Deprecation of Basic authentication in Exchange Online

Microsoft will permanently disable Basic authentication for specific protocols in Exchange Online starting from October 1, 2022. This impacts customers running bot for email automation that connect to Exchange Online using IMAP, POP3, or EWS protocols with Basic authentication.

Important: We have updated the Email package and Email trigger with newer versions as mentioned below:
Package or trigger New version Old version
Email package
  • Version: 3.14.3-20220923-220748
  • Filename: bot-command-email-3.14.3.jar
  • Version: 3.14.1-20220831-084727
  • Filename: bot-command-email-3.14.1.jar
Email trigger
  • Version: 2.8.3-20220923-171042
  • Filename: bot-trigger-email-2.8.3.jar
  • Version: 2.8.1-20220831-123116
  • Filename: bot-trigger-email-2.8.1.jar
We recommend that you update your impacted bots with the new versions as they are compatible with the upcoming Automation 360 v.27 release. If you continue to use the old versions and update to Automation 360 v.27 release, you might encounter issues when importing or exporting of bots or when uploading the old versions of the Email package or trigger to Automation 360 v.27. To resolve this issue, see the workaround provided in Everything about Basic Authentication deprecation in Microsoft Exchange online (A-People login required).

We will provide a new version of the Email package with OAuth 2.0 support in an upcoming Automation 360 package-only release by the week of August 29, 2022.

To ensure that your existing bots that are using Basic authentication in Exchange Online are supported after Basic authentication is deprecated, we recommend that you update the bots to use OAuth 2.0. To identify the Automation 360 bots that are using Basic authentication in the Email package or Email trigger, use the Bot Scanner to scan bots. This helps you to plan your efforts to update your existing bots to OAuth 2.0 in Automation 360.

Update Automation 360 bots to use OAuth 2.0

Update scenario for updating bots using Basic authentication to use OAuth

  1. Update to the latest Automation 360 release.

    Update Automation 360 to latest version

  2. Back up the Control Room repository.

    Integrating Control Room with Git repositories

  3. Identify bots that are using Basic authentication using the Bot Scanner.

    Scan bots for Basic authentication

  4. Download the latest version of the Email package and add it to your Control Room.

    Add packages to the Control Room

  5. Update the bots that are using Basic authentication in the Connect, Send, Forward, or Reply actions or Email trigger to use OAuth 2.0.

    Update bots using Basic authentication to OAuth 2.0

  6. Verify that the updated bots can be deployed.
    Run a bot
    Note: You can update your bots to use OAuth 2.0 in one environment (for example, development or DEV) and then move these bots to another environment (for example, UAT and production or PROD) without updating the bots in each environment.

Protocols impacted for Basic authentication deprecation

Microsoft is removing the capability to use basic authentication in Exchange Online for these specific protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell.
Note: SMTP AUTH is excluded from this deprecation.
Any client (for example, user app, script, or integration) using Basic authentication for one of the affected protocols will not be able to connect to Exchange server starting October 1, 2022. An HTTP 401 error (bad username or password) will be displayed.
Note: Any app using OAuth 2.0 for these same protocols will not be impacted.

For more information, see Basic authentication deprecation in Exchange Online – Updates.

Update bots using Basic authentication to OAuth 2.0

You should update your bots that are using Basic authentication to OAuth 2.0 in the Connect, Forward, Reply, and Send actions of the Email package and Email trigger before Basic authentication is deprecated.

Note: This procedure is applicable to both Automation 360 Cloud and On-Premises customers.
Prerequisites

Procedure

  1. Log in to your Control Room as Bot Creator.
  2. Select the bot that was identified in the Bot Scanner report for updating.
  3. Check out the bot to edit it.
  4. In the Bot editor, click the vertical ellipsis in the top right-corner and click Packages.
  5. Expand the row for the Email package.
  6. From the drop-down list of package versions, select the Default version.
    Note: For Email package, ensure that the package version is 3.14.1-20220831-084727 or later. For Email trigger, ensure that the package version is 2.8.1-20220831-123116 or later.
  7. Click Change Version and Save.
  8. Click Return to editor.
  9. Click the Email action or Email trigger that is using the Basic authentication mode.
  10. Click the Email server or EWS server option.
  11. In the Authentication mode drop-down list, choose the required OAuth 2.0 mode.
    Note: For unattended Email automation, use Client credentials or ROPC flows, and for attended Email automation, use Implicit or PKCE flows. Microsoft does not recommend the use of ROPC and Implicit legacy flows. Therefore, we recommend that you either use the Client credentials or PKCE flow.

    The following table provides information about the OAuth 2.0 authentication modes that are available for Email action in the Email server and EWS server options:

    Email actions Email server EWS server
    Connect
    • OAuth2 – Authorization code with PKCE
    • OAuth2 – Client credentials
    • OAuth2 – ROPC
    • OAuth2 – Implicit
    • OAuth2 – Authorization code with PKCE
    • OAuth2 – Client credentials
    Send OAuth2 – Authorization code with PKCE
    • OAuth2 – ROPC
    • OAuth2 – Implicit
    • OAuth2 – Authorization code with PKCE
    • OAuth2 – Client credentials
    Forward OAuth2 – Authorization code with PKCE --
    Reply OAuth2 – Authorization code with PKCE --

    The following table provides information about the OAuth 2.0 authentication modes that are available for Email trigger in the Email server and EWS server options:

    Triggers Email server EWS server
    Email trigger OAuth2 – Client credentials OAuth2 – Client credentials
  12. Depending on the authentication mode that you selected, you might have to update some of the following fields:
    • Username: Enter the username that you want to use to access the mail server.

      For example, john.smith@myCompanyName.com

    • Password: Enter the password for the username you provided.
    • Email provider: Select the email provider from the drop-down list.
    Note: For Client ID, Tenant ID, Redirect URI, and Client secret options, use the information that is provided for your account on your Azure portal.

    See Email package and Add an email trigger.

  13. For EWS server, click Test connection to sign in to your account, accept the permissions requested to authenticate, and establish a connection with the server.
    Note: In the Microsoft Azure app registrations portal, in Manage > Authentication, ensure that the URI you have added is either https://outlook.office365.com or https://outlook.office365.us for the connection to work properly.
  14. Click Save.

Repeat these steps for all the impacted bots and run the bots to ensure that they can connect to Exchange Online using OAuth 2.0 successfully.

Install the trigger listener file

To use the Email trigger with OAuth 2.0, you have to update the triggerlistener.jar in the Bot Agent.

  1. In the Windows Task Manager, stop the Automation Anywhere Bot Agent service.
  2. Go to the folder where the Bot Agent is installed (C:\Program Files\Automation Anywhere\Bot Agent).
  3. Locate the triggerlistener.jar file and rename the file to triggerlistener.jar_old.
  4. Copy the downloaded triggerlistener.jar.
  5. In the Windows Task Manager, start the Automation Anywhere Bot Agent service.

Other resources