Skip to main content
AT&T Community Forums
Announcements
Learn how to Get the iPhone 12 Now!

Tutor

 • 

4 Messages

Sat, Oct 26, 2019 4:03 PM

DO I need to update security settings for OAuth for Office 365?

Responses

Accepted Solution

Official Solution

Brand User
ATTHelp

Community Support

 • 

136.9K Messages

a year ago

Hi, @sstelter.

 

No worries, with OAuth if your computer is not compatible you will need to create a secure mail key. Learn about secure mail keys and why you'll need one to access your AT&T email from a desktop program or email app such as Outlook 365. Let us know if you have any questions, we are always happy to help!


Ariel, AT&T Community Specialist

Still need help? Ask a question! Our 1.4 million members typically respond within 1 hour.

*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.

Teacher

 • 

11 Messages

a year ago

I have the same question...was just told via AT&T Chat Supervisor that this was not necessary...but I've asked 3 AT&T Reps on the phone and received 3 different answers and now the Supervisor says it's not necessary...

Teacher

 • 

11 Messages

a year ago

It’s incumbent on AT&T to provide clear and detailed information concerning the emails and texts being sent by AT&T / Yahoo regarding email security changes.

There’s a tremendous amount of inconsistent and unclear information being disseminated by AT&T as well as many users trying to help.

Information needs to be updated so non-technical users can understand their options as well as what will change with each option.

Update with Outlook 2019 info.

If Mail App such as Outlook not OAuth compatible, is a Secure Mail Key (SMK) really required? When?

One of the documents states that if Yahoo is offered while setting up a new email account, you’re all set? What does that mean?

Is SMK 16 digits? What is a SMK?

Once the SMK is generated and entered in place of current password, what happens next? If no log in info and password is required now for an example with Outlook, will the SMK change that? Will login be always required to get emails with SMK? What about on a mobile device?

Info also states that the current email password will still be used for some purposes like checking account info…but not for email?


Distinguish between @ att.net , @Bellsouth.net, @ yahoo.net and other email domains…any differences? If so, what are they? Provide a matrix.

What are the correct settings for incoming and outgoing mail server settings including port #’s for each mail domain?
There are so many inconsistent settings out there…

I’ve talked to 4 AT&T Reps over 3 days and chatted with at least 6 additional AT&T Reps including 1 Supervisor; I could not get all of my questions answered and each Rep told me something different.

How does AT&T expect anyone to follow this while this is so poorly managed…would appreciate some help. Thank you.

 

_xyzzy_

Expert

 • 

15K Messages

a year ago

@march1980 

If Mail App such as Outlook not OAuth compatible, is a Secure Mail Key (SMK) really required? When?

That's what Use OAuth or secure mail key for email apps says.  When?  Don't know.  The email implied soon.  But who cares?  Change now and then you don't have to worry when it becomes mandatory.

 

One of the documents states that if Yahoo is offered while setting up a new email account, you’re all set? What does that mean?

Is SMK 16 digits? What is a SMK?

Some email clients support creating your settings for a new account from certain email services just by specifying the service.  That avoids having to explicitly set up the server and authentication settings yourself.  The claim that I read is that if you, an att user, specify yahoo is one of those choices it will set up the server and authentication settings for your att account.  How it knows to select the att servers as opposed to the yahoo servers I am not sure (but I assume it's based on the email domain).  I've never tried that myself so I cannot verify it.  Also why it should choose OAuth2 authentication by default is another question.  But some claim it works too.

 

Secure mail keys are 16-character strings.  More than enough to be considered uncrackable.  What is it?  Better to ask what it isn't.  It isn't your account password and that's the point.  If you use your account password in your email client(s) then theoretically if the device(s) containing the client(s) falls into the wrong hands there is the possibility a clever hacker could extract your account and its password. Then they could log into your account to do all sorts of mischief and get your personal info. But if the client(s) only have the secure key they cannot log into your account. You can then also make it impossible for them to even use the email client(s) simply by logging into your account and changing the secure mail key.

 

Once the SMK is generated and entered in place of current password, what happens next? If no log in info and password is required now for an example with Outlook, will the SMK change that? Will login be always required to get emails with SMK? What about on a mobile device?

From your point of view nothing changes to use email client apps.  You use them as you always did.  Whether it's a secure mail key or OAuth2 authorization like the standard run-of-the-mill account password you have been using, the email client uses that information to be able to "talk" to the email servers. 

 

Info also states that the current email password will still be used for some purposes like checking account info…but not for email?

For anything on att sites, e.g, your myAT&T, webmail, start.att.net (Currently.com), etc. you still use your account password.

 

Distinguish between @ att.net , @Bellsouth.net, @ yahoo.net and other email domains…any differences?

Nothing to distinguish.  There are 11 att domains treated all the same.  That's ignoring the mess att and yahoo created unmerging the legacy domains (all those except att.net) from yahoo.  But that's a different problem.

 

What are the correct settings for incoming and outgoing mail server settings including port #’s for each mail domain? 

As I said, all the att domains use the same settings documented here.  Those are what you should be using.  And if setting up from scratch and you use the method of setting the account by specifying yahoo (covered earlier) then you should verify it set att's servers in the server settings and not yahoo's.  Ports and ssl settings are the same as yahoo's but the server names are different.

