Dear Customer,
Microsoft had originally announced to deprecate Basic Authentication on March 1, 2026. However, as of Jan 27, 2026, Microsoft has extended the deprecation timeline to December 2026:
- Now to December 2026: SMTP AUTH Basic Authentication behaviour remains unchanged.
- End of December 2026: SMTP AUTH Basic Authentication will be disabled by default for existing tenants. Administrators will still be able to enable it if needed.
Basic Authentication is being deprecated due to the method being an outdated industry standard and threats posed by it have only increased since its original announcement (see Improving Security - Together).
Therefore, in line with Microsoft’s statement and along with the SunSystems Lifecycle Policy, we will only be adding support for Open Authorisation V2 (OAuth2) against SunSystems Cloud, which includes Query & Analysis Cloud, SunSystems 6.4 and includes Query & Analysis 11.3. This will allow you to continue to use modern and secure authentication methods to send emails on the latest versions of SunSystems and Query & Analysis.
What does this mean for SunSystems and Q&A users?
SunSystems 6.4 Patch Set 74 and Q&A 11.3 Patch Set 49 (or older) use basic authentication to send emails, which involves using a username and password to access email services via protocols like SMTP, POP3, and IMAP. The major issue with basic authentication is that it transmits login credentials in plain text or with minimal encryption. This makes it highly vulnerable to cyber threats, where modern authentication methods, such as OAuth2 and Multi-Factor Authentication (MFA), provide enhanced security by protecting user credentials and reducing the risk of unauthorised access.
Therefore, after December 2026, the following functions within SunSystems 6.4 Patch Set 74, older or Q&A 11.3 Patch Set 49 or older that use basic authentication when sending out emails will no longer work unless you have your own email server:
- SunSystems Reporting Services (SRS) enables you to send reports by email as attachments.
- Transfer Desk profiles, the ability to email notifications from an event.
- SunSystems Purchase Requisitioning Notifications, where different levels can receive email notifications for approvals.
- Q&A Alert, which allows you schedule and email Q&A reports to end users.
Action steps for SunSystems and Q&A users
If you are on SunSystems 6.4, you will be required to upgrade to Patch Set 75 KB3619189, which will allow you to use OAuth 2.0 Support for Microsoft Outlook 365 for both Transfer Desk, Reporting and Purchase Requisitioning. Further information on how to configure SunSystems to use Microsoft’s Client ID, Client Secret, Tenant ID and additional token-related configurations can be found on Docs.Infor.Com
If you are using Query & Analysis 11.3, you will be required to upgrade to Patch Set 50 (due 17 Feb 2026 KB3619196).
These changes do not affect you if:
- If you are using SunSystems Cloud, the current release.
- If you are using SunSystems 6.4 Patch Set 75 or newer and Query & Analysis 11.3 Patch Set 50 or newer.
Customers using older versions of SunSystems and Query & Analysis should refer to the Online Compatibility Matrix to understand the limited support on Microsoft Windows and database platforms. These limitations also dictate your infrastructure and force upgrades to more secure platforms.
We strongly advise that you reach out to your Account Executive or Delivery Partner to discuss a potential transition plan, such as transitioning to Infor SunSystems Cloud or the latest on-premises version. With all the upgrades, we strongly advise that you engage with the appropriate Consulting Services team to ensure a smooth migration to the latest version of SunSystems.
