Forum Discussion

Jeff Harlow's avatar
Jeff Harlow
Iron Contributor
Feb 23, 2018

Send Mail (SMTP) through Office 365 with MFA

We have a web server that needs to be able to send emails as users (FROM field); however, we have noticed that if the user account is protected with MFA, the message is rejected.  Has anyone been abl...
Authentication
exchange
office 365
security
Jeff Harlow's avatar
Jeff Harlow
Iron Contributor
Feb 28, 2018

The reason I mention we are moving away from the Hybrid solution is that we are moving away from having everything on-premise and to AzureAD and Azure VMs. Our current setup does point to our on-premise Exchange server; however, we plan to phase that out as we consolidate solutions, move to Azure VM and migrate to Office 365 SharePoint.   The goal is to be moved off of our on-premise servers by end of the year, which is why I do not want to point any new projects to our On-premise Exchange server.  The do not plan on maintaining an on-premise AD, which is the only reason to keep running in a Hybrid scenario. 

 

The error message I originally included was when I was assigning the non-MFA account to our SMTP configuration and sending using an MFA account. Since Option 1 does not work with MFA accounts, that is where I am running into an issue. 

Brian Reid's avatar
Brian Reid
MVP
Feb 28, 2018
Yes, which is why I said options 2 or 3, and both will work for you even if your Exchange hybrid role server is in Azure.

By the way, if they don't plan on maintaining an on-premises AD, what are the users going to login to? Unless you are going cloud accounts completely and turning off AD, you still need local domain controllers to the users for efficient login.
  • Jeff Harlow's avatar
    Jeff Harlow
    Iron Contributor
    Feb 28, 2018

    Per Microsoft's article that I originally included, Option 2 will not work for sending emails to external users (live.com, gmail.com, etc.)  

     

    As far as what users will be logging into; Azure AD. 

     

    • Kazu1301's avatar
      Kazu1301
      Copper Contributor
      Aug 14, 2019

      Jeff Harlow , did you solve the issue? I am facing exactly the same problem here - the send-mailmessage was working at smtp.outlook365.com before enabling 2FA and after that I receive the same message you mentioned with no other changes. I also tried to use application specific password without success.  

      • Jeff Harlow's avatar
        Jeff Harlow
        Iron Contributor
        Aug 14, 2019

        We are using Option 3 now. Just configured the connector to allow the IPs for servers (in our case our external IP) to send mail and all works. No authentication required. Kazu1301 

    • Brian Reid's avatar
      Brian Reid
      MVP
      Mar 02, 2018
      Option 2 will work externally. You need to make sure your certificates for the connector contain your domain, or it will be treated as external email relaying. Option 3 is better. Option 2 is not there for allow mass marketing emails. But will work for a lower number of emails.

Resources