SCSM 2019 - How to configure Notification Channel with Exchange Online mailbox

AakashMSFT · ‎Jun 10 2023

Note: This article applies for configuration of Email notifications with Exchange Online for SCSM2019 only. For SCSM2022 users, we have released a new Hotfix that adds support for Modern Auth.

Introduction

Microsoft Service Manager (SCSM) uses SMTP server to send notification emails. If the sender mailbox is an Exchange Online mailbox, then you may face some issues because Basic Authentication has been deprecated. Please be informed that SMTP Authentication is still available in Exchange Online (see last section at Deprecation of Basic authentication in Exchange Online).

As a solution, SCSM can be configured to use one of the options mentioned in this article. Here’s a comparison of each option.

Steps to configure a SCSM Notification Channel with SMTP AUTH (Option 1)

Use this option if you want to send email to people inside and outside your organization.
Follow the steps at Configure Service Manager notifications to connect SCSM with your SMTP server (first hop).

Select Anonymous or Windows Integrated authentication, depending on your STMP server configuration.

Set the Return e-mail address as per your SCSM sender’s email address:

Configure your SMTP server to connect with Exchange Online (second hop).

Steps to configure a SCSM Notification Channel with DIRECT SEND (Option 2)

Use this option if
- Your requirement is to only send messages to recipients in your own organization who have mailboxes in Microsoft 365 or Office 365
- There is no requirement to send email to recipients outside of your organization.
Follow the steps at Configure Service Manager notifications to connect SCSM directly to your Exchange Online tenant MX endpoint.

Set your Tenant’s MX endpoint as the SMTP server name. (Please consult your Exchange Online admin to get your MX endpoint)

Set the Return e-mail address as per your SCSM sender’s email address:

Verifying & Troubleshooting

For Option 1 first hop, which is to your SMTP server:

Verify with the PowerShell script below if your SMTP server accepts Anonymous authentication:

$mailParams = @{
    SmtpServer  = '127.0.0.1' # set your SMTP Server's address
    Port        = '25' # set your SMTP Server's port
    UseSSL      = $false       
    From        = 'senderEmail@YourTenant.onmicrosoft.com' # set sender’s email address
    To          = 'recipientEmail@YourTenant.onmicrosoft.com' # set recipient’s email address
    Subject     = 'Test with PowerShell using SMTP AUTH'
    Body        = 'This is a test body'
}
Send-MailMessage @mailParams

Verify with the PowerShell script below if your SMTP server accepts Windows Integrated authentication:

$WFRunAsAccountName = "YourDomain\YourWFusername"  # set your Workflow RunAs account's domain/username in SCSM
$WFRunAscredential = Get-Credential -UserName $WFRunAsAccountName -Message "Enter pwd of the Workflow Run As Account in SCSM"
$mailParams = @{
    SmtpServer  = '127.0.0.1' # set your SMTP Server's address
    Port        = '25' # set your SMTP Server's port
    UseSSL      = $false       
    Credential  = $WFRunAscredential
    From        = 'senderEmail@YourTenant.onmicrosoft.com' # set sender’s email address
    To          = 'recipientEmail@YourTenant.onmicrosoft.com' # set recipient’s email address
    Subject     = 'Test with PowerShell using SMTP AUTH'
    Body        = 'This is a test body'
}
Send-MailMessage @mailParams

For Option 1 second hop, which is from your SMTP Server to your Exchange Online tenant:
If email messages are successfully sent to your SMTP server but not relayed to Exchange Online, then it’s possible that Exchange Online is denying SMTP authentication requests coming from your SMTP server. In this situation, Exchange Online must be configured to allow authenticated SMTP submissions. All four steps mentioned at Error: Authentication unsuccessful must be made. Please note that each step can take a few minutes to take in effect. After you follow these four steps, you can use the PowerShell script below to verify if Exchange Online accepts authenticated SMTP submissions.

$ExchOnlineMailboxAddress = "sender@yourdomain.com" # set the sender's email address
$credential = Get-Credential -UserName $ExchOnlineMailboxAddress -Message "Enter pwd of the sender's mailbox"
$mailParams = @{
    SmtpServer  = 'smtp.office365.com'
    Port        = '587' 
    UseSSL      = $true    
    Credential  = $credential
    From        = $ExchOnlineMailboxAddress
    To          = 'RecipientUser@yourdomain.com' # set the recipient's email address
    Subject     = 'Test with PowerShell using SMTP AUTH'
    Body        = 'This is a test body'
}
Send-MailMessage @mailParams

For Option 2: Verify with the PowerShell script below.

$mailParams = @{
    SmtpServer   = 'YourTenantMX.mail.protection.outlook.com' # set your Tenant’s MX endpoint
    Port         = '25' 
    UseSSL       = $true       
    From         = 'senderEmail@YourTenant.onmicrosoft.com' # set sender’s email address 
    To           = 'recipientEmail@YourTenant.onmicrosoft.com' # set recipient’s email address
    Subject      = 'Test with PowerShell using DIRECT SEND'
    Body         = 'This is a test body'
}
Send-MailMessage @mailParams

If you get error “Send-MailMessage : Unable to connect to the remote server” then this means that the port 25 to the MX endpoint is not opened.
You may check the recipient’s Junk Email folder.

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs