How to send emails using Office 365 SMTP AUTH, HELP! — Part 2 — SMTP Auth with MFA
Continuing with this series, I will be explaining step by step how can you send emails using your office365 account when you have the Multi-Factor Authentication enabled by security; if you lost the previous article of this series, you could consult it here, and of course, I will be refreshing what I’m taking as true on that article if you come from the previous article you can skip the next two sections.
If this is the 1st time you’re around my articles, Hello! I’m Jose, nice to meet you, I’m a Microsoft Certified Professional in Messaging as Charter Member and Server Infrastructure. Expert in Powershell with more than 12+ years working in IT, and add 3+ years of experience with Office 365 as ambassador and Subject matter expert on Exchange Online, hybrid, and Cloud Technologies, especially those based on Office 365, my articles are based on day to day basics and real scenarios and questions.
I have worked on this issue for a lot of issues, in several languages, for at least the last year worldwide, so I will assume the following is TRUE:
- You are moving or are already moved to Office 365
- You count with subscriptions and licenses on Office 365 that contains Exchange Online Plan 1 (Office 365 essentials, business standard, standard premium) or Exchange Online Plan 2 (O365 E1, E3, or E5).
- You are a GLOBAL ADMIN on your office 365 account; if you don’t comply with this requirement, you still can read and learn how to deal with the issue, and if your global admin doesn’t accurately deal with and solve this issue, you can help him/her out, at the end of the time we all are human. We don’t ignore the same things.
- You have zero knowledge of Powershell or anything related to it.
- You are working under windows 10, any edition.
- On your Windows 10, you have at least the default Powershell Version (Powershell 5.1)
General Knowledge of the problem
Before going straight into the troubleshooting steps, I would like to let you know some more information about Office 365.
Note: Curiosity all Office 365 tenants have an Azure Active Directory behind (you can check it out by going into https://portal.azure.com once you’ve logged into Office.com with your global admin account).
SMTP Authentication can be configured at the tenant level and the user’s level. The first one is a configuration globally for all the accounts to allow or deny the SMTP connections and sending emails. Now, the SMTP authentication at the user’s level usually doesn’t contain any information. It’s usually set as EMPTY, which means that it will take the Tenant’s configuration for that particular user.
Note: If you prefer to go to the source and avoid all that I will tell in this article, you can go to https://docs.microsoft.com/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365 and read the SMTP Auth option 1.
One last note and fact, SMTP Authentication only accepts “Basic authentication”: Username (UserPrincipalName or Email on the O365 context) and a password.
Side Note: What is Multifactor Authentication or MFA?, Nowadays username and passwords are not enough to manage the security on every account, for this reason, it’s required multiple factors that are based on the principle of “something you know” (like username and password) and “something you have,” like your phone, a token, etc., so MFA obeys to the add your username and password, and then validate the access with a token, this last step is still confusing for most of the clients especially when they are not from the IT area, so be patient with them, get a friend, and teach them, they will compensate that with more work or even with a beer.
The Problem 2 — SMTP Authentication with MFA
Now we go straight to the purpose of this article if you found your way trying to send emails any CLIENT Application (Outlook, Powershell, Any 3rd party app that sends an email: WordPress, PHP, your web page, your printer, your scanner, etc.); and you get some problems with the Authentication, and finally, the account that you would like to use DOES HAVE Multi-Factor Authentication (MFA) Enabled.
Jose, what were the commands you ran to get that error? Found them here
At this point, this seems to be the same issue. The only difference is that the actual user in the previous case doesn’t have MFA enabled while this one has it.
If you request help from Microsoft, they can make a home run with you since, as we should know from the previous case, SMTP authentication only accepts “Basic Authentication,” so you must be asking, “what would be the solution then?”.
The answer is pretty straightforward; you would need to create an application password. Similar to the application passwords from Gsuite or Google accounts) and use this “app Password” as the regular password for your account in the “basic Authentication” dialog.
Troubleshooting the Problem 2 — SMTP Authentication with MFA
In this case, you have the same error, but the troubleshooting is different.
You’d need to create 1st an application password. To do so you need to know:
- What’s the status of Azure Security Defaults: In case it is enabled, all your users are requested to be “MFA-Enabled.”
SideNote: The trick is that it is enabled from the Azure Perspective but not on the O365 site, so make sure to go (as administrator) and enabled it.
The details to enable it by going to Portal/Show All/Admin/Users/Active users/Multi-Factor Authentication/Find the user that you want to send emails, and make sure that its MFA status says “ENABLED” instead of “Disabled” as shown in the following picture
- Once you do this, the enablement or disablement of the Azure Security Defaults can take from 24–72 hours to be effectively applied.
- Now open an incognito/private window and go to https://office.com and log in using the user's password that you want to send emails from.
- On the windows with the user that you want to use to send emails to go to https://account.activedirectory.windowsazure.com/Proofup.aspx and create a new app password; if you have any doubt you can go here: https://docs.microsoft.com/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords#create-and-delete-app-passwords-from-the-additional-security-verification-page
- Then we try to send emails using the username and the newly created app password. Test, and it should work now.
- If it’s still doesn’t work, it’s basically because Security Defaults also disables the Basic authentication, so setting up the Azure security defaults on False might solve the issue.
- If that still doesn’t work, make sure you have SMTP Enabled as we did on the 1st part (all it’s valid for this one too).
Thank you very much for reading; leave us your comments!
Thank you very much for reading, any comments, you can contact me over email or Microsoft Teams: firstname.lastname@example.org. I want to know from you, leave your comments or doubts and share this information if you think it was helpful in any way for you.
Make sure to check my Part 1, and please leave your messages. They’re much appreciated!