Basic Authentication Transition Guidance: Thunderbird, GMAIL, IMAP, POP, Authenticated SMTP

This guide is aimed at users employing Thunderbird or other non-Apple, non-Microsoft mail programs.

IMAP, POP, Authenticated SMTP: These older email retrieval and sending protocols are used by a wide range of email programs on Windows PCs, macs, and mobile devices. While these protocols are capable of using modern authentication, in your case they are not currently configured to do so since your email client app was originally set up to use basic authentication.

Device Type Operating System Version Email Application
Windows 8.0 or later Outlook 2016 (exchange only, no POP or IMAP)
Outlook 2019 (exchange only, no POP or IMAP)
Outlook – Office 365 (exchange only, no POP or IMAP)
Windows 10 Mail (exchange only, no POP or IMAP)
Thunderbird V78 or later
Mac 10.14 or later Apple Mail
Outlook 2019 for Mac (exchange only, no POP or IMAP)
Outlook for Mac – Office 365 (exchange only, no POP or IMAP)
10.13 or later Thunderbird v78 or later
iOS (iPhone, iPad) 11.3.1 or earlier Apple Mail
Outlook for iOS
Android 8.0 or later Outlook for Android
Linux Thunderbird v78 or later
Outlook on the web

If the OS/app combo does not support modern authentication, then you will need to find a combo that does. In that case, SSD users should please contact SSCS for help.

If you are an Outlook 2019 or 365 user whose account is configured using the POP or IMAP protocol, you’d just need to follow the below instructions to delete your account and re-add it as an Exchange account. If you’d like to continue using the POP or IMAP protocol, you can download and install the Thunderbird email program, which supports these older protocols using modern authentication.

Fix: It is important to understand that you must be using a supported combination of OS and email program. The supported combo must be configured to use modern authentication if it is currently using basic authentication. In general, you will first need to determine if the OS and app combo is compatible with modern authentication. If it is, you will need to remove the email account, delete saved email account credentials (from within the Control Panel’s Credentials Manager in Windows, or from within the Keychain Access program in MacOS), then re-add the email account and do the initial 2FA Duo login.

As an alternative, you can always access email via the web: https://outlook.office365.com/

The correct settings for all email programs are shown below:

  • Incoming: IMAP4 Server Hostname: outlook.office365.com Port: 993 TLS Authentication: Oauth2
  • Incoming: POP3 Server Hostname: outlook.office365.com Port: 995 TLS Authentication: Oauth2
  • Outgoing: SMTP Server Hostname: smtp.office365.com Port: 587 STARTTLS Authentication: Oauth2

Step by Step Instructions

Windows Outlook Users

  • Open Outlook
  • File > Account Settings > Account Settings…

  • Delete Account
  • Go to the Credentials Manager in the Control Panel and click the Windows Credentials tab

  • Delete the saved Outlook credentials

  • Go back to Outlook and re-add your account, doing the initial 2 factor authentication.

Here’s how to ensure Outlook for Windows is using modern authentication:

  • Open Outlook
  • Look for the Outlook icon in the system tray. You may need to click on the upward-pointing arrow to reveal it. Hold down the Ctrl key and make a right click on this icon

  • In the pop-up menu that appears, click on “Connection Status”

  • Find the connections to the server “https://outlook.office365.com . . .” and check their “Authn” status. If it is “Bearer,” then Outlook is configured with Modern Authentication. If it says “Clear,” then it’s using basic authentication. In that case you need to delete the account from Outlook, delete the saved Outlook credentials in the Credentials Manager, and then re-add the account. Check afterwards to be sure it’s now using modern authentication.

Windows Thunderbird Users

The end of Basic Authentication particularly affects Thunderbird users whose Thunderbird program was configured to get U of C email prior to November 2020. Thunderbird has only recently supported “modern authentication.” Prior to that, Thunderbird was capable only of basic authentication. If your Thunderbird was set up prior to November of 2020, you will need to update Thunderbird and change your email’s authentication method using the instructions below.

  • Open Thunderbird
  • Click Help in the menu bar > About Thunderbird

  • Click Check for Updates and wait until the updates download. Click Update. Continue checking for updates until your Thunderbird is on version 78 at the earliest.

