Feb 19 2020
12:03 AM
- last edited on
Feb 01 2023
02:04 PM
by
TechCommunityAP
Feb 19 2020
12:03 AM
- last edited on
Feb 01 2023
02:04 PM
by
TechCommunityAP
After I activated the 'Default Security' in Office 365, the multifunctionals can't scan-to-mail .
I get error
SmtpCmdResp: 535 5.7.3 Authentication unsuccessful [LO2P265CA0457.GBRP265.PROD.OUTLOOK.COM]
--readSmtpResponse
SMTP authentication failed after sending password.
Check your username/password or your SMTP server's auth settings
Settings: smtp_host: smtp.office365.com
smtp_port: 587
Before activating Default Security there was no problem.
Feb 19 2020 12:24 AM
Well you might have bothered to read the documentation on Security defaults first to avoid such issues 🙂 Among other things, they block basic auth for SMTP, which I suppose is what your devices use. You can either disable Security defaults, create a similar CA policy with exceptions added for the devices, or use some smart host/relay to route those messages.
Feb 19 2020 05:41 AM
Nah, i'm more the 'let's see what this button does' type of guy 🙂
MS is expert in producing large quantity's of text with very little info. Especially if English is not your native language it's sometimes very difficult to follow.
Do you think there is a way to **bleep** a little hole in the default security , just to allow one mailaccount to send mail via SMTP ?
Feb 19 2020 08:47 AM
That depends on what licensing you have. Security defaults on their own don't allow much customizability, it's a plain on/off switch for all features as a single package. But if you have AAD Premium licenses, you can create a policy that matches the Security defaults restrictions, with few added exceptions as needed.
Feb 19 2020 11:49 AM
@MarcVHB While I am not aware of what devices you are using I can tell you that I used this documentation to set up a HP MFP X585 and a Canon MF735CDW.
We use a shared mailbox with a password set on the mailbox to do Authenticated SMTP.
Feb 20 2020 07:32 AM
I use Kyocera devices. SMTP used to work, until I activated Default Security.
For new Office 365 tenants, Default Security is now standard set to 'on' , so new Office 365 users won't be able to send SMTP mails with multifunctional devices.
I was hoping there would be a simple way just for one user (or shared mailbox) to send SMTP mail.
Feb 20 2020 07:37 AM
@MarcVHB Right, you would need use a mailbox that has a username and password unfortunately.
Feb 26 2020 11:32 AM
I just enabled Security Defaults in our Office 365 tenant as well the other day and also have the same problem (from an app that uses SMTP). I disabled Security Defaults but the app still can't send through SMTP anymore. Even tried disabling MFA = still not working.
Did you get a resolution to your issue in the end?
Feb 26 2020 10:50 PM
No, at the moment i use the smtp server of my internet provider.
Not the way it shoud we, but it works.
Nov 12 2020 08:31 AM - edited Nov 12 2020 08:32 AM
I know this is an old thread, but I'm having the same problem as @BinhTang . For half my tenants smtp does not work even with Default Security disabled. I found there is some kind of Azure security that disable Legacy SMTP and that ovverides the settings in the Admin panel. So I think once the tenants are created with the default Security settings or if you enable it, you're screwed since you can't go back and change those settings in Azure if you don't have it. I opened a ticket with Microsoft and so far they have not been able to solve my problem.
Nov 12 2020 08:46 AM
Nov 12 2020 10:06 AM
@MarcVHB My problem is that even after disabling Default Security it still doesn't work. I have like 10 of my tenants with that problem, and an other 10 which are working fine.
Dec 01 2020 12:23 AM
Dec 01 2020 01:04 AM
@LusoAdmin What I found out for new tenants:
Disable the default security settings
Enable the MFA on all users, one by one
Wait some minutes
Disable MFA for all users, one by one
And: tadaaa , SMTP works again .
Dec 01 2020 01:23 AM
Dec 01 2020 01:00 PM
Solution@LusoAdmin Hey there. I'll put the solution here because as far as I can tell, everyone should also have that problem now. It took 1 week with the Microsoft support to finally find the solution. Just like I thought, because now the default security is enabled when you create a new tenant, even if you disable it, smtp somehow stays disabled and that overrides the settings in your admin panel.
All you have to do is enable it in Powershell. To connect with Powershell, first you have to execute this:
Connect-MsolService
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
Then you enter your admin credentials. After that, you can check the "smtp disabled" flag, it should be set to "true":
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
To enable smtp and get things working again, you enter this command:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Worked for all my tenants. I hope this helps you too!
Feb 11 2021 07:27 AM
@ssimard You , my friend, are my savior. I've been battling this issue for 2 days, messing with every setting I could find in O365 and Azure AD, and this simple PowerShell solved my issue instantly.
Feb 12 2021 10:53 AM
@ssimard Thank you for this info.
Does this work with Security Defaults on or did you also have to disable Security Defaults and leave it off for your tenants?
Feb 12 2021 11:06 AM
@PhilipD4Good Glad I could help you guys. Security Default is disabled for all my tenants, so I don't know if you could leave it on.
Jul 08 2021 03:51 AM
How can I create such an Conditional Access Policy for enabling SMTP again?
Dec 01 2020 01:00 PM
Solution@LusoAdmin Hey there. I'll put the solution here because as far as I can tell, everyone should also have that problem now. It took 1 week with the Microsoft support to finally find the solution. Just like I thought, because now the default security is enabled when you create a new tenant, even if you disable it, smtp somehow stays disabled and that overrides the settings in your admin panel.
All you have to do is enable it in Powershell. To connect with Powershell, first you have to execute this:
Connect-MsolService
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
Then you enter your admin credentials. After that, you can check the "smtp disabled" flag, it should be set to "true":
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
To enable smtp and get things working again, you enter this command:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Worked for all my tenants. I hope this helps you too!