fbpx
Active Directory & Office 365 Reporting Tool

How to Enable SMTP Authentication in Office 365. In order to ensure that outgoing emails are secure and prevent unauthorized access please read this article that guides you through enabling “Authenticated SMTP” via the Microsoft Admin Center and PowerShell

When you perform this task in the Microsoft Admin Center, you only enable SMTP authentication for one mailbox per time. However, PowerShell offers the option to enable this feature in multiple mailboxes. 

Microsoft recommends disabling SMPT authentication (SMTP AUTH) in your Office 365 tenant (organization-wide). Then, you enable the setting on individual mailboxes that require it. 

You only enable this feature via Microsoft’s Admin Center on mailboxes you’ve assigned an Exchange Online license. However, when you use PowerShell, you enable SMTP Authentication, but it will not be active on the mailbox. 

Enable SMTP Authentication via Office 365 Admin Center

Use this method to enable SMTP authentication on individual Office 365 mailboxes. If you want to check the status, enable or disable SMTP authentication tenant-wide, see the steps in the second section of this article. 

The steps to enable SMTP AUTH on individual mailboxes are detailed below. 

1. Open the Microsoft 365 Admin Center – admin.microsoft.com and sign in with your account. 
2. Then, click the menu icon on the left of the page. 

3. When the menu expands, click Users, then click Active Users

4. Next, locate the mailbox you want to modify and click on it. Note that this user must have a valid Exchange Online license, otherwise, the option to enable SMTP is not available. 

5. On the user flyout that appears, click the Mail tab. Then, click Manage email apps on the “Email apps” section of the Mail tab.

6. Finally, to enable SMTP authentication on the mailbox, check the “Authenticated SMTP” checkbox and click Save changes

Try our Active Directory & Office 365 Reporting & Auditing Tools

Try us out for Free.  100’s of report templates available. Easily customise your own reports on AD, Azure AD & Office 355.

Enable SMTP Authentication in Office 365 with PowerShell

Enabling SMTP authentication via the Microsoft Admin Center has limitations, not least that you cannot enable SMTP on multiple mailboxes concurrently. Considering the limitations, PowerShell offers more options, flexibility, and control. 

Having said that, you must first install the Exchange Online PowerShell module before you run any of the commands discussed in this section. Then, connect to Exchange Online via PowerShell. 

Let’s begin this section by installing the required module and connecting to Exchange Online. 

Install Exchange Online PowerShell Module and Connect to Exchange Online

1. Search PowerShell. Windows PowerShell is selected as the best match.

On the details pane, click “Run as administrator.” Your PC prompts you to allow the app to make changes to your device, click Yes.

2. On the PowerShell command console, enter the command below and press Enter on your keyboard. 

				
					Powershell.exe -ExecutionPolicy RemoteSigned
				
			

3. Next install the Exchange Online PowerShell module (ExchangeOnlineManagement). To install the module, copy the command below to your PowerShell console, then press Enter to execute the command. 

				
					Install-Module ExchangeOnlineManagement
				
			

4. After installing the ExchangeOnlineManagement PowerShell module, you need to load it on your computer. To accomplish this, execute the command below – copy and paste in PowerShell, then, press Enter. 

				
					Import-Module ExchangeOnlineManagement
				
			

5. Finally, connect and authenticate your account to connect to Exchange Online by running the command below. 

				
					Connect-ExchangeOnline -UserPrincipalName (UPN)
				
			

Change UPN to your Office 365 login account using the format – UserName@DomainName.com. When you execute the command, PowerShell prompts to enter the password for the account. 

Enter the password and click Sign in. When you successfully sign in to Exchange Online PowerShell, PowerShell displays messages similar to the one in my second screenshot below. 

Proceed to the next subsection below. 

Enable SMTP Authentication Office 365 Tenant-wide with PowerShell

Microsoft disables SMTP authentication in Office 365 by default and recommends that you keep it that way. However, if you wish to change the default configuration and enable SMTP tenant-wide, you do so by following the steps below. 

1. Firstly, check the current status of SMTP authentication in your Office 365 tenant. To check whether the protocol is enabled or disabled in your Office 365 Organization, run the command below. 

If SMTP is disabled as expected, the command displays True. Otherwise, it shows False. 

Mine shows True, meaning that  SMTP is disabled in my Office 365 tenant. 

				
					Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
				
			

2. If yours is disabled and you wish to enable it globally in your Office 365 tenant, execute the PowerShell command below. 

				
					Set-TransportConfig -SmtpClientAuthenticationDisabled $false
				
			

After running the Set-TransportConfig command above, if you run the Get-TransportConfig, it displays False, implying that SMTP is now enabled for all qualifying mailboxes across your Office 365 Organization.

To disable the protocol Office 365 tenant-wide, change $false to $true in the previous command. 

				
					Set-TransportConfig -SmtpClientAuthenticationDisabled $true
				
			

Enable SMTP Authentication for a Single Office 365 Mailbox with PowerShell

Apart from using the Exchange Online PowerShell to enable SMTP authentication Office 365 tenant wide, you also use it to allow the protocol in single or multiple mailboxes. 

In the following subsection, you learn how to perform the task on multiple mailboxes, but first, let’s see how to do this on individual mailboxes. Run the command below to enable SMTP authentication on an Office 365 mailbox with the UPN, VictorAs@corp.itechguides.com. 

				
					Set-CASMailbox -Identity VictorAs@corp.itechguides.com -SmtpClientAuthenticationDisabled $false
				
			

The SmtpClientAuthenticationDisabled parameter accepts $false (SMTP is enabled), $true (SMTP is disabled), or $null (SMTP authentication setting for the mailbox is controlled by the tenant-wide configuration). 

Enable SMTP Authentication for Multiple Office 365 Mailbox with PowerShell

I’ll kick off this subsection by showing how to enable SMTP authentication for all Office 365 mailboxes with the protocol disabled. The command below accomplishes this task. 

				
					Get-CASMailbox -ResultSize unlimited | Where-Object {$_.SmtpClientAuthenticationDisabled -eq $true} | ForEach-Object {Set-CASMailbox -Identity $_.PrimarySmtpAddress -SmtpClientAuthenticationDisabled $false}
				
			

This command may take a while, depending on the number of mailboxes it needs to configure. 

Furthermore, the command has three sub-commands.

Firstly, the Get-CASMailbox command returns all mailboxes in your Office 365 tenant. Then, the result pipes to the Where-Object command, which filters it and returns only mailboxes with the SmtpClientAuthenticationDisabled property set to $true (mailbox disabled). 

Finally, the mailboxes are piped to the ForEach-Object to iterate all the mailboxes and enable SMTP Authentication using the Set-CASMailbox command.  

The above example is excellent for enabling SMTP on a lot of mailboxes. However, if you want to perform the task on a few mailboxes, you pipe the UPNs of the mailboxes into the ForEach-Object command directly without needing the Get-CASMailbox command. 

In the example below, I enable SMTP authentication on three mailboxes with the following UPNs – PeterB@corp.itechguides.com, updates@itechguides.com, and VictorAs@corp.itechguides.com

				
					"PeterB@corp.itechguides.com", "updates@itechguides.com", "VictorAs@corp.itechguides.com" | ForEach-Object {Set-CASMailbox -Identity $_ -SmtpClientAuthenticationDisabled $false}
				
			

If you have a few more mailboxes, entering them directory into the command line may not be practical. In that case, it is better to enter the UPNs of all the mailboxes in a text file (one UPN per line). 

Then, modify the last command as shown below. 

				
					Get-Content "D:\Office-365-mailboxes.txt" | ForEach-Object {Set-CASMailbox -Identity $_ -SmtpClientAuthenticationDisabled $false}
				
			

How to Enable SMTP Authentication in Office 365 Conclusion

Enabling SMTP (Simple Mail Transfer Protocol) authentication in Office 365 mailboxes ensures that email clients authenticate outgoing emails and deliver them safely and securely. Furthermore, the SMTP protocol reduces the possibility of email messages being rejected or marked as spam by the recipient’s email server.

This improves email deliverability and reduces lost messages.

Enabling SMTP on Office 365 mailboxes is relatively simple. Not surprisingly, you do this via the Microsoft Admin Center.

However, this method has one major limitation – you can only enable SMTP in one mailbox at a time. The good news is that PowerShell overcomes this limitation by providing multiple ways to enable SMTP authentication on Office 365 mailboxes.

With PowerShell, like using the Microsoft Admin Center, you enable the protocol on a single mailbox. In addition to that, you use PowerShell to enable or disable SMTP authentication Office 365 tenant-wide.

Not only that, but PowerShell also offers the option to enable this protocol in multiple mailboxes.

InfraSOS-AD-Tools

Try InfraSOS for FREE

Invite your team and explore InfraSOS features for free

Victor Ashiedu

Victor Ashiedu

Victor is an IT pro based in Manchester, UK. With over 22 years of experience managing Windows Server, Active Directory, and Powershell, and 7 years of expertise in Azure AD and Office 365, he's a seasoned expert in his field. When he's not working, he loves spending time with his family - a wife and a 5-year-old. Victor is passionate about helping businesses succeed in today's fast-changing tech landscape.

Leave a comment

Your email address will not be published. Required fields are marked *