Availability of the Lightning Sync Service Account Connection Method for Customers on Microsoft Office 365

I’m a current Lightning Sync user. What do I do?

Determine whether Basic Authentication retirement affects you, and if so, what you must do to continue syncing contacts and events.

1. Verify your Microsoft email service.

Check with your company’s Microsoft admin or IT professional, or contact Microsoft directly. 

• If your company uses Exchange 2019®, 2016®, 2013® on-premise servers, you aren’t affected by Basic Authentication retirement, and no further action is necessary. Microsoft hasn't announced basic authentication retirement for those servers.
• If your company’s email service is Exchange Online, an email service offered through Office 365, go to the next step to determine if you’re affected by Basic Authentication retirement.

2. Verify your Lightning Sync connection method.

If your Lightning Sync users’ email accounts are hosted on Exchange Online, check to see if your Lightning Sync connection method is service account.

1. From Salesforce Setup, in the Quick Find box, enter Sync, then select Outlook Integration and Sync.
2. If you can't see Lightning Sync settings, click the dropdown arrow next to Let users sync contacts, events, or both between Microsoft Exchange and Salesforce.
3. Verify the option you’ve selected for Connection Method. 

If your settings indicate that you're connecting using the OAuth 2.0 connection method, the Basic Authentication retirement doesn’t affect you and no further action is necessary. OAuth 2.0 doesn’t require Basic Authentication, so you can continue to sync contacts and events using that connection method.

If your settings indicate that you're connecting with a service account, then the Basic Authentication retirement does affect you. To learn about next steps and when to take them, go to the next step. 
 

3. Learn when Microsoft is blocking Basic Authentication in your Microsoft tenant and what to expect.

Microsoft is blocking Basic Authentication for all tenants starting October 1, 2022. When Basic Auth is blocked, contacts and events stop syncing for your Lightning Sync users. To avoid sync interruption, skip to the last section in this article, Alternative Connection Methods for Syncing Between Exchange Online and Salesforce.

We recommend that you update your connection method before October 1, 2022. To learn more about the Basic Authentication retirement, see the Microsoft article, Deprecation of Basic authentication in Exchange Online.
 

I’m new to syncing contacts and events between Microsoft applications and Salesforce. What do I do?

Microsoft is blocking Basic Authentication for all tenants starting October 1, 2022. We recommend that at initial setup you use one of the recommended alternative connection methods given in the next section of this article. 

When selecting an alternative connection method, keep in mind that Lightning Sync isn't available to new customers. Einstein Activity Capture is our long-term solution for syncing contacts and events between Microsoft® or Google applications and Salesforce. With Einstein Activity Capture, you benefit from productivity-boosting features beyond sync. We recommend that you first explore one of the Einstein Activity Capture connection methods available to Exchange Online customers.
 

Alternative Connection Methods for Syncing Between Exchange Online and Salesforce

These options let you continue to sync contacts and events between Exchange Online and Salesforce after Basic Authentication retirement. We suggest that you make one of these moves before October 1, 2022. We're here to help you and your sales reps prepare for a smooth transition to Einstein Activity Capture. See Move from Lightning Sync to Einstein Activity Capture. 
 

Move to Einstein Activity Capture and connect with user-level OAuth 2.0.

You can continue to authenticate your email service to Salesforce user by user instead of authenticating all users in your tenant at the same time. During setup, you can connect your company's email service to Salesforce. Then each user  connects their email and calendar account to Salesforce. For setup instructions, see Connect to Einstein Activity Capture with User-Level OAuth 2.0.
 

Move to Einstein Activity Capture and connect with service account OAuth 2.0.

You can scope authentication to a set of users on your email service and deploy Einstein Activity Capture to all users at the same time. Plus, OAuth 2.0 is considered one of the leading methods for secure authentication. The Lightning Sync migration assistant can make the move quick and easy for you. For setup instructions, see Connect to Einstein Activity Capture with a Service Account OAuth 2.0.
 

Switch to OAuth 2.0, the other Lightning Sync connection method.

You can continue to sync contacts and events with Lightning Sync with the OAuth 2.0 connection method. The OAuth 2.0 connection method is different than the service account because it provides authentication access to Salesforce for all Office 365 users in one setup step. OAuth 2.0 is considered one of the leading methods for secure authentication. For more information, see OAuth 2.0 Connection for Microsoft Users and Connect Salesforce and Microsoft® Exchange Using OAuth 2.0.

Keep in mind that for right now:

• Einstein Activity Capture Standard, the version of Einstein Activity Capture that doesn't require an additional license, has a 100-user limit. For more details, see What is Einstein Activity Capture Standard.
• Einstein Activity Capture isn't supported for Salesforce Classic.
• Einstein Activity Capture isn't supported for Service Cloud or Lightning Platform. See Einstein Activity Capture System Requirements. 
• Einstein Activity Capture and Lightning Sync can't be in use at the same time. For more details, see Compare Einstein Activity Capture and Lightning Sync and How Salesforce Manages Sync Conflicts Between Products.