I'm trying to figure out to use modern auth and disable basic auth for all mailboxes but a few which still need to use SMTP with Basic Auth. The documentation is not clear about how to do that. It looks like I need to
- Disable Security Defaults in Azure AD if they are enabled.
- Set-TransportConfig -SmtpClientAuthenticationDisabled $false
- Use the new UI described here (or new/set-authenticationpolicy) to enable modern auth and disable basic auth for everything which will create/change the default authentication policy.
- Create a second authentication policy via new-authenticationpolicy) which enables SMTP Basic Auth
- Assign the second policy to the few mailboxes which still need SMTP basic auth via the set-user cmdlet and wait for 24h until the settings are a efffective. Or use set-user -StsRefreshtokenValidFrom $([Sytem.DateTime]::UtcNow) to shorten that to 30 minutes.
Is there an easier way to achieve that?