MicrosoftHi Greg,
Great article with some very good information.
What is the recommended guidance regarding enabling or disabling SMTP Client Auth Tenant-wide using Set-TransportConfig? On Tenants created after January 2020 this setting is set to True (Disabled) which means SMTP Auth needs to be set on a per-mailbox basis using Set-CASMailbox.
If SMTP Auth is disabled Tenant-wide, then enabling it via Authentication Policies for certain mailboxes doesn't have any affect as it must first be enabled tenant-wide using Set-TransportConfig.
I have found that leaving SMTP Auth enabled on the tenant then controlling its use via Authentication Policies seems to offer the most control. Also, if there are any Conditional Access policies in place to block legacy auth then mailboxes must be excluded from this if SMTP Auth is required to be used.
