I can't set up Thunderbird to cope with 'modern authentication' on my Hotmail account, using a local Windows account on Windows 10
I use Thunderbird 115.12.2 (64-bit) with Hotmail, using a local account on Windows 10. Microsoft is introducing 'modern authentication' on Hotmail, and I want to be ready for this, but I cannot follow the guidance at https://support.microsoft.com/en-gb/office/modern-authentication-methods-now-needed-to-continue-syncing-outlook-email-in-non-microsoft-email-apps-c5d65390-9676-4763-b41f-d7986499a90d
If I try to alter my existing Thunderbird Account Settings for my Hotmail account, the authentication method for Outgoing Server (SMTP) is shown as Normal Password but there is no option to change it to OAuth2. If I delete and recreate my Hotmail account in Thunderbird, I get an error message from Microsoft saying that I cannot log in because my browser is not set to allow cookies -- even though I believe I have set both Thunderbird and Firefox (my default browser) to allow cookies.
Chosen solution
Since Microsoft recently demanded OAuth2 authentication, I've been trying everything I found here and at Microsoft, but every 'help' webpage to setup Hotmail and Thunderbird seem badly outdated.
For those people that have been going through the same issues, here is what I found that finally got it working again: After enabling 'cookies' in Thunderbird, you need to add 3 websites to the Exceptions area in Settings/Privacy & Security, Web Content, Exceptions - https://hotmail.com, https://office365.com, https://outlook.com
Next steps: 1. If your incoming server is set to imap.hotmail.com (or possibly imap.outlook.com), OAuth2 seems to give an "unsupported" error and the server needs to be changed to outlook.office365.com. You may get a message about your filters for the server, but my filters only accessed the inbox and were fine after Thunderbird restart. 2. SMTP server also needs to be changed to smtp.office365.com (from hotmail.com or outlook.com) and then the OAuth2 option becomes available.
After restarting Thunderbird, I got the Hotmail login popup window and 'allowed' Thunderbird access again and it seems to now saved the 'app password' that gets around the Authentication need. Hopefully, someone can remove and/or update all of the webpages with outdated information.
Read this answer in context 👍 15All Replies (5)
Thank you David. I've tried what you suggest and it doesn't solve my problem. I can't get Thunderbird and Hotmail to work with the new authentication requirements, and each time I try (and fail) I lose the ability to access Hotmail until I've put back my Windows 10 installation to an earlier Restore point. I wonder whether anyone else has encountered such difficulties?
Lots of folk have issues.
Cause one can be often down to the antivirus in use.
Cause two is often the fact that cookies in Thunderbird have been disabled.
But primarily I am guessing you are changing the server name. This does not enable any oauth list entry that may be available for that server. You have to close Thunderbird and reopen it. Then the entry will be in the list for you to select.
I tried filing a bug, it was promptly dumped into the black hole of this one. https://bugzilla.mozilla.org/show_bug.cgi?id=1800271 Form is apparently more important than function was my takeaway.
Chosen Solution
Since Microsoft recently demanded OAuth2 authentication, I've been trying everything I found here and at Microsoft, but every 'help' webpage to setup Hotmail and Thunderbird seem badly outdated.
For those people that have been going through the same issues, here is what I found that finally got it working again: After enabling 'cookies' in Thunderbird, you need to add 3 websites to the Exceptions area in Settings/Privacy & Security, Web Content, Exceptions - https://hotmail.com, https://office365.com, https://outlook.com
Next steps: 1. If your incoming server is set to imap.hotmail.com (or possibly imap.outlook.com), OAuth2 seems to give an "unsupported" error and the server needs to be changed to outlook.office365.com. You may get a message about your filters for the server, but my filters only accessed the inbox and were fine after Thunderbird restart. 2. SMTP server also needs to be changed to smtp.office365.com (from hotmail.com or outlook.com) and then the OAuth2 option becomes available.
After restarting Thunderbird, I got the Hotmail login popup window and 'allowed' Thunderbird access again and it seems to now saved the 'app password' that gets around the Authentication need. Hopefully, someone can remove and/or update all of the webpages with outdated information.
Modified
Many thanks -- David, Matt and KT -- for all your kind suggestions. The advice given by KT seems to be closest to my eventual solution, but there were other points that arose before I got the final answer in my case.
(a) I hadn't previously set up 2FA on my Microsoft account, and it seemed to require this. (b) I was unable to log on to my Microsoft account when my VPN (ExpressVPN) was running; simply pausing the VPN while I logged on solved this, and my Hotmail is now working perfectly in Thunderbird with the VPN running and without being logged in to Microsoft. (c) Hotmail syncs with my iPhone, and this stopped working; however, I simply had to re-enter my usual Hotmail password on the phone to get it working again.
I think it's irresponsible of Microsoft to be migrating to OAuth2 without publishing comprehensive guidance which an average home user can follow, and I assume that large numbers of users of Thunderbird and other email clients will be locked out of their Outlook/Hotmail email accounts come September. I would have been devastated if I'd had to move away from Thunderbird (which I love) or from Hotmail (which I've been using since it was launched nearly 30 years ago).