in context 👍 1All Replies (11)
re :I see that nicksasso21 may be having a similar issue (but with Office365), where you asked for the Access Error Code info,
In that error console information it said: mailnews.smtp: Command failed: 535 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
The link mentioned in error console : https://aka.ms/smtp_auth_disabled That link goes to this location - I specifically include the info on 'enable smtp': https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#enable-smtp-auth-for-specific-mailboxes
The user discovered they were not enabled for SMTP. After switching it on - all now works. So I managed to help them sort out their issue.
Let's recheck your errors again In Error console. After clearing and restarting thunderbird then do a send - but create a new write message - do not use a message presaved in drafts - do not save in drafts. Then check error console - upload an image.
I have not been able to get Thunderbird to work with my outlook.com email address. W10/32 bit fully patched Thunderbird 128.2.3esr (32 bit) POP Mail Server outlook.office.365.com, port 995
- my "user name" which is my email xxxx.outlook.com
SSl/TLS OAuth2
- In SMTP Server**
outlook.office365.com 465 SSL"TLS OAuth2 xxxx@outlook.com
I should have mentioned that I DO NOT have an office365 account.
Logging to www.outlook.com with my UN (=outlook.com email address) and password works. Although the lack of a way to turn off the MS spam filtering makes it useless. I have put some MS thing on my phone and I think I had to do some 2FA thing at least once when bringing up www.outlook.com.
I should have included that I DO NOT have an office365 account.
Help please.
Modified
Sorry for the delayed response, had to deal with loss of power and other minor damage due to hurricane.
I restarted Thunderbird, captured the Mail and News Account, cleared error code console, sent new email, which failed and ask to retry, I retried and failed, then cancelled the email. Here is the output from the error code console, as an image.
Thanks.
EDIT: Installed Win 11 on another computer, installed Thunderbird v128.3.0esr, let it automatically assign IMAP and SMTP (using my hotmail.com email creds). It assigned SMTP with outlook.office365.com (587, STARTTLS, OAuth2). It will not send email neither. In the error code console (see third image), there is an extra line, right after the initial 535 error, stating:
"Error during AUTH XOAUTH2, sending empty response"
I deleted, uninstalled, removed profile, reinstalled Thunderbird, manually used smtp.office365.com (OAuth2 was listed) with same result. I repeated this and then tried smtp.outlook.com, but OAuth2 does not show up in the pulldown list (same as on Debian).
Modified
CSmith,
I have a related question and got the following response from David:
david
Top 10 Contributor
10/2/24, 12:19 PM
the outgoing server should be smtp.office365.com, STARTTLS, port 587 Oauth2
I still can not received messages from outlook with TB but with the SMTP settings David suggested I can send email from TB. The whole story, so far, is in the question:
"Thunderbird fails to log into outlook.com now that 2FA is required"
by CCDman12
good luck
CCDman12,
Thanks for the suggestion, but as stated above, I already tried outlook.office365.com, smtp.office365.com and smtp-mail.outlook.com with no joy.
I checked out your thread and noticed you are using POP instead of IMAP, I use IMAP and I get my email but can't send. Have you tested using IMAP instead (outlook.office365.com, port 993, SSL/TLS, OAuth2)?
CCDman12 said
CSmith, I have a related question and got the following response from David: david Top 10 Contributor 10/2/24, 12:19 PM the outgoing server should be smtp.office365.com, STARTTLS, port 587 Oauth2 I still can not received messages from outlook with TB but with the SMTP settings David suggested I can send email from TB. The whole story, so far, is in the question: "Thunderbird fails to log into outlook.com now that 2FA is required" by CCDman12 good luck
now that 2FA is required....
You do not use F2A - you said in Thunderbird pop account are using 'Authentication Method : Oauth2' for both incoming and out. Assuming you have set up Settings correctly and have enabled cookies in Thunderbird, then you would get prompted to enter password - that is your normal password for your account and then you get another screen asking you to allow Thunderbird access to server by clicking on 'Accept'. If you have 2FA enabled then server gets confused because it's expecting you to a have created an app specific password, but when setting up Oauth2, it's expecting normal password and then it sets up an oauth token which is used by Thunderbird to access server.
But I'm curious to know how you got smtp to work - did you get asked for password ? Did you enter the 'normal password' and the clickon 'Accept' or did you enter the 'app specific password' ?
CSmith At this moment in time , vave you got 2FA enabled or not?
