Forum Discussion

remberme's avatar
remberme
Copper Contributor
Jul 08, 2021
Solved

Client authentification failure while sending email from office365 account via powershell

Hi I'm trying to send email from office365 account in powershell, but got client not authenticated failure:     Send-MailMessage : The SMTP server requires a secure connection or the client was...
office 365
  • pvanberlo's avatar
    pvanberlo
    Jul 08, 2021

    The regular way to do this when using modern authentication with MFA would be to allow ‘app passwords’. There are other ways, which I would not recommend, because they potentially lower the security posture.

     

    https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

     

    If that doesn't work or is not allowed in your tenant, other methods may include:

    * Disabling MFA (not recommended)

    * If MFA is enabled using Azure AD Conditional Access, exclude this user for specifically SMTP from the Azure AD Conditional Access policy

    * If you're using Security Defaults within your Microsoft 365 tenant, legacy authentication is blocked by default and can't be bypassed unless you disable Security Defaults

    * You can use the Graph API for sending out e-mail programatically (Send mail - Microsoft Graph v1.0 | Microsoft Docs)

pvanberlo's avatar
pvanberlo
Steel Contributor
Jul 08, 2021
Can you provide the exact PowerShell command you’re using including the parameters you’re setting? Of course edit any potential sensitive info.
  • remberme's avatar
    remberme
    Copper Contributor
    Jul 08, 2021

    pvanberlo, I'm trying commands below. Now I can use it or MailKit to send email after turning off the Authenticator approval. How can I achieve it when authenticator is turning on?

    $cred = Get-Credential
$mail = @{
SmtpServer = 'smtp.office365.com'
Port='587'
UseSSL=$true
From='user@domain'
To='targetuser@emailserver'
Subject='subject'
Body='body'
}
Send-MailMessage @mail # or Use MailKit, see https://adamtheautomator.com/powershell-email/

     

    • pvanberlo's avatar
      pvanberlo
      Steel Contributor
      Jul 08, 2021

      The regular way to do this when using modern authentication with MFA would be to allow ‘app passwords’. There are other ways, which I would not recommend, because they potentially lower the security posture.

       

      https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

       

      If that doesn't work or is not allowed in your tenant, other methods may include:

      * Disabling MFA (not recommended)

      * If MFA is enabled using Azure AD Conditional Access, exclude this user for specifically SMTP from the Azure AD Conditional Access policy

      * If you're using Security Defaults within your Microsoft 365 tenant, legacy authentication is blocked by default and can't be bypassed unless you disable Security Defaults

      * You can use the Graph API for sending out e-mail programatically (Send mail - Microsoft Graph v1.0 | Microsoft Docs)

Resources