Microsoft has announced upcoming security changes to Microsoft 365 that are expected to disrupt scan-to-email functionality on multifunction printers (MFPs) beginning March 1, 2026.
These changes affect how devices authenticate when sending email through Microsoft 365. Organizations using legacy authentication methods may experience failures unless action is taken in advance.
This advisory explains what is changing, how to assess your risk, and the solutions AIS recommends.
Multifunction printers and applications are not email servers. While they can create email messages, they rely on Microsoft 365 to deliver them. To do so, they must authenticate using methods Microsoft considers secure.
Microsoft is retiring one of the most commonly used—but least secure—authentication methods. As a result, many scan-to-email configurations currently in use will no longer function after enforcement begins.
Microsoft is permanently removing Basic authentication for Client SMTP Submission (SMTP AUTH).
Basic authentication transmits usernames and passwords in plain text, making it vulnerable to phishing and credential compromise. Microsoft has been phasing this out since 2019, with SMTP AUTH being the final exception.
Microsoft identifies three primary methods used by MFPs and applications to send email:
Organizations using SMTP AUTH with Basic authentication will be impacted by this change.
Microsoft provides a built-in report to help identify affected devices:
Exchange Admin Center Path:
Reports → Mail Flow → SMTP AUTH Clients Submission Report
Key fields to review:
If Basic is listed, that device will require remediation before April 2026.
Option 1: Move to OAuth 2.0
OAuth 2.0 replaces stored credentials with short-lived access tokens and supports advanced security features such as MFA and Conditional Access.
Considerations:
Option 2: SMTP Relay via Microsoft 365 (Recommended)
For most organizations, AIS recommends transitioning MFPs to SMTP relay.
Why this works well:
This approach is especially effective for organizations with a mixed or aging device fleet.
Option 3: Microsoft High Volume Email (HVE)
HVE is a Microsoft preview service intended for internal-only email delivery.
Option 4: Software-Based Scanning Solutions
Modern scanning and workflow platforms can replace traditional SMTP email delivery altogether. These solutions often provide:
AIS can help evaluate whether a software-based approach is appropriate.
AIS is actively working with clients to prepare for Microsoft’s 2026 enforcement deadline. Our team can:
Early planning reduces risk, avoids downtime, and ensures a smooth transition.
Contact Advanced Imaging Solutions (AIS) to schedule a review and ensure your scan-to-email workflows remain secure and operational.