Share via

Issue with SharePoint Access Due to Discontinuation of Basic Authentication

Selvakumar K 25 Reputation points
2026-03-20T13:02:49.2733333+00:00

Hello,

We are currently facing an issue with accessing SharePoint Online documents using app passwords due to the upcoming discontinuation of Basic Authentication in Microsoft 365. Specifically, we are unable to authenticate via app passwords and are receiving a "Forbidden" error when attempting to log in using legacy credentials.

Issue:

  • Error: "Cannot contact website or the website does not support SharePoint Online credentials. The response status code is 'Forbidden'."

Authentication method: App password (legacy client authentication)

Affected services: Document upload and download in SharePoint.

Context:

Basic Authentication support is being discontinued in Microsoft 365, and we need to migrate to Modern Authentication. However, we are currently unable to authenticate using app passwords, and we're not receiving the authentication code in the Authenticator app for our user account.

We are in the process of updating two applications to support Modern Authentication but need assistance with temporarily enabling or extending Basic Authentication support to continue operations until the required changes are completed.

Specific Questions:

How can we temporarily extend or enable Basic Authentication support to allow us to continue using app passwords until the required code changes for Modern Authentication are in place?

Can you advise on the best approach to migrate these legacy systems to Modern Authentication and ensure seamless integration with SharePoint and other Office 365 services?

Any recommendations for handling authentication for custom applications accessing SharePoint during this transition?

We are looking for guidance or solutions from the community as we move forward with these necessary updates.

Thank you in advance for any help or advice.Hello,

We are currently facing an issue with accessing SharePoint Online documents using app passwords due to the upcoming discontinuation of Basic Authentication in Microsoft 365. Specifically, we are unable to authenticate via app passwords and are receiving a "Forbidden" error when attempting to log in using legacy credentials.

Issue:

Error: "Cannot contact website or the website does not support SharePoint Online credentials. The response status code is 'Forbidden'."

Authentication method: App password (legacy client authentication)

Affected services: Document upload and download in SharePoint.

Context:

Basic Authentication support is being discontinued in Microsoft 365, and we need to migrate to Modern Authentication. However, we are currently unable to authenticate using app passwords, and we're not receiving the authentication code in the Authenticator app for our user account.

  • We are in the process of updating two applications to support Modern Authentication, but need assistance with temporarily enabling or extending Basic Authentication support to continue operations until the required changes are completed.

Specific Questions:

How can we temporarily extend or enable Basic Authentication support to allow us to continue using app passwords until the required code changes for Modern Authentication are in place?

Can you advise on the best approach to migrate these legacy systems to Modern Authentication and ensure seamless integration with SharePoint and other Office 365 services?

Any recommendations for handling authentication for custom applications accessing SharePoint during this transition?

We are looking for guidance or solutions from the community as we move forward with these necessary updates.

Thank you in advance for any help or advice.

Microsoft 365 and Office | SharePoint | Development

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hin-V 13,215 Reputation points Microsoft External Staff Moderator
    2026-03-20T14:36:13.61+00:00

    Please note that our forum is a public platform, and we will modify your question to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.  

    Hi @Selvakumar K

    Thank you for reaching out regarding the “Forbidden” error you are encountering when attempting to access SharePoint Online documents using app passwords. 

    I understand that this issue is caused by Microsoft’s platform-wide retirement of Basic Authentication across all Microsoft 365 services, including SharePoint Online, and that this change is impacting your workflow. Since app passwords rely entirely on this legacy authentication method, they are now fully blocked at the service level by Microsoft. 

    Regarding to your concerns: 

    For temporary extension or re-enablement of Basic Authentication method  

    Unfortunately, I have not identified any supported method to temporarily extend, bypass, or re-enable Basic Authentication or app passwords for any Microsoft 365 workload. 

    Since Basic Authentication is now permanently disabled in all tenants for Exchange Online, SharePoint Online, and other Microsoft 365 services. Neither customers nor Microsoft Support can turn it back on. 

    Recommended migration approach 

    To restore application access to SharePoint Online and ensure long-term compatibility, the recommended approach is to migrate to Modern Authentication (OAuth 2.0) using Microsoft Entra ID (formerly Azure AD). 

