SMTP Email Sending Issue with MFA on a Service Account in Microsoft 365 Business Premium

DNovokhatskyi 0 Reputation points
2024-04-04T08:55:15.25+00:00

I have a Microsoft 365 Business Premium subscription, and I'm facing an issue with a service mailbox that has an Exchange Online Plan 1 license. This mailbox needs to send emails via SMTP. However, even though Multi-Factor Authentication (MFA) is enabled for all users in Entra (formerly known as Azure Active Directory), the option to "create app password" is missing.

Attempting to disable MFA for this specific mailbox does not bypass the requirement; MFA prompts still occur. I need to either generate an app password for this service mailbox or completely disable MFA to allow SMTP email sending. How can this issue be resolved?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,898 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,536 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,822 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andy David - MVP 148.1K Reputation points MVP
    2024-04-04T10:35:04.63+00:00

    How is MFA implemented?

    By Security Defaults: You would need to disable it entirely ( not recommended)

    With a Conditional Access Policy? Exclude the mailbox from the policy

    per user? Disable the per user option for that mailbox

    You would also need to verify that MFA registration is disabled for that mailbox

    App passwords do not work with modern auth: https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords

    Best solution: Leave MFA as is for all users and send email using an OAuth App instead:

    https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.