OAuth2 for SMTP.SendAsApp granting AccessToken but returns 535: 5.7.3 Authentication unsuccessful

Thanh Ngo 0 Reputation points


we are currently trying to connect/authenticate to the Smtp server as an application, so without user interaction.

But we get an error 535: 5.7.3 Authentication unsuccessful when trying to authenticate with OAuth2 access token with our Smtp client.

Our permission are:

Smtp.SendAsApp Permission

We added the mail account to the Service-Principal of our appliction.

For the access token request we send

    grant_type: "client_credentials",
    client_id: xxxxxxxxxxxxxx,
    scope: "https://outlook.office365.com/.default",
    client_secret: xxxxxxxxxxxxxx,

to the https://login.microsoftonline.com/TenantID/oauth2/v2.0/token.

We succesfully receive a token and after connecting to outlook.office365.com with MailKit when we try to authenticate we receive 535: 5.7.3 Authentication unsuccessful.

We have activated SMTP AUTH for our email account:


We also unchecked the "Turn off SMTP AUTH protocol for your organization" at the Mail flow settings.

Is there any additional setting that needs to be configured so we can authenticate as an application without a user involved?

Are there any documentation that describe how to achieve this?

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
3,732 questions
Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,161 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Aholic Liang-MSFT 13,741 Reputation points Microsoft Vendor

    Hi @Thanh Ngo ,

     535: 5.7.3 Authentication unsuccessful

    For this error, on the Exchange online side, in addition to enabling authenticated SMTP submission, please check the following points:

    1.Disable Multi-Factor Authentication (MFA) on the licensed mailbox that's being used:

    • In the Microsoft 365 admin center, in the left navigation menu, choose Users > Active users.
    • On the Active users page, choose Multi-Factor Authentication.
      • On the multi-factor authentication page, select the user and disable the Multi-Factor Authentication status.

    2.Disable Azure security defaults

    3.Check if you have set to exclude users in Conditional Access policies that block legacy authentication


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread