Forum Discussion
Send Mail (SMTP) through Office 365 with MFA
When using Option 1, MFA has everything to do with it. Option 1 requires authentication to work and I have since been able to confirm from Microsoft that Option 1 will not work when MFA is enabled.
Option 2 will not work in our environment, as the emails generated will often be sent externally. Option 2 (Direct Send) will only send to internal O365 recipients.
Option 3 is still in question. We already have send connectors in-place due to our hybrid configuration. Still waiting on a response from Microsoft if we can modify these settings to all relay but without causing issues with our Hybrid. We will eventually move away from this and our internal mail server which is why we are not deploying new services that point to our internal mail server.
Therefore for #1 you would need to login with the actual From address and not another account, but then MFA would impact you. This is why I did not suggest you try Option #1 and only either #2 or #3.
For either of these, it does not matter if the recipient is internal or external. This is regardless what it says in the support article under Direct Send about it being for internal mailboxes only (see the other scenarios text where it talks about using Direct Send for mailing lists - which are external by their nature).
As for #3, you realise when you say "We will eventually move away from this and our internal mail server which is why we are not deploying new services that point to our internal mail server. " that with hybrid you will never move away from this scenario. With hybrid you need to maintain an on-premises Exchange Server for cloud mailbox management as you are doing AD Sync. Given that you have an on-premises server, you would use that as your apps and devices SMTP relay device as well. Microsoft have said they are working on improving the management experience with hybrid at Ignite last year, but that does not cover the need for SMTP relay scenarios like you describe.