SMTP Modern Authentication

Question

SMTP Modern Authentication

Arief Hardiansyah 51

Hi All,

We have a send connector on our 2016 exchange server that we configured using "Route mail through smart hosts" to smtp.office365.com with basic authentication.

We get information that Microsoft wants to disable legacy authentication. We would like to ask some things:

Whether these changes can have an impact on basic authentication to smtp.office365.com?
is it possible if we authenticate to smtp 365 using an account that has been activated MFA?
what solution is provided by Microsoft for modern authentication for SMTP Auth?

Really appreciate for your answer.

KyleXu-MSFT 26,396 Reputation points

2022-08-04T08:16:42.21+00:00

@Arief Hardiansyah

I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.

2 answers

Your answer

KyleXu-MSFT 26,396 Reputation points

2022-08-04T08:16:42.21+00:00

@Arief Hardiansyah

I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.

Answer 1

Carlos Solís Salazar 18,191 MVP Volunteer Moderator

Hi @Arief Hardiansyah

Thank you for asking this question on the **Microsoft Q&A Platform. **

You won't be for to disable legacy authentication, but it is strongly recommended to disable it

There is a way to Authenticate an IMAP, POP or SMTP connection using OAuth

Hope this helps,
Carlos Solís Salazar

----------

Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.

Carlos Solís Salazar 18,191 Reputation points MVP Volunteer Moderator

2022-08-03T17:23:45.64+00:00

@Arief Hardiansyah

How did it go?

You can Accept Answer and Upvote, if the above response helped answer your query, others visiting the forum with the same query might get help.
NOTE: To answer you as quickly as possible, please mention me in your reply.
Arief Hardiansyah 51 Reputation points

2022-08-05T04:34:27.797+00:00

Hi @Carlos Solís Salazar ,

Thanks for your advice, but I think the link doesn't explain how to make our Exchange On Premise send to the internet or smtp 365 without basic authentication

Answer 2

KyleXu-MSFT 26,396

@Arief Hardiansyah

Do you want to use Exchange online to relay emails for Exchange on-premises to the Internet? If so, you could follow this article: Part 2: Configure mail to flow from your email server to Microsoft 365 or Office 365

It create a Send Connector without using BasicAuth for "-SmartHostAuthMechanism":

New-SendConnector -Name "My company to Office 365" -AddressSpaces * -CloudServicesMailEnabled $true -Fqdn mail.contoso.com -RequireTLS $true -DNSRoutingEnabled $false -SmartHosts contoso-com.mail.protection.outlook.com -TlsAuthLevel CertificateValidation

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Arief Hardiansyah 51 Reputation points

2022-08-05T04:31:02.9+00:00

Hi @KyleXu-MSFT ,

Thanks for your response, to do this is it necessary to configure a hybrid exchange first?
KyleXu-MSFT 26,396 Reputation points

2022-08-05T08:56:23.25+00:00

It used for Exchange on-premises to relay email from Exchange online. Hybrid isn't needed.
Arief Hardiansyah 51 Reputation points

2022-08-09T06:36:51.437+00:00
Hi @KyleXu-MSFT ,

Thanks for your answer, i want to ask some things:

for the value in parameter -fqdn "mail.contoso.com" what value should be filled with? does it have to be filled with the virtual directory of the Exchange Server that has been configured NAT?

is a certificate required for the parameters-TlsAuthLevel CertificateValidation? if yes, internal or external certificate?
KyleXu-MSFT 26,396 Reputation points

2022-08-10T08:47:04.04+00:00

Here are detailed information about them:

-Fqdn: The Fqdn parameter specifies the FQDN used as the source server for connected messaging servers that use the Send connector to receive outgoing messages.

-TlsAuthLevel: Check that your on-premises email server has Transport Layer Security (TLS) enabled, with a valid certification authority-signed (CA-signed) certificate. We recommend that the certificate subject name includes the domain name that matches the primary email server in your organization. Buy a CA-signed digital certificate that matches this description, if necessary.
Arief Hardiansyah 51 Reputation points

2022-08-16T04:17:34.783+00:00
Hi @KyleXu-MSFT ,

Thanks for your explanation.

do we have to publish or NAT for the FQDN we are using?

the domains on our exchange on premise and 365 are different, does the subject name on the certificate have to contain only the 365 domain or the on premise domain too?
KyleXu-MSFT 26,396 Reputation points

2022-08-19T08:42:35.763+00:00

If you relay emails from Internal of your organization, I think FQDN isn't need to published. But it is suggest to published and create SPF record for it.

Contained your Exchange on-premises domain name in it.

Share via

SMTP Modern Authentication

2 answers

Your answer