Teacher

 • 

11 Messages

a year ago

Thanks for the detailed info; when I recently added existing bellsouth.net email accounts to Outlook 2019, it automatically built the accounts as: imap.mail.yahoo.com (Port 993) and smtp.mail.yahoo.com (Port 465). Everything works fine so far...before I start adding SMK now I wonder if the info on AT&T website "mail app not listed? Here’s a quick way to find out if your email app uses OAuth. Start setting up a new email account in your app. Your app may offer you a list of email providers that includes Yahoo. If it does, your email app is OAuth compatible. Be sure to select Yahoo as your provider. You’re all set!".

Does this mean since my servers are listed as yahoo, it's OAuth Compatible and I'm all set? I know another link shows att.net servers so again, another confusing issue...

_xyzzy_

Expert

 • 

15K Messages

a year ago

@march1980 

I was afraid that selecting yahoo as a auto-setup might select the wrong servers.  I guess my suspicions are true.  You will just have to replace the yahoo servers in the settings with the ones documented here.  If it set up the authentication for OAuth2 then it may or may not work.  Just try it and see (after you change the server settings).  If it doesn't work just set to normal password and use a secure mail key.

Teacher

 • 

11 Messages

a year ago

So after I change the servers, how would I know If it set up the authentication for OAuth2? If it works, then it was set up for OAuth2? Does Outlook work the same? But if it doesn't work, then it wasn't?  Then I would set up SMK?

Also, if I change servers, it that transparent and existing emails automatically switch over? Trying to understand how existing emails would transfer over from yahoo to AT&T servers?

It's still confusing to me the whole AT&T / Yahoo relationship...different servers but email works on both? I like to really understand the whole situation before I start changing something that works and although I understand more with your help than i did before, it's still confusing to me...thank you.

 

Contributor

 • 

2 Messages

a year ago

Ok, so I have a secure mail key.  What do I do with it?

Contributor

 • 

2 Messages

a year ago

Ok, so I have a secure email key.  What do I do with it?

New Member

 • 

2 Messages

9 months ago

I can answer this question b/c I am using Office 365, but more specifically to this question, I am using Outlook for Office 365 MSO (16.0.12325.20328) 64-bit. As well, I am a Network Voice & Data Engineer with NO affiliation to AT&T with the exception of being a U-VERSE internet customer.


I too asked 3 different AT&T "technical" staff members and was given 3 different answers. These forums are critical b/c AT&T unfortunately is NOT technical and the right hand doesn't know what the left is doing and vice versa (and yes, I am being VERY POLITE).


Bottom line...one days after my emails stopped working on my primary PC, I spent some time digging into it and the OAuth theory was the last to cross my mind b/c I too was told that it WAS NOT NEEDED. Emails were working fine (send and receive) on my iPhone, as well as through the clumsy web interface. Finally, I remembered this stupid OAUTH thing which AT&T had advertised as a go-live about for a year, set it up, and it restored mail (inbound and outbound).


Simplified steps:

1) Login to your AT&T account, follow the directions to setup an application key for Outlook (you are limited to how many you can create). This is what you will use later for your "password" in Outlook for O365. Go back to Outlook for O365, click on the top left where it says, "File", then click the drop-down box for "Account Settings" and select "Server Settings".

2) Change your Incoming Mail (POP Account) settings first:

* Username is your AT&T email address

* Password is the new OATH 'PW' that you just created'

* Server = inbound.att.net using Port 995

* Check the 2 boxes below that "require an encrypted connection (SSL / TLS)" & "Require logon using 'SPA"

3) Change your Outgoing Mail (SMTP) setting next:

* Server = outbound using Port 465

* Encryption Method = SSL / TLS

* ONLY check "My outgoing (SMTP) server requires Authentication and click the FIRST option (Use the same setting as my incoming mail server)

4) Click on "next", follow the directions to finish your server / OAUTH password change. You may need to change your password to the the OAUTH PW in your "Account setup" but other than that, you will be good to go.

I hope that this helps those that had their email either stop sending, stop receiving, stop doing BOTH, and then getting sent in a maddening circle from AT&T due to complete lack of any technical knowledge by their support staff.

Please let me know if this works for you.

(edited)

New Member

 • 

3 Messages

7 months ago

I am totally unclear about what to do. None of the webpages/links provided work or I simply don't understand them. How am I supposed to set up an OAuth?

New Member

 • 

3 Messages

7 months ago

I have tried MANY times to follow your instructions without success. Who can I call for clarification tomorrow? I did not plan to spend my entire evening on this.

New Member

 • 

2 Messages

I really don't know how I can make this any more clear to help you. Follow the link below to create a a Secure Mail Key. This is really not that hard so please don't overly complicate things. Best of luck.

https://www.att.com/support/article/email-support/KM1240308/

You need to CREATE a Secure Mail Key:

Create a secure mail key

Learn how to create a secure mail key from your mobile device, tablet, or computer.

Have your User ID and password ready to sign in to myAT&T.

  1. Go to Profile > Sign-in info.

  2. Select the email account that you want to get a secure mail key for. (You’ll find a drop-down menu at the top if you have multiple accounts.)

  3. Scroll to Secure mail key and select Manage secure mail key.

  4. If you have more than one email address, select the one you want to use.

  5. Select Add secure mail key.

  6. Enter a nickname for the secure mail key to make it easier to recognize.

  7. Select Create secure mail key.

  8. Select Copy secure mail key to clipboard. (Jot down your secure mail key, so you have it handy if you have to update an email app on several devices.)

  • For security purposes, the secure mail key only shows until you select OK.

  • If you lose or forget the secure mail key, you can create new secure mail keys as needed.

9. Select OK.

10. Go to your preferred email app and replace the existing password with your

secure mail key. (For an IMAP account, delete the existing password for both the

IMAP and SMTP servers and replace them with your secure mail key.)

Get started...

Ask a new question