Microsoft has been engaged in the removal of Basic Authentication from their Exchange On-line systems for almost a year. The final cutoff is currently set for October of 2022. Some business applications and devices like scanners logon to the cloud with their own user account to deliver their messages. Older apps and machines that impersonate a Microsoft 365 user in this way may not support MFA (Multi-Factor Authentication), aka 2FA.
In preparation for decommissioning the basic logon protocol, Microsoft has begun modifying the SmtpClientAuthenticationDisabled attribute for Tenants and mailboxes they’ve deemed to not be using it anyway. According to their documentation, they will post a notification in the Message Center before making the changes to your organization’s subscription. We’ve received multiple reports of this change effecting established systems that are used every day with no message being seen in the Microsoft portal.
If you find that your apps, MFPs, or other non-Outlook email clients have suddenly stopped working, there are some useful PowerShell commands that will help you diagnose the situation. You can also re-enable SMTP authentication for either your entire Org or for individual mailboxes. Most of this information is outlined in another Microsoft Document.
To check the SMTP Authentication status of an Exchange On-line subscription, logon from a PowerShell session in your favorite terminal app. The instructions in this post assume that you have already installed the new EXO V2 PowerShell module.
To check settings for the organizational level, run the command below. An output of True means the authentication is disabled at the top level. This is not the whole story. Each mailbox can also have its own setting. The top-level only applies when a mailbox’s corresponding attribute is blank.
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabledIf the mailbox SmtpClientAuthenticationDisabled attribute is set to a value other than $null (empty in the report you generate below), it overrides to top-level command. Use this one-liner to generate a report showing each account’s setting.
Get-CasMailbox | Select DisplayName, PrimarySmtpAddress, SmtpClientAuthenticationDisabledTo change the Organizational (default) level, execute the following line in your console. Change the value at the end from $true to $false to fit your desired outcome.
Set-TransportConfig -SmtpClientAuthenticationDisabled $trueTo modify individual mailboxes, you’ll need the email address. The SmtpClientAuthenticationDisabled value can be set to $true (disable SMTP auth), $false (enable SMTP auth), or $null (use ORG level).
Set-CASMailbox -Identity xxx@xxxx.com -SmtpClientAuthenticationDisabled $true Use this simple script to modify all of your mailboxes at once, the same values apply here. Note: if you are at a larger company, you may need to add the ResulteSize Unlimited switch. As written, it will enable SMTP Authentication for all mailbox accounts.
$mailboxes = Get-CasMailbox|Select-Object PrimarySmtpAddress -ExpandProperty PrimarySmtpAddress
Foreach ($mailbox in $mailboxes){
Set-CasMailbox -identity $mailbox -SmtpClientAuthenticationDisabled $false
}
techbloggingfool.com 