    You could refer to the concrete steps to take depending on the application type: 

    1.Set up App Registration in Microsoft Entra ID:

    Go to the Microsoft Entra Admin Center. 

    Navigate to Identity > Applications > App registrations and register a new application. 

    2.Choose the corresponding flow based on your app type: 

    For Background/Server Applications (Daemon apps): Use the Client Credentials flow (App-only access). You must configure a Certificate or Client Secret for the application and grant it the appropriate API permissions (such as Sites.Read.All or Sites.ReadWrite.All on the Microsoft Graph API).  

    For User-facing or Rich Client Applications: The application must be updated to use Interactive user sign-in flows that fully support Multi-Factor Authentication (MFA).  

    For handling custom applications during transition 

    While updating your custom applications, you could consider to follow these recommendations: 

    Remove Dependencies: Plan to permanently remove all code dependencies on Basic Authentication (username/password strings) and app passwords.  

    Adopt Microsoft Graph API: Instead of using older SharePoint REST APIs, we highly recommend migrating your integration layer to Microsoft Graph API. It is the most robust, modern, and supported method for file operations in Microsoft 365.  

    Third-Party Applications: If you are using third-party software, please contact the vendor immediately. You must request a patch or an updated version that integrates OAuth 2.0 support.  

    References: 

    Basic authentication sign-in prompts are blocked by default in Microsoft 365 Apps 

    Authentication and authorization in Microsoft Graph 

    I hope this helps. 

    Please feel free to correct me if I misunderstood your request. If you have any additional concerns, feel free to comment below. I would be more than happy to assist. 

    Note: Please follow the steps in [our documentation] to enable e-mail notifications if you want to receive the related email notification for this thread. 

    1 person found this answer helpful.
  2. Q&A Assist
    2026-03-20T13:03:20.7533333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Basic authentication and app passwords can no longer be used with Microsoft 365 services, including SharePoint Online, and they cannot be re-enabled or extended.

    1. Temporary use of Basic authentication / app passwords
    • Basic authentication is now disabled in all tenants for Exchange Online and other Microsoft 365 services, and neither customers nor Microsoft Support can turn it back on.
    • App passwords rely on legacy/basic auth flows and are explicitly blocked when modern authentication is required.
    • Because of this platform change, there is no supported way to temporarily extend or re‑enable Basic authentication or app passwords for SharePoint Online or other Microsoft 365 workloads.
    1. Recommended migration approach to Modern Authentication For custom or legacy applications (such as Rototherm and ERS Prospector) that integrate with Microsoft 365 services:
    • Replace Basic authentication with OAuth 2.0–based modern authentication.
    • For services like Exchange, POP/IMAP, EWS, and EAS, the guidance is:
      • If custom code was written using these protocols, update it to use OAuth 2.0 or migrate to Microsoft Graph.
      • If a 3rd‑party application is used, work with the vendor to add OAuth 2.0 support or move to an application that already supports it.
    • For SharePoint Online specifically, use modern authentication via Microsoft Entra ID (Azure AD) and OAuth 2.0 in one of these ways (depending on app type):
      • Interactive user sign‑in with modern auth (MFA-capable) for rich clients.
      • App-only access using an Entra application registration and certificate/secret, then calling SharePoint/Graph APIs.
    1. Handling custom applications during the transition While updating the applications:
    • Plan to remove all dependencies on Basic authentication and app passwords; they are deprecated and blocked across Microsoft 365.
    • Implement OAuth 2.0 flows in the applications:
      • For daemon/server apps, use client credentials (app-only) with certificate-based authentication where possible.
      • For user-facing apps, use interactive flows that support MFA.
    • For POP/IMAP/SMTP or other legacy protocols still in use, follow the guidance to authenticate them with OAuth 2.0 instead of Basic.

    Because Basic authentication and app passwords are now blocked at the service level, the only viable path is to complete the migration of these applications to modern authentication (OAuth 2.0 / Microsoft Entra ID) and, where appropriate, to newer APIs such as Microsoft Graph.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.