Simple Mail Transfer Protocol Authentication SHALL Be Disabled
Description
Modern email clients that connect to Exchange Online mailboxes—including Outlook, Outlook on the web, iOS Mail, and Outlook for iOS and Android—do not use Simple Mail Transfer Protocol Authentication (SMTP AUTH) to send email messages. SMTP AUTH is only needed for applications outside of Outlook that send email message.
Policy
SMTP AUTH SHALL be disabled in Exchange Online
SMTP AUTH MAY be enabled on a per-mailbox basis
Licensing Considerations
This setting can be configured in any Microsoft tenant.
Set Up Instructions
SMTP AUTH can only be disabled tenant-wide using Exchange Online PowerShell. To do so, follow the instructions listed at Disable SMTP AUTH in your organization | Microsoft Docs.
To enable SMTP AUTH on a per-mailbox basis, follow the instructions listed at Use the Microsoft 365 admin center to enable or disable SMTP AUTH on specific mailboxes | Microsoft Docs.
End-User Impact
This will vary depending on the organization and what existing mail infrastructure looks like. This can be impactful if you have scanners, printers, or Line-of-business (LOB) applications leveraging SMTP auth for message relay. To avoid any issues here, follow these steps.
PowerShell Scripts
Changing Modern Auth Settings: https://www.cyberdrain.com/automating-with-powershell-changing-modern-and-basic-authentication-settings/
Basic Auth Reporting: https://github.com/msp4msps/Basic-Authentication-Reporting
Videos
Last updated