The Outlook client used with Outlook.com, once a marriage made in Heaven, is now a war, an unintended consequence of security changes made to Outlook.com plus some Microsoft decisions that have me scratching my head.

The Big Outlook.com change

On September 16, 2024, Microsoft turned off ALL basic authentication for Outlook.com/Live mail/Hotmail/MSN mail; ALL connections now require Oauth2 protocol, including the native Exchange Server protocol Outlook uses.  This was done to beef up security but opened a can of worms in the process and it started a war with Outlook, the client.

Older Outlook Versions

Older clients would be any version of Outlook with a build number older than 11601.10000; this includes Outlook 2007, Outlook 2010, Outlook 2013, Outlook 2016 MSI, and Outlook 2019 LTSC.  None of these versions support Oauth2 and will no longer connect to Outlook.com with any available protocols, POP3, IMAP, or Exchange Server.  You can still use these clients with any email service that still uses basic authentication, plus you can still use them with Yahoo and Gmail if you enable Multi-Factor Authentication and then generate an App Specific Password.  I’ve heard rumors suggestion these services will abandon App Passwords in the future, but for the time being they are still supported.  By contrast, Outlook.com has deprecated App Password use, so these clients will no longer work with the service at all.  I feel this last item is a bit shortsighted.  Yes, App Passwords are still a form of basic auth but deprecating them alienates much more than just email clients.  Many printers, Fax machines (yes, they still do exist), and a broad host of other devices use email to send notifications, alerts, etc.  NONE of these can now be used with Outlook.com!  ALL of these devices will have to use another email provider, such as Yahoo and Gmail who still support App Password functionality.  It is conceivable that the manufacturers of these devices could release new driver software that supports Oauth2, but I very much doubt that will happen for devices currently in service, unless they are very new.

Newer Outlook Versions

This would be Classic Desktop Outlook with a build later than 11601.10000 and Outlook New.  These versions support Oauth2 for IMAP and Exchange Server connections, but not POP3.  You can use these versions in native mode (no MFA or App Password) with both Yahoo and Gmail IMAP services.  Since they do not support Oauth2 for POP3 connections, MFA and an App Password would be required with both Gmail and Yahoo for POP3 connections.  Microsoft has elected not to support IMAP connections between Outlook and Outlook.com even though the newer clients support Oauth2 for IMAP; the ONLY way to connect Outlook to Outlook.com is via Exchange server protocol.

Mobile clients

Both the Android and iOS versions of Outlook Mobile support Oauth2 so they will work natively with Outlook.com, Gmail, Yahoo, and virtually every other email system.  If either were set up for Outlook.com prior to September 16, you may need to remove and re-add Outlook.com to them to engage Oauth2.  This also applies to the native Android and iOS clients that come with the phone since newer versions do support Oauth2.  If your phone has an earlier version that doesn’t do Oauth2, both Outlook Mobile clients are free to download and use.

POP3

For Outlook.com, POP3 is now the province of third-party clients.  NO version of Outlook, past or present, Classic or New, will support a POP connection with Outlook.com/Live mail/Hotmail/MSN mail. If you REQUIRE a POP connection, Mozilla Thunderbird, eM Client, and Mailbird all support Oauth2 and should be able to give you a POP connection to Outlook.com/Live mail/Hotmail/MSN mail. All three of these have facilities for importing .PST files.

More info is here:

Modern Authentication Methods now needed to continue syncing Outlook Email in non-Microsoft email apps
Outlook.com and Modern Authentication Questions