Google has been kind enough to give lots of advance notice that it will stop providing "Less secure app access" to third party applications (image of email below). I use Outlook 2013 and 2019 (desktop app, not Office 365) to access gmail via IMAP. The email also advised that I need to upgrade to Outlook 2019.
I just did a test by turning off "Less secure app access". Neither Outlook 2013 nor 2019 is able to access Gmail's IMAP servers. I have been unable to find the details of what specific things make access "less secure" so that I can try to redress the problem.
What do I have to do to make Outlook 2019 work without "Less secure app access"? Do I have to choose a different encryption? This question applies to Outlook 2019 on my home laptop.
Even if you don't want to share details about how you did it, it would be useful to know whether anyone has made this work (for Outlook 2019 desktop app, not as part of Office 365).
Even if you had to move to a paid Gmail account to get this to work, thanks if you can share this fact, and (only if you like), the details behind the procedure.
Can I do the same with Outlook 2013? If not, this presents a problem. It is on a work laptop, and I don't believe that I am free to install my own commercial software on it. Normally, work laptops connect to Exchange servers behind a firewall. This particular laptop is meant to be used outside of the firewall, so it uses IMAP to connect to gmail.
For the work laptop, even if I could upgrade to Outlook 2019, there is the additional problem that Outlook 2019 seems to work much, much more slowly and less reliably than 2013. At least that's been my experience - though it could be due to the lesser horse power on my home laptop.
Things tried #1
I first disallowed less secure apps.
As per one a comment in one of the answers, I followed page "Set up Gmail with a third-party email client". The relevant section seemed to be:
- Set up Gmail with Microsoft Outlook
- Set up Gmail with Outlook on a PC
Therein, I followed a link to "Add a Gmail account to Outlook for
Windows".
As shown there, I chose File -> Add Account
. Thereafter, I tried
the non-manual (automatic) setup:
It failed:
Things tried #2
I then tried the manual setup without Secure Password Authentication (SPA):
It's obvious now that the reason for the failure of the automatic setup is that "automatic" means O365 speifically. After entering the fields for IMAP as shown, I clicked on "More settings":
The above settings are consistent with the page Check Gmail through other email platforms, section "Step 2: Change SMTP & other settings in your email client".
However, the connection to IMAP and SMPT servers for incoming and outgoing email still failed:
So my attempts to set up Oauth2 using "manual" setup of the Outlook client also failed.
Things tried #3
I thought I could try the non-manual setup again, but first enabling Oauth2 on the server side. I then followed Recommendations for setting up IMAP. However, the procedure requires login at admin.google.com, which "is used for Google Workspace[/Cloud] accounts only" (formerly called G Suite). This is explained a bit here and slightly better here.
This is a personal email account, so I don't have Google Workspace. I looked to see if it can be gotten free, but while one might be able to get a similar effect with a free account, I doubt that you will actually get a Google Workspace account.
Things tried #4
Following suggestions, I tried manual setup with Secure Password Authentication (SPA). Less secure apps was enabled for all these tests.
For "Internet Email Settings" (i.e., "More settings"), I tried 3 configuration:
SMTP settings mirror IMAP settings
Custom SMTP settings, but with same User Name, Password, and SPA settings as IMAP
Custom SMTP settings, but with SPA disabled
In all cases, connection to SMTP failed because the encryption isn't supported. No details about what exactly isn't supported or what is supported.
Things tried #5
In response to another comment, I specified an SMTP port of 465 for SSL/TLS. Here are the settings:
With “Less secure apps” access allowed, the settings as shown above work for Outlook 2019.
Additionally, in the “POP and IMAP account settings panel, requiring SPA worked
Additionally, in the “Internet Email Settings” panel, in the “Outgoing Server” tab, requiring SPA worked
With “Less secure apps” access disabled, however, the server rejected the logon, and said I should verify my user name and password
This didn’t matter whether SPA was required in both of the above checkboxes, either one of them, or neither of them
On Outlook 2016, the encryption options were a bit different. There is no combined "SSL/TLS"; they are separate options. Port 465 required that SSL be chosen, and it didn't work if TLS is chosen. Since TLS is an improvement on TLS, I wanted to use that, and I had to specify port 587 for it to work. Of course, it only works when "Less secure apps" access is enabled, in which case it didn't matter which of the SPA checkboxes were checked.
Things tried #6
After re-reading the posted answer about modifying the registry to enable Oauth2, I tried the following for Outlook 2019. I used regedit
to navigate to HKCU:\Software\Microsoft\Office\16.0\Common\Identity
. Note that in Outlook 2019, I had 16.0
, not 15.0
. I created a DWORD EnableADAL
and set it to 1
. I started Outlook and tried to set the encryption. I did not have Oauth2 in the pulldown list, or anything like it. What I saw that was new was an Auto
encryption.
According to this page, Auto
tries the other encryption options, from most to least secure. Unfortunately, Oauth2 isn't among the "other" options. Even if it was, however, Auto
is a dangerous setting because it creates the possibility of connecting with no encryption, as described in the aforementioned link.
This was tried on Outlook 2019. I find it very odd that Oauth2 is unavailable because the Google message about dropping less secure apps access after May 30 (above) explicitly suggests Outlook 2019 as a solution.
Conclusion
I could be wrong, as I'm not an IT person, but if the problem lies in Things tried #3, then it looks as if, come May 30, the need for Oauth2 will leave the free account users behind. Unless one is only going to access mail via a browser, one will need to move to a business account. :(