The server settings as per image look ok, but naturally, it does not confirm the User Name is correct. Talking only here about SMTP server settings - Username needs to be the full email address of the primary account. In Account Settings - select name of account and click on the 'Edit SMTP_server' button. Some people may have a hotmail email address and also that hotmail account allowed some additional/alias email addresses. But to send you might need to use the primary not the alias email address. Confirm email address is primary and it's the full correctly spelt no typos email address.
Then Check in stored passwords that the 'User name' is full email address with no typos eg: no commas instead of full stop/period and no hidden extra spaces. In stored passwords for hotmail user name - do you see two lines - oauth:// and also smtp://... ?
Toad-Hall,
I wanted to experiment before responding. To answer your questions:
Yes, I turned on two-step verification, then used the 2FAS authenticator app from my phone to add for hotmail, as shown in the video. https://youtu.be/xZbn8EHyQhM
As for email address, the email information is correct and same for both IMAP and SMTP. Note that this is my only address on hotmail.com; I got it back in the late 90's- early 20's, not sure if MS bought it by then or not. At some point (2012-2014) MS gave us an option to switch to @outlook.com or keep our @hotmail.com email address, I decided to keep hotmail.com address. Didn't change the password setup (other than periodically change my password) until now, having to switch to OAuth2.
The Saved passwords contain three entries for hotmail, as shown in image below.
As an experiment, from my Windows system, I created a new outlook.com account, uninstalled Thunderbird, along with the AppData from Roaming and Local folders. Installed Thunderbird, went through the steps and allowed Thunderbird to automatically detect using my new outlook.com email address and it selected the same information to set up IMAP and SMTP with OAuth2. It popped up a web page asking for my password and that was it. Checking outlook.com Security, it showed that Two-setup verification was off. I was able to send email.
Next, I turned off two-step verification, added my hotmail account again to Thunderbird. When setting it up, it asks for my password. Thunderbird populated mailbox folders from hotmail, then I tried sending an email, but it again asked for my password only (no verification with two-step off) and still won't send email. So the issue is not my 2FAS app generated code. Other than email address differences, everything else is the same in Thunderbird for IMAP and SMTP.
What I don't understand is if IMAP can connect using my password via OAuth2 and download my email, then why doesn't SMTP via OAuth2 like my password (note that I copy/paste my password from my password manager) in sending email.
I assume that without two-step, OAuth2 is just using SSL/TLS to protect the transmission of the password.
Is there something else I can check on hotmail, to compare with outlook account?
Thanks.
Toad-Hall,
You were correct on aliases.
I've been using www.pobox.com as an email relay to keep a common email address, even if I switch email providers. When someone sends an email to my pobox.com, it gets routed to my current email provider. In Thunderbird, I have it set up Reply-to-Address to the pobox.com email address.
However, some people were getting confused on whether my email address was hotmail.com or pobox.com, as it would show the From as hotmail.com, but when they reply, it shows pobox.com. So, I added the pobox.com as an alias and made it my primary...
This was causing the issue, fixed when I made my hotmail.com the primary. I guess I'll have to explain when people ask again :).
Thanks for you help.
csmith11 said
Toad-Hall, You were correct on aliases. I've been using www.pobox.com as an email relay to keep a common email address, even if I switch email providers. When someone sends an email to my pobox.com, it gets routed to my current email provider. In Thunderbird, I have it set up Reply-to-Address to the pobox.com email address. However, some people were getting confused on whether my email address was hotmail.com or pobox.com, as it would show the From as hotmail.com, but when they reply, it shows pobox.com. So, I added the pobox.com as an alias and made it my primary... This was causing the issue, fixed when I made my hotmail.com the primary. I guess I'll have to explain when people ask again :). Thanks for you help.
Many thanks for the feedback and info, but can you just clarify something... re So, I added the pobox.com as an alias and made it my primary Are you saying - in Thunderbird, 'Account Settings' for account name you had clicked on 'Manage Identities' and added pobox.com email address and then set it up as the default identity ? So you just had to reselect hotmail address as default identity ?
Sorry for the confusion, in my hotmail/outlook account, I had to change the email address from pobox.com back to hotmail.com as the primary alias (see image below).
Within Thunderbird, I have it set to log in as the hotmail.com address/password, but in the account settings, I have Default Identity set to my pobox.com address.
When I had it set in hotmail qwith the primary alias as popbox.com, before they forced OAuth2, everything worked well. However with this change, this may now be seen as spam when I send out an email...so I have to tell everyone I send email to check their spam and mark it as not spam.