SMTP on Office365 not working

I’ve tried everything I cxan find on here and on MS Support but cannnot get SMTP to work.
The error message is always either this (or similar):
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, user is locked by your organization’s security defaults policy. Contact your administrator. [DU7P195CA0004.EURP195.PROD.OUTLOOK.COM 2024-05-30T10:33:41.852Z 08DC8042EE3BD98F]

I’ve an Office 365 Business subscription and have tried enabling Basic Authentication (AUT SMTP) and have run the recommended PowerShell scripts (as an Admin) etc.

Then reading further on the MS website, it stated that MS will completely remove support for any SMTP authentication from 2025 and hence what can QF do to work with the strict MFA (multi-factor Authentication)?

Hello @MAMS005

I found this in the forum which may help

Hi Steve,
Yes I saw that and tried that too but it didn’t work either.

Hello @MAMS005

Did you create an App password ?

What error are you seeing when using it?

The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, the user credentials were incorrect. [DB7PR05CA0063.eurprd05.prod.outlook.com 2024-05-30T13:09:53.800Z 08DC80196DEDBC8C]

Hi @MAMS005

The error suggests that the email/password is failing. If you’re using the app password along with the username, this should work all OK.

If this isn’t working, it may be worth reaching out to the admin of your Office 365 account to see if there are any restrictions in place.

I found part of the the solution here:

But the code was a little wrong, and I’ve corrected it here:
(Note each step should be entered and executed separately, and you also have to make sure that the Office 365 Default Security Settings are turned off (see below).)

specify domain and admin credential

$domain=‘yourdomain.co.uk
$credential = Get-Credential

Install Module and connect to ExchangeOnline

Install-Module -Name ExchangeOnlineManagement
Connect-ExchangeOnline -Credential $credential -ShowProgress $true

Disable the global permission for SMTP authentiation (it’s already disabled by default)

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
Set-TransportConfig -SmtpClientAuthenticationDisabled $false

Enable SMTP transport for the specific user

Get-CASMailbox -Identity relay.user@yourdomain.co.uk | Format-List SmtpClientAuthenticationDisabled
Set-CASMailbox -Identity relay.user@yourdomain.co.uk -SmtpClientAuthenticationDisabled $false
Get-CASMailbox -Identity relay.user@yourdomain.co.uk | Format-List SmtpClientAuthenticationDisabled

Changing Office365 default Security Settings:

  1. Microsoft 365 admin center
  2. Select, All Admin centres
  3. Select Entra Id Admin (Microsoft Entra admin center)
  4. Select: Identity>Overview
  5. On the Overview page, find the Properties option across the top of the information area.
  6. Scroll down to bottom of the Properties view and select: Manage security defaults
  7. Select: Disabled (not recommended)

You can actually go straight to steps 6. and 7. but I included the full steps in case anyone needs to find it via their Office365 Admin page.

I’ve now tested this a few times sending out Estimates and Invoices to a Test Clioent account I created and all is fine.
However, there is still the possibility that it all stops working if and when MS stop their support for SMTP next year.
Exchange Online to retire Basic auth for Client Submission (SMTP AUTH) - Microsoft Community Hub

Microsoft are not disabling support for SMTP, only for Basic authentication. QuickFile would need to make changes on their end in order to support authentication with OAuth2 instead, something that requires a slightly different implementation for each provider - but given the number of people who use the two big providers that are pushing OAuth2 (MS 365 and GMail) it may be worth their while to implement it for those two providers specifically.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.