Academy hub

SMTP AUTH is officially going away

๐Ÿ”’ Secure Bits ๐Ÿ’ก
๐—ฆ๐— ๐—ง๐—ฃ ๐—”๐—จ๐—ง๐—› ๐—ถ๐—ป ๐—˜๐˜…๐—ฐ๐—ต๐—ฎ๐—ป๐—ด๐—ฒ ๐—ข๐—ป๐—น๐—ถ๐—ป๐—ฒ ๐—ถ๐˜€ ๐—ผ๐—ณ๐—ณ๐—ถ๐—ฐ๐—ถ๐—ฎ๐—น๐—น๐˜† ๐—ด๐—ผ๐—ถ๐—ป๐—ด ๐—ฎ๐˜„๐—ฎ๐˜† โ€” ๐˜๐—ต๐—ฒ ๐˜๐—ถ๐—บ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ ๐—ถ๐˜€ ๐—ป๐—ผ๐˜„ ๐˜‚๐—ฝ๐—ฑ๐—ฎ๐˜๐—ฒ๐—ฑ.

Microsoft has published an ๐˜‚๐—ฝ๐—ฑ๐—ฎ๐˜๐—ฒ๐—ฑ ๐—ฑ๐—ฒ๐—ฝ๐—ฟ๐—ฒ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜๐—ถ๐—บ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ ๐—ณ๐—ผ๐—ฟ ๐—ฆ๐— ๐—ง๐—ฃ ๐—”๐—จ๐—ง๐—› ๐˜‚๐˜€๐—ถ๐—ป๐—ด ๐—•๐—ฎ๐˜€๐—ถ๐—ฐ ๐—”๐˜‚๐˜๐—ต๐—ฒ๐—ป๐˜๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป in Exchange Online – and it will end fairly soon.

If you still rely on SMTP AUTH for:
– Applications and scripts
– Printers and scanners
– Legacy systems or monitoring tools

โ€ฆ those systems ๐˜„๐—ถ๐—น๐—น ๐˜€๐˜๐—ผ๐—ฝ ๐˜€๐—ฒ๐—ป๐—ฑ๐—ถ๐—ป๐—ด emails once deprecation is enforced.

โฐ ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐˜๐—ต๐—ฒ ๐˜๐—ถ๐—บ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ?
– ๐—˜๐—ป๐—ฑ ๐—ผ๐—ณ ๐——๐—ฒ๐—ฐ๐—ฒ๐—บ๐—ฏ๐—ฒ๐—ฟ ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ: SMTP AUTH Basic Authentication will be disabled for existing tenants. Administrators will still be able to enable it if needed.
– ๐—๐—ฎ๐—ป๐˜‚๐—ฎ๐—ฟ๐˜† ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿณ: SMTP AUTH Basic Authentication will be unavailable for newly created tenants. OAuth will be the supported authentication method.
– ๐—ฆ๐—ฒ๐—ฐ๐—ผ๐—ป๐—ฑ ๐—ต๐—ฎ๐—น๐—ณ ๐—ผ๐—ณ ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿณ: Microsoft will announce the final removal date for SMTP AUTH Basic Authentication.

๐Ÿค” ๐—ช๐—ต๐˜† ๐˜๐—ต๐—ถ๐˜€ ๐—บ๐—ฎ๐˜๐˜๐—ฒ๐—ฟ๐˜€
SMTP AUTH is one of those things that often runs in the background. More often the not, critical service or system relies on it. When it breaks, the impact is very visible โ€” invoices not sent, alerts not delivered, workflows failing โ€” but the root cause is often not obvious.

Fixing it usually isnโ€™t a checkbox. It often requires ๐—ฐ๐—ต๐—ฎ๐—ป๐—ด๐—ถ๐—ป๐—ด ๐—ต๐—ผ๐˜„ ๐—ฎ๐—ฝ๐—ฝ๐—น๐—ถ๐—ฐ๐—ฎ๐˜๐—ถ๐—ผ๐—ป๐˜€ ๐˜€๐—ฒ๐—ป๐—ฑ ๐—บ๐—ฎ๐—ถ๐—น, not just tweaking a setting.

๐Ÿ›ก๏ธ ๐—ช๐—ต๐—ฎ๐˜ ๐—œ ๐˜„๐—ผ๐˜‚๐—น๐—ฑ ๐—ฑ๐—ผ
– If you are using SMTP AUTH to send emails to ๐—ถ๐—ป๐˜๐—ฒ๐—ฟ๐—ป๐—ฎ๐—น ๐—ฟ๐—ฒ๐—ฐ๐—ถ๐—ฝ๐—ถ๐—ฒ๐—ป๐˜๐˜€, you can use High Volume Email for Microsoft 365
– If sending to ๐—ถ๐—ป๐˜๐—ฒ๐—ฟ๐—ป๐—ฎ๐—น ๐—ฎ๐—ป๐—ฑ ๐—ฒ๐˜…๐˜๐—ฒ๐—ฟ๐—ป๐—ฎ๐—น ๐—ฟ๐—ฒ๐—ฐ๐—ถ๐—ฝ๐—ถ๐—ฒ๐—ป๐˜๐˜€, use Azure Communication Services Email.
– If you have an ๐—˜๐˜…๐—ฐ๐—ต๐—ฎ๐—ป๐—ด๐—ฒ ๐—ฆ๐—ฒ๐—ฟ๐˜ƒ๐—ฒ๐—ฟ ๐—ถ๐—ป ๐—ต๐˜†๐—ฏ๐—ฟ๐—ถ๐—ฑ ๐—ฐ๐—ผ๐—ป๐—ณ๐—ถ๐—ด, you can use Basic auth against the Exchange Server
– If you are done changing your systems, I would advise to disable the SMTP AUTH beforehand.

โš™๏ธ ๐——๐—ถ๐˜€๐—ฎ๐—ฏ๐—น๐—ฒ ๐—ฆ๐— ๐—ง๐—ฃ ๐—”๐—จ๐—ง๐—› ๐—ถ๐—ป ๐˜†๐—ผ๐˜‚๐—ฟ ๐—ผ๐—ฟ๐—ด
1. Sign in to the Exchange admin center.
2. Click Settings > Mail Flow.
3. Toggle the setting labeled “Turn off SMTP AUTH protocol for your organization”.
4. Click Save.

Even after SMTP AUTH is disabled tenant-wide, it can still be enabled for individual users. Make sure that you run a PowerShell script to retrieve all the mailboxes where SMTP AUTH is enabled and disable it.

โš ๏ธ ๐—œ๐—บ๐—ฝ๐—ผ๐—ฟ๐˜๐—ฎ๐—ป๐˜
First, identify if itโ€™s still used via sign-in logs in Entra ID, then change your systems to use modern counterparts ๐—ป๐—ผ๐˜„, while you still have time to test and redesign them.

๐Ÿ’ฌ Do you know exactly which apps or devices in your tenant are still using SMTP AUTH?

๐˜ˆ๐˜ถ๐˜ต๐˜ฉ๐˜ฐ๐˜ณ ๐˜ฐ๐˜ง ๐˜ต๐˜ฉ๐˜ฆ ๐˜ฑ๐˜ฐ๐˜ด๐˜ต:
Martin Strnad

buy a course