Our ERP/scanner needs SMTP, basic auth is being shut off
Microsoft hard-disabled basic auth for SMTP AUTH in September 2025. Legacy apps using basic auth have three options: SMTP AUTH with OAuth (XOAUTH2), Direct Send to smtp.office365.com (no auth, internal-only), or an SMTP relay connector for external mail.
Try this first
- 1Inventory which apps mail: ERP, MFP scanner, monitoring, a PHP script. For each note whether mail stays internal or goes external.
- 2Mail to internal recipients only in your tenant: use Direct Send (smtp.office365.com:25 unauthenticated). Works without credentials but only to @yourtenant addresses.
- 3Mail to external recipients: configure a Receive Connector with your public IP allowlisted. Exchange Online → Mailflow → Connectors. Auth on IP, not on user.
- 4Modern apps: SMTP AUTH with OAuth 2.0 (XOAUTH2). Postman, .NET with Microsoft Graph SDK, or Python with msal. Requires an Entra app registration.
- 5Test each route separately. Message Trace logs confirm which path is used.
When to bring us in
If the legacy app has no OAuth support and you can't upgrade, a local SMTP relay (Postfix, hMailServer) that talks OAuth to M365 itself is the practical workaround.
See also
- Our emails land in spam for some recipientsAlmost always an SPF, DKIM, or DMARC setting that is wrong or missing, or a sender name that mimics a well-known brand.
- Someone reports receiving phishing emails "from us"Read: spoofing. Someone is abusing your sender name, not necessarily your actual mailbox.
- An email bounces (NDR): delivery failedThe NDR text usually states the exact reason. Reading it is step one.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.