Microsoft has been progressively retiring legacy authentication protocols (Basic auth, IMAP/POP with passwords, legacy SMTP, RPS) from Exchange Online and the wider M365 platform since the late 2010s. The 2026 round of changes are the ones that have less wiggle room than before — deferrals are running out, and organisations still relying on older methods need to identify dependencies and plan remediation now.
The usual culprits in an SMB environment: a multi-function printer scanning to email via SMTP with a stored password. A legacy line-of-business app using IMAP for a shared mailbox. A specific user's email client that has worked fine for years and would inconveniently stop working without warning.
The remediation isn't difficult. It's modern auth on the printer (or app passwords). It's an upgraded mail-flow path for the LOB app. It's a quick reconfiguration of the user's client. But it has to be identified first — which means an inventory exercise this quarter, not a fire drill when the cut-off date arrives.