If your office has a multifunction copier or scanner — the kind that lets you walk up, scan a document, and have it arrive in someone’s inbox — there’s a change coming that will quietly break that feature. Microsoft is retiring the authentication method that makes it work.

This isn’t theoretical. We’re already helping our clients prepare, and we want to make sure you have the information you need to avoid a surprise.

What’s Changing

Most office scanners send email through Microsoft 365 using something called SMTP Basic Authentication — essentially, a username and password. The scanner logs into your Microsoft 365 account the same way you’d log into Outlook, and sends the scanned document as an email attachment.

Microsoft has announced that this method is going away. They’ve pushed the deadline several times, but the current timeline is firm:

  • Now through December 2026: Everything continues to work as it does today. No changes.
  • End of December 2026: Basic Authentication will be disabled by default. Your IT administrator can temporarily re-enable it, but the clock is ticking.
  • Second half of 2027: Microsoft will permanently remove Basic Authentication. After this date, the old method stops working entirely — no exceptions, no workarounds.

This affects any device or application that sends email by connecting to smtp.office365.com on port 587 with a username and password. That includes scanners, copiers, phone systems, older CRM tools, and monitoring software.

Who’s Affected

If your organization uses Microsoft 365 (formerly Office 365) for email, and you have any of the following, you’re affected:

  • Multifunction copiers from HP, Canon, Ricoh, Lexmark, Konica Minolta, or Xerox configured to “scan to email”
  • Network scanners that email scanned documents to staff
  • Automated notification systems — building alarms, phone systems, or forms that send email through your Microsoft 365 account
  • Older line-of-business applications that relay email through Microsoft 365

In our experience working with parishes, schools, and nonprofits across Los Angeles, almost every office has at least one device configured this way. The typical setup uses a dedicated Microsoft 365 account — something like scanner@yourorganization.org or notifications@yourorganization.org — with the password entered directly into the scanner’s settings page.

That’s exactly the configuration Microsoft is eliminating.

What Will Happen If You Don’t Act

One day — likely sometime in late 2026 or 2027 — someone in your office will walk up to the copier, scan a document, and instead of the usual confirmation, they’ll see an error. The scan won’t arrive. They’ll try again. Still nothing.

The scanner’s display might show a cryptic message like “SMTP authentication failed” or “Cannot connect to mail server.” The device itself is fine. The network is fine. Microsoft 365 is fine. But the old way of logging in has been turned off, and the scanner doesn’t know any other way.

This tends to happen at the worst possible time — during a busy Monday morning, right before a deadline, or when your IT person isn’t available.

What You Can Do About It

The good news is that there are several alternatives, and you have time to plan. Here are the most practical options, especially for smaller organizations without a dedicated IT department:

1. Check if your scanner supports modern authentication (OAuth2)

Some newer scanners and copiers can authenticate using the same modern, secure method that Outlook and other Microsoft apps use. This is called OAuth2, and it’s what Microsoft wants everyone to move to.

Manufacturers are adding this through firmware updates. For example, HP’s FutureSmart platform (version 5.7 and above), certain Canon models, and newer Lexmark devices now support OAuth2 natively. If your scanner has this option, it’s the most straightforward fix — update the firmware, reconfigure the email settings, and you’re done.

The catch: many older or lower-cost models will never get OAuth2 support. If your scanner is more than a few years old or was a budget model, this option may not be available to you.

2. Switch to scan-to-folder (SMB file share)

Instead of emailing the scan, the scanner saves the document directly to a shared folder on your network. This avoids email entirely — no SMTP, no authentication issues, no dependency on Microsoft’s changing policies.

This is a reliable, time-tested approach. The scanned files appear in a folder on your server or a designated computer, and anyone with access to that folder can retrieve them. Many organizations find this is actually faster than waiting for an email, and it avoids cluttering inboxes with large attachments.

It does require a computer or server on your network to host the shared folder, and the scanner needs to be configured with the right network path and credentials. But once it’s set up, it’s very stable.

3. Use an SMTP relay service

If you need to keep scan-to-email working and your scanner doesn’t support OAuth2, you can route the email through a third-party relay service instead of directly through Microsoft 365.

Services like SMTP2GO offer free tiers that handle up to 1,000 emails per month — more than enough for most offices. You change the scanner’s SMTP settings to point to the relay service instead of Microsoft, and the relay handles delivery. It works with any scanner, regardless of age or manufacturer.

Another option, if your organization has a static IP address from your internet provider: Microsoft 365 supports a direct send connector that authenticates based on your IP address rather than a password. This costs nothing and isn’t affected by the Basic Auth deprecation, but it requires that static IP — something your IT consultant can check.

4. Use Azure Communication Services

For organizations already invested in the Microsoft ecosystem, Azure Communication Services provides an email relay that works with standard SMTP settings. It doesn’t require a static IP, it’s Microsoft-native, and it costs very little — roughly 25 cents a month for a typical office’s scanning volume. If your organization qualifies for Microsoft’s nonprofit Azure credits (up to $3,500 per year), it could be effectively free.

What We Recommend

There’s no single answer that works for every office. The right solution depends on your scanner’s capabilities, your internet service, your budget, and how your team actually uses the scan feature.

Here’s what we suggest:

  1. Don’t wait until it breaks. You have months, not days — but the organizations that plan ahead will have a smooth transition. The ones that don’t will be scrambling.
  2. Inventory your devices. Make a list of every scanner, copier, and application that sends email through Microsoft 365. Note the make, model, and firmware version.
  3. Check your scanner’s firmware. Visit the manufacturer’s website and see if a firmware update adds OAuth2 support. If it does, that’s your easiest path.
  4. Talk to your IT consultant. If you’re not sure what you have or what your options are, this is exactly the kind of thing a good IT partner can assess quickly during a routine site visit.

How Infinitech Can Help

At Infinitech, we’ve been tracking this change since Microsoft first announced it, and we’re already working with our clients to audit their devices and plan their migrations. For most organizations, the fix takes about an hour of on-site work — but it needs to happen before the deadline, not after.

If you’re a parish, school, or nonprofit in the Los Angeles area and you want to make sure your office isn’t caught off guard, reach out to us. We’ll help you figure out what you have, what needs to change, and the most practical way to get it done.

Daniel Chavez is the founder of Infinitech USA, an IT consulting firm serving Catholic parishes, schools, nonprofits, and small businesses in Los Angeles.