MFA enabled email account for xerox copier email scanning

Copper Contributor

Hi,

 

Any articles related to this topic?

 

4 Replies
Can your device actually perform MFA? The usual solution is to exclude it, or route the messages via an on-premises SMTP relay to avoid having to authenticate in the first place.

Thanks @VasilMichev 

The Xerox copier seems no option to set up MFA. 

These are the settings I can setup:

POP3/SMTP server settings:

 

POP3:

Server Name/IP Address

Port Number

Polling Interval

Login Name

Password

POP Password Encryption

 

SMTP:

SMTP Server Name/IP Address

SMTP Server Port Number

E-mail Send Authentication

Login Credentials for E-mail Send

SMTP AUTH Login Name

SMTP AUTH Password

 

@John20211216 note that the usage of basic authentication with SMTP to EXO is excluded from the announced change on the 1st of October 2022. Nevertheless, you should really try to get rid of any remaining usage of basic authentication to EXO before said date (or Microsoft will get rid of it for you) and ensure you have proper authentication policies in place (although you could keep around a few SMTP exceptions...).

 

Secondly, it seems that not a lot of these devices support modern authentication today unfortunately... (and certainly don't offer native integration with the Microsoft Graph API which they should). If they support modern authentication they would most likely still be using POP/IMAP and/or SMTP in combination with either the OAuth 2.0 device code flow or the authorization code flow - if they're leveraging one of these OAuth 2.0 flows then there's no issue having MFA enforced on the user (mailbox) as you would only be signing in only once interactively with that user (interactively = in a browser window where you will be able to satisfy the MFA requirement). After that - if the application leveraged in Azure AD is correctly configured with the "offline_access" permission - the device will receive a refresh token from Azure AD which it can use to request new token pairs (access token + refresh token) to authenticate non-interactively (i.e.: set up and forget - as long as you do not revoke the refresh tokens for this user).