OAuth2 for SMTP.SendAsApp granting AccessToken but returns 535: 5.7.3 Authentication unsuccessful

Thanh Ngo 0 Reputation points
2023-03-09T10:15:53.5933333+00:00

Hello,

we are currently trying to connect/authenticate to the Smtp server as an application, so without user interaction.

But we get an error 535: 5.7.3 Authentication unsuccessful when trying to authenticate with OAuth2 access token with our Smtp client.

Our permission are:

Smtp.SendAsApp Permission

We added the mail account to the Service-Principal of our appliction.

For the access token request we send

{
    grant_type: "client_credentials",
    client_id: xxxxxxxxxxxxxx,
    scope: "https://outlook.office365.com/.default",
    client_secret: xxxxxxxxxxxxxx,
}

to the https://login.microsoftonline.com/TenantID/oauth2/v2.0/token.

We succesfully receive a token and after connecting to outlook.office365.com with MailKit when we try to authenticate we receive 535: 5.7.3 Authentication unsuccessful.

We have activated SMTP AUTH for our email account:

dd533c54-d266-4ac7-9a02-f67a3e7fcaae

We also unchecked the "Turn off SMTP AUTH protocol for your organization" at the Mail flow settings.

Is there any additional setting that needs to be configured so we can authenticate as an application without a user involved?

Are there any documentation that describe how to achieve this?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,776 questions
Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,175 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Aholic Liang-MSFT 13,741 Reputation points Microsoft Vendor
    2023-03-10T05:39:12.5666667+00:00

    Hi @Thanh Ngo ,

     535: 5.7.3 Authentication unsuccessful

    For this error, on the Exchange online side, in addition to enabling authenticated SMTP submission, please check the following points:

    1.Disable Multi-Factor Authentication (MFA) on the licensed mailbox that's being used:

    • In the Microsoft 365 admin center, in the left navigation menu, choose Users > Active users.
    • On the Active users page, choose Multi-Factor Authentication.
      • On the multi-factor authentication page, select the user and disable the Multi-Factor Authentication status.

    2.Disable Azure security defaults

    3.Check if you have set to exclude users in Conditional Access policies that block legacy authentication

     

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread