Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online

Generic selectors
Exact matches only
Search in title
Search in content
Filter by Categories
Account Management Help
add photos, video and audio
Add-on features and social media
Advanced
Advanced campaign settings
All about analytics
All about images
Basic steps
Configure the Web Application Firewall (WAF)
Connect my Calendar and Online Storage to Workspace
contact support
copy files to my site
Create my email address
Customize campaign
Discover domains
discover linux hosting with cPanel
Discover Microsoft 365
Discover Online Storage
Discover Workspace Email
edit content
Email Marketing demo
expand your site with sections and pages
Explore email add-ons
Explore my account
Find server and port settings (IMAP/POP)
fine tune my website
get social
Get started with SSL certificates
Get the most out of Microsoft 365
help my site get found and monitor my metrics
Hosting & Servers
How to use WordPress
keep my account secure
Keep my email secure
know your privacy rights
Legacy
Manage your SSL certificate
Managed WordPress
Manual email configuration
Migrate and export my emails
My email account isn’t working (troubleshooting)
nameservers and DNS
news
online store
organize
parking, forwarding and monetizing
privacy and protection
publish my site
Quick Shopping Cart
Renew my products and services
renewals
Security
Set up a campaign
Set up email on my devices
set up my payment methods
Set up my Workspace Email account
start with the basics
Stay productive anywhere with Office apps
Streamline email tasks to help my business
The WordPress LAB
transfer between accounts
transfer between registrars
Troubleshoot email and email setup
Troubleshooting
troubleshooting
Uncategorized
Upgrade and renewal options for email
Web & Classic Hosting
Website backups
Website Builder 7
Website Builder version 6
Website Security and Backups
Websites
work with databases
work with delegates
working with blogs

Client SMTP email submissions (also known as authenticated SMTP submissions) are used in the following scenarios in Office 365 and Microsoft 365:

  • POP3 and IMAP4 clients. These protocols only allow clients to receive email messages, so they need to use authenticated SMTP to send email messages.
  • Applications, reporting servers, and multifunction devices that generate and send email messages.

 As of February 2020, OAuth authentication is available for POP3, IMAP4, and SMTP AUTH connections to Exchange Online. For more information, see Authenticate an IMAP, POP or SMTP connection using OAuth.

The SMTP AUTH protocol is used for client SMTP email submission, typically on TCP port 587. SMTP AUTH supports modern authentication (Modern Auth).

Virtually all modern email clients that connect to Exchange Online mailboxes in Office 365 or Microsoft 365 (for example, Outlook, Outlook on the web, iOS Mail, Outlook for iOS and Android, etc.) don’t use SMTP AUTH to send email messages.

Therefore, we highly recommend that you disable SMTP AUTH in your Exchange Online organization, and enable it only for the accounts (that is, mailboxes) that still require it. There are two settings that can help you do this:

  • An organization-wide setting to disable (or enable) SMTP AUTH.
  • A per-mailbox setting that overrides the tenant-wide setting.

Note that these settings only apply to mailboxes that are hosted in Exchange Online (Office 365 or Microsoft 365).

 Note :

If you’ve enabled security defaults in your organization, SMTP AUTH is already disabled in Exchange Online. For more information, see What are security defaults?.

If your authentication policy disables basic authentication for SMTP, clients cannot use the SMTP AUTH protocol even if you enable the settings outlined in this article. For more information, see Disable Basic authentication in Exchange Online.

Disable SMTP AUTH in your organization

You can only disable (or enable) SMTP AUTH globally for your organization by using Exchange Online PowerShell.

To disable SMTP AUTH globally in your organization, run the following command:

PowerShell :

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

Note: To enable SMTP AUTH if it’s already disabled, use the value $false.

How do you know this procedure worked?

To verify that you’ve globally disabled SMTP AUTH in your organization, run the following command and verify that the value of the SmtpClientAuthenticationDisabled property is True:

PowerShell :

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled

Enable SMTP AUTH for specific mailboxes

The per-mailbox setting to enable (or disable) SMTP AUTH is available in the Microsoft 365 admin center or Exchange Online PowerShell.

Use the Microsoft 365 admin center to enable or disable SMTP AUTH on specific mailboxes

  1. Open the Microsoft 365 admin center and go to Users > Active users.
  2. Select the user, and in the flyout that appears, click Mail.
  3. In the Email apps section, click Manage email apps.
  4. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.
  5. When you’re finished, click Save changes.

Use Exchange Online PowerShell to enable or disable SMTP AUTH on specific mailboxes

Use the following syntax:PowerShell :

Set-CASMailbox -Identity <MailboxIdentity> -SmtpClientAuthenticationDisabled <$true | $false | $null>

The value $null indicates the setting for the mailbox is controlled by the global setting on the organization. You use the values $true (disabled) or $false (enabled) to override the organization setting. The mailbox setting takes precedence over the organization setting.

This example enables SMTP AUTH for mailbox sean@contoso.com.PowerShellCopy

Set-CASMailbox -Identity sean@contoso.com -SmtpClientAuthenticationDisabled $false

This example disables SMTP AUTH for mailbox chris@contoso.com.PowerShellCopy

Set-CASMailbox -Identity chris@contoso.com -SmtpClientAuthenticationDisabled $true

Use Exchange Online PowerShell to enable or disable SMTP AUTH on multiple mailboxes

Use a text file to identify the mailboxes. Values that don’t contain spaces (for example, alias, email address, or account name) work best. The text file must contain one mailbox on each line like this:

akol@contoso.com
tjohnston@contoso.com
kakers@contoso.com

The syntax uses the following two commands (one to identify the mailboxes, and the other to enable SMTP AUTH for those mailboxes):PowerShell :

$<VariableName> = Get-Content "<text file>"
$<VariableName> | foreach {Set-CASMailbox -Identity $_ -SmtpClientAuthenticationDisabled <$true | $false | $null>}

This example enables SMTP AUTH for the mailboxes specified in the file C:\My Documents\Allow SMTP AUTH.txt.PowerShell

$Allow = Get-Content "C:\My Documents\Allow SMTP AUTH.txt"
$Allow | foreach {Set-CASMailbox -Identity $_ -SmtpClientAuthenticationDisabled $false}

To disable SMTP AUTH for the mailboxes, use the value $true. To return control to the organization setting, use the value $null.

How do you know this worked?

To verify that you’ve enabled or disabled SMTP AUTH for a specific mailbox, do any of the following steps:

  • Individual mailboxes in the Microsoft 365 admin center: Go to Users > Active users > select the user > click Mail > click Manage email apps and verify the value of Authenticated SMTP (checked = enabled, unchecked = disabled).
  • Individual mailboxes in Exchange Online PowerShell: Replace <MailboxIdentity> with the name; alias; email address or account name of the mailbox; run the following command; and verify the value of the SmtpClientAuthenticationDisabled property (False = enabled, True = disabled, blank = use organization setting).PowerShellGet-CASMailbox -Identity <MailboxIdentity> | Format-List SmtpClientAuthenticationDisabled
  • All mailboxes where SMTP AUTH is disabled: Run the following command:PowerShell$Users = Get-CASMailbox -ResultSize unlimited $Users | where {$_.SmtpClientAuthenticationDisabled -eq $true}
  • All mailboxes where SMTP AUTH is enabled: Run the following command:PowerShell$Users = Get-CASMailbox -ResultSize unlimited $Users | where {$_.SmtpClientAuthenticationDisabled -eq $false}
  • All mailboxes where SMTP AUTH is controlled by the organization setting: Run the following command:PowerShell$Users = Get-CASMailbox -ResultSize unlimited $Users | where {$_.SmtpClientAuthenticationDisabled -eq $null}

Changing the currency for the products.

Prices shown in US Dollars. You can convert to your own currency after selecting a product.