Forum Discussion
Solved
Can't send SMTP mail after setting Default Security in Office 365
After I activated the 'Default Security' in Office 365, the multifunctionals can't scan-to-mail .
I get error
SmtpCmdResp: 535 5.7.3 Authentication unsuccessful [LO2P265CA0457.GBRP265.PROD.OUTLOOK.COM]
--readSmtpResponse
SMTP authentication failed after sending password.
Check your username/password or your SMTP server's auth settings
Settings: smtp_host: smtp.office365.com
smtp_port: 587
Before activating Default Security there was no problem.
LusoAdmin Hey there. I'll put the solution here because as far as I can tell, everyone should also have that problem now. It took 1 week with the Microsoft support to finally find the solution. Just like I thought, because now the default security is enabled when you create a new tenant, even if you disable it, smtp somehow stays disabled and that overrides the settings in your admin panel.
All you have to do is enable it in Powershell. To connect with Powershell, first you have to execute this:
Connect-MsolService
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnlineThen you enter your admin credentials. After that, you can check the "smtp disabled" flag, it should be set to "true":
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
To enable smtp and get things working again, you enter this command:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Worked for all my tenants. I hope this helps you too!
I just enabled Security Defaults in our Office 365 tenant as well the other day and also have the same problem (from an app that uses SMTP). I disabled Security Defaults but the app still can't send through SMTP anymore. Even tried disabling MFA = still not working.
Did you get a resolution to your issue in the end?
I know this is an old thread, but I'm having the same problem as @BinhTang . For half my tenants smtp does not work even with Default Security disabled. I found there is some kind of Azure security that disable Legacy SMTP and that ovverides the settings in the Admin panel. So I think once the tenants are created with the default Security settings or if you enable it, you're screwed since you can't go back and change those settings in Azure if you don't have it. I opened a ticket with Microsoft and so far they have not been able to solve my problem.
- Today I had the problem again with a new Office 365 tenant. He couldn't send smtp mails. It looks like MS is activating the Default Security for new tenant now. Lukely, after disabling the Default Security smtp sending was working.
MarcVHB While I am not aware of what devices you are using I can tell you that I used this documentation to set up a HP MFP X585 and a Canon MF735CDW.
We use a shared mailbox with a password set on the mailbox to do Authenticated SMTP.
I use Kyocera devices. SMTP used to work, until I activated Default Security.
For new Office 365 tenants, Default Security is now standard set to 'on' , so new Office 365 users won't be able to send SMTP mails with multifunctional devices.I was hoping there would be a simple way just for one user (or shared mailbox) to send SMTP mail.
MarcVHB Right, you would need use a mailbox that has a username and password unfortunately.
Well you might have bothered to read the documentation on Security defaults first to avoid such issues 🙂 Among other things, they block basic auth for SMTP, which I suppose is what your devices use. You can either disable Security defaults, create a similar CA policy with exceptions added for the devices, or use some smart host/relay to route those messages.
How can I create such an Conditional Access Policy for enabling SMTP again?
Nah, i'm more the 'let's see what this button does' type of guy 🙂
MS is expert in producing large quantity's of text with very little info. Especially if English is not your native language it's sometimes very difficult to follow.
Do you think there is a way to **bleep** a little hole in the default security , just to allow one mailaccount to send mail via SMTP ?
That depends on what licensing you have. Security defaults on their own don't allow much customizability, it's a plain on/off switch for all features as a single package. But if you have AAD Premium licenses, you can create a policy that matches the Security defaults restrictions, with few added exceptions as needed.
