Explore & discover

Helpful Links

DO I need to update security settings for OAuth for Office 365?

Tutor

DO I need to update security settings for OAuth for Office 365?

The web page below provides guided steps for Outlook 2016 and older, but not 365.

https://forums.att.com/t5/Stay-secure-with-OAuth-Secure/ct-p/oauth_hot_topic?source=ESsWCfCTA0000000... 

4,556 Views
Message 1 of 10
Teacher

Re: DO I need to update security settings for OAuth for Office 365?

I have the same question...was just told via AT&T Chat Supervisor that this was not necessary...but I've asked 3 AT&T Reps on the phone and received 3 different answers and now the Supervisor says it's not necessary...

Message 2 of 10
Administrator
Solution
Accepted by Administrator (Administrator)
Accepted by davidbk
‎10-29-2019 8:19 AM

Re: DO I need to update security settings for OAuth for Office 365?

Hi, @sstelter.

 

No worries, with OAuth if your computer is not compatible you will need to create a secure mail key. Learn about secure mail keys and why you'll need one to access your AT&T email from a desktop program or email app such as Outlook 365. Let us know if you have any questions, we are always happy to help!


Ariel, AT&T Community Specialist


Need help?
Ask a question to get help from the AT&T Community or support from AT&T specialists. If this reply helped you please use Accept solution to mark it as an Accepted Solution.
*I am an AT&T employee, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.
Tags (1)
Message 3 of 10
Teacher

Re: DO I need to update security settings for OAuth for Office 365?

It’s incumbent on AT&T to provide clear and detailed information concerning the emails and texts being sent by AT&T / Yahoo regarding email security changes.

There’s a tremendous amount of inconsistent and unclear information being disseminated by AT&T as well as many users trying to help.

Information needs to be updated so non-technical users can understand their options as well as what will change with each option.

Update with Outlook 2019 info.

If Mail App such as Outlook not OAuth compatible, is a Secure Mail Key (SMK) really required? When?

One of the documents states that if Yahoo is offered while setting up a new email account, you’re all set? What does that mean?

Is SMK 16 digits? What is a SMK?

Once the SMK is generated and entered in place of current password, what happens next? If no log in info and password is required now for an example with Outlook, will the SMK change that? Will login be always required to get emails with SMK? What about on a mobile device?

Info also states that the current email password will still be used for some purposes like checking account info…but not for email?


Distinguish between @ att.net , @Bellsouth.net, @ yahoo.net and other email domains…any differences? If so, what are they? Provide a matrix.

What are the correct settings for incoming and outgoing mail server settings including port #’s for each mail domain?
There are so many inconsistent settings out there…

I’ve talked to 4 AT&T Reps over 3 days and chatted with at least 6 additional AT&T Reps including 1 Supervisor; I could not get all of my questions answered and each Rep told me something different.

How does AT&T expect anyone to follow this while this is so poorly managed…would appreciate some help. Thank you.

 

Message 4 of 10
ACE - Expert

Re: DO I need to update security settings for OAuth for Office 365?

@march1980 

If Mail App such as Outlook not OAuth compatible, is a Secure Mail Key (SMK) really required? When?

That's what Use OAuth or secure mail key for email apps says.  When?  Don't know.  The email implied soon.  But who cares?  Change now and then you don't have to worry when it becomes mandatory.

 

One of the documents states that if Yahoo is offered while setting up a new email account, you’re all set? What does that mean?

Is SMK 16 digits? What is a SMK?

Some email clients support creating your settings for a new account from certain email services just by specifying the service.  That avoids having to explicitly set up the server and authentication settings yourself.  The claim that I read is that if you, an att user, specify yahoo is one of those choices it will set up the server and authentication settings for your att account.  How it knows to select the att servers as opposed to the yahoo servers I am not sure (but I assume it's based on the email domain).  I've never tried that myself so I cannot verify it.  Also why it should choose OAuth2 authentication by default is another question.  But some claim it works too.

