High Volume Email Service to Restrict Email Delivery to Internal Recipients Next Month

Microsoft has detailed some important updates for the High Volume Email (HVE) service that launched in public preview in July 2024. The company will extend support for basic authentication in HVE until September 2028, offering organizations more time to modernize their systems.

Microsoft has removed basic authentication support for email connectivity protocols to enhance security in Exchange Online. However, SMTP AUTH (Simple Mail Transfer Protocol Authentication) is used by applications and devices to send emails through Exchange Online. It’s also known as client submission protocol because it allows clients to submit outbound email messages.

Microsoft plans to disable basic authentication for SMTP AUTH in September 2025. This means that any app or device still using basic auth to send emails will stop working unless it’s updated to use modern authentication (like OAuth 2.0). This change will require developers to update their existing apps to use the Graph APIs for sending emails directly via HTTP requests.

Last year, Microsoft introduced the High Volume Email (HVE) service in preview for bulk email sending in Exchange Online. The goal is to move organizations away from traditional SMTP authentication (which often relies on basic authentication) and encourage adoption of HVE. However, transitioning to HVE requires code updates in existing apps or devices, as the service uses dedicated HVE accounts and a separate SMTP endpoint.

High Volume Email service to offer extended support for basic authentication

To make this transition easier, Microsoft has announced that it will continue to support basic authentication for HVE until September 2028. This change will give organizations more time to update their apps and devices.

“This decision comes as part of our ongoing commitment to support your current authentication needs while ensuring a smooth transition to modern authentication methods. While we strongly recommend using modern authentication (OAuth) for a more secure security footprint, we recognize that certain line-of-business (LOB) applications and devices may not support modern authentication yet,” the Exchange team explained.

External email support for High Volume Email ends in July

In July 2025, Microsoft will block the ability of HVE to send emails to external recipients. Going forward, the HVE service will exclusively provide support for internal messaging capabilities, and organizations will need to use Azure Communication Services (ACS) for all external email traffic.

Microsoft has also removed all messaging rate restrictions for HVE, allowing organizations to create up to 100 HVE accounts. The company will also eliminate the internal recipient rate limits in the coming weeks.

Microsoft removed external email support from HVE to encourage ACS adoption, which charges a small fee per message and data size. However, the fees are minimal and comparable to third-party email services. The financial impact is negligible for most organizations, especially given the low cost of sending even large volumes of messages.