  • Click Tools > Account Settings

  • Select your uChicago email > click ‘Server Settings’ > select ‘Oauth2’ from the dropdown menu next to ‘Authentication method’

  • Click Outgoing Server (SMTP) > Click ‘Edit…’

  • Change your Authentication method to OAuth2

  • Quit and reopen Thunderbird
  • Enter your uChicago credentials in the window pop up and complete 2 Factor Authentication

NOTE: if you’re using IMAP, Thunderbird will need to re-download the contents of all mail folders, so you should leave Thunderbird open for a good while so that it fully syncs up with the server.

Mac Apple Mail Users

  • Open System Preferences > click Internet Accounts

  • Select your uChicago account > click the minus sign (-) in the lower left hand corner

  • Click OK to confirm the deletion

  • Open Keychain Access (/Applications/Utilities)

  • Do a keyword search within Keychain Access for Exchange

  • In the search results, select each item to view the Account that’s listed at the top, and then press Delete. Repeat this step to delete all items for your Exchange account
  • Do a keyword search for adal
  • Select all items whose type is MicrosoftOffice15_2_Data:ADAL:, and then press Delete
  • Do a keyword search for office
  • Select the items that are named Microsoft Office Identities Cache 2 and Microsoft Office Identities Settings 2, and then press Delete
  • Reboot your Mac
  • Once rebooted and signed back in, reconfigure your Outlook account by navigating back to Preferences > Internet Accounts

  • Click the plus sign in the lower left corner and select Exchange. A new window will prompt for a name and email address, Enter in your Name and UChicago email address. Then click the Sign In button

  • When prompted to “Sign in to your Exchange account using Microsoft?” click Sign In again
  • When prompted to “Log in to Your UChicago Account”, log in with your CnetID and Cnet password
  • You should then be prompted for 2FA
  • Once 2FA has been successfully established you will be prompted with a Permissions requested screen, click Accept

Mac Outlook Users

  • Open Outlook
  • Click Outlook in the main menu and select Preferences… from the dropdown

  • Click Accounts

  • Click the minus sign in the lower left corner

  • Confirm that you want to delete the account

  • Quit Outlook
  • Open Keychain Access (/Applications/Utilities)

  • Do a keyword search within Keychain Access for Exchange

  • In the search results, select each item to view the Account that’s listed at the top, and then press Delete. Repeat this step to delete all items for your Exchange account
  • Do a keyword search for adal
  • Select all items whose type is MicrosoftOffice15_2_Data:ADAL:, and then press Delete
  • Do a keyword search for office
  • Select the items that are named Microsoft Office Identities Cache 2 and Microsoft Office Identities Settings 2, and then press Delete
  • Open Outlook
  • Click Outlook in the main menu > Preferences… > Accounts > Add Email Account > type your full UChicago email and complete the initial 2 factor authentication

Mac Thunderbird Users

The end of Basic Authentication particularly affects Thunderbird users whose Thunderbird program was configured to get U of C email prior to November 2020. Thunderbird has only recently supported “modern authentication.” Prior to that, Thunderbird was capable only of basic authentication. If your Thunderbird was set up prior to November of 2020, you will need to change your email’s authentication method using the instructions below.

  • Open Thunderbird
  • Click Help in the menu bar > About Thunderbird

  • Click Check for Updates and wait until the updates download. Click Update. Continue checking for updates until your Thunderbird is on version 78 at the earliest.

  • Click Tools > Account Settings

  • Select your uChicago email > click ‘Server Settings’ > select ‘Oauth2’ from the dropdown menu next to ‘Authentication method’

  • Click Outgoing Server (SMTP) > Click ‘Edit…’

  • Change your Authentication method to OAuth2

  • Quit and reopen Thunderbird
  • Enter your uChicago credentials in the window pop up and complete 2 Factor Authentication

NOTE: if you’re using IMAP, Thunderbird will need to re-download the contents of all mail folders, so you should leave Thunderbird open for a good while so that it fully syncs up with the server.

Gmail POP Users

If you have configured a personal non-Chicago gmail account to continuously fetch your UChicago email via gmail’s POP function for external accounts, then do the following:

  • Open a web browser and log in to the personal Gmail account at https://gmail.com
  • Click on the gear icon near the upper right hand corner of the web page
  • Click on “See all settings”
  • Click on “Accounts and Import” tab
  • Scroll down to “Check mail from other accounts”
  • Remove the UChicago account from there.

Now set up forwarding in O365 to the private Gmail account:

  • Log in to https://outlook.office365.com
  • Click on the gear icon toward the upper right hand corner of the web page
  • Click on View All Outlook settings
  • Click on Forwarding
  • Enable forwarding and type in the email address to which you’d like to have your UChicago email forwarded. Ensure you click the Save button when you’re done.