The SMTP AUTH protocol is used to submit millions of emails every day. The majority of the clients connecting to Exchange Online like this are devices such as multi-function printers or some piece of...
Updated Apr 14, 2020
Version 3.0
Blog Post
Thanks for clarifying that there is a per-mailbox setting available for smtp legacy auth, I can't remember having seen that in the umpteen change notification email that Office 365 has been sending out. This makes it reasonable to turn it off, but still allow firewalls, scanners and whatnot to send email.
A couple of suggestions on things you could provide to make it easier for administrators to improve security:
- Provide a way to disallow login on device accounts, and only allow app passwords for smtp authentication. An administrator should be able to create a new app password without logging in as the device account.
- Provide an installable smtp proxy that accepts lan smtp and sends them out to Office 365 using OAuth. As a docker container or similar.