 

Secure mail keys are 16-character strings.  More than enough to be considered uncrackable.  What is it?  Better to ask what it isn't.  It isn't your account password and that's the point.  If you use your account password in your email client(s) then theoretically if the device(s) containing the client(s) falls into the wrong hands there is the possibility a clever hacker could extract your account and its password. Then they could log into your account to do all sorts of mischief and get your personal info. But if the client(s) only have the secure key they cannot log into your account. You can then also make it impossible for them to even use the email client(s) simply by logging into your account and changing the secure mail key.

 

Once the SMK is generated and entered in place of current password, what happens next? If no log in info and password is required now for an example with Outlook, will the SMK change that? Will login be always required to get emails with SMK? What about on a mobile device?

From your point of view nothing changes to use email client apps.  You use them as you always did.  Whether it's a secure mail key or OAuth2 authorization like the standard run-of-the-mill account password you have been using, the email client uses that information to be able to "talk" to the email servers. 

 

Info also states that the current email password will still be used for some purposes like checking account info…but not for email?

For anything on att sites, e.g, your myAT&T, webmail, start.att.net (Currently.com), etc. you still use your account password.

 

Distinguish between @ att.net , @Bellsouth.net, @ yahoo.net and other email domains…any differences?

Nothing to distinguish.  There are 11 att domains treated all the same.  That's ignoring the mess att and yahoo created unmerging the legacy domains (all those except att.net) from yahoo.  But that's a different problem.

 

What are the correct settings for incoming and outgoing mail server settings including port #’s for each mail domain? 

As I said, all the att domains use the same settings documented here.  Those are what you should be using.  And if setting up from scratch and you use the method of setting the account by specifying yahoo (covered earlier) then you should verify it set att's servers in the server settings and not yahoo's.  Ports and ssl settings are the same as yahoo's but the server names are different.

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 5 of 10
Teacher

Re: DO I need to update security settings for OAuth for Office 365?

Thanks for the detailed info; when I recently added existing bellsouth.net email accounts to Outlook 2019, it automatically built the accounts as: imap.mail.yahoo.com (Port 993) and smtp.mail.yahoo.com (Port 465). Everything works fine so far...before I start adding SMK now I wonder if the info on AT&T website "mail app not listed? Here’s a quick way to find out if your email app uses OAuth. Start setting up a new email account in your app. Your app may offer you a list of email providers that includes Yahoo. If it does, your email app is OAuth compatible. Be sure to select Yahoo as your provider. You’re all set!".

Does this mean since my servers are listed as yahoo, it's OAuth Compatible and I'm all set? I know another link shows att.net servers so again, another confusing issue...

Message 6 of 10
ACE - Expert

Re: DO I need to update security settings for OAuth for Office 365?

@march1980 

I was afraid that selecting yahoo as a auto-setup might select the wrong servers.  I guess my suspicions are true.  You will just have to replace the yahoo servers in the settings with the ones documented here.  If it set up the authentication for OAuth2 then it may or may not work.  Just try it and see (after you change the server settings).  If it doesn't work just set to normal password and use a secure mail key.

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*I am not an AT&T employee, and the views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 7 of 10
Teacher

Re: DO I need to update security settings for OAuth for Office 365?

So after I change the servers, how would I know If it set up the authentication for OAuth2? If it works, then it was set up for OAuth2? Does Outlook work the same? But if it doesn't work, then it wasn't?  Then I would set up SMK?

Also, if I change servers, it that transparent and existing emails automatically switch over? Trying to understand how existing emails would transfer over from yahoo to AT&T servers?

It's still confusing to me the whole AT&T / Yahoo relationship...different servers but email works on both? I like to really understand the whole situation before I start changing something that works and although I understand more with your help than i did before, it's still confusing to me...thank you.

 

Message 8 of 10
Contributor

Re: DO I need to update security settings for OAuth for Office 365?

Ok, so I have a secure mail key.  What do I do with it?

Message 9 of 10
Contributor

Re: DO I need to update security settings for OAuth for Office 365?

Ok, so I have a secure email key.  What do I do with it?

Message 10 of 10
Share this topic
Share this topic
Were you asked to update your settings and apps? View Updating AT&T Mail OAuth settings
Announcements

Are you having trouble logging in? Is your email password not working? Let us show you how to Reset your Email Password using myAT&T!

Additional Support