We are receiving the following error using the Office 365 SMTP server to send mails:
535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully.
Same issue with MFA (+ App password) and without MFA. Authenticated SMTP is activated for the used account. Unfortunately the provided error message is a bit vague.
Request options:
host: 'smtp.office365.com',
port: 587,
auth: {
user: USER,
pass: PASS
optional additional tries included specific TLS config (requireTLS: true, tls: { ciphers: 'SSLv3' }) which also resulted in the same error message.
Authentication data is correct as changing them shows a different authentication error (535 5.7.139 Authentication unsuccessful, the user credentials were incorrect).
Using the given domain XXXX.mail.protection.outlook.com (port 25) is not constant as some IPs are blacklisted so this is not an option.
Any information what this error means and what it causes would be appreciated since we can only find recent unanswered information about this error.
Thanks in advance
I keep running into tenants where this doesn't work.
I disable security defaults and run commands like these:
Set-TransportConfig -SmtpClientAuthenticationDisabled:$false
New-AuthenticationPolicy BLOCK-BasicAuth
New-AuthenticationPolicy ALLOW-BasicAuth
Set-OrganizationConfig -DefaultAuthenticationPolicy BLOCK-BasicAuth
Set-AuthenticationPolicy ALLOW-BasicAuth -AllowBasicAuthSmtp:$true
Get-User info | Set-User -AuthenticationPolicy ALLOW-BasicAuth
set-casmailbox info -SmtpClientAuthenticationDisabled:$false
and it doesn't work.
Odd thing is, create a new user, say new-user and run
Get-User new-user | Set-User -AuthenticationPolicy ALLOW-BasicAuth
and it works fine for the new user.
Trash the info user and recreate it and problems be gone.
Can't find what's screwing the user over to begin with though. Don't want to be recreating users every time I need this on existing tenants.
Any ideas?
APP PASSWORDS is not offered as a sign in method. I only get Phone, Microsoft Authenticator and Email(?).
Any suggestions?
Hi
@Maurice Wegner
To my knowledge, there may be other two possible causes of this issue.
Please refer to this link and check point 3 (Azure Security Defaults) and point 4 (Conditional Access policy):
Error: Authentication unsuccessful
These settings would block Legacy Authentication.
If the response is helpful, please click "
Accept Answer
" and upvote it.
Note: Please follow the steps in
our documentation
to enable e-mail notifications if you want to receive the related email notification for this thread.
Tried to use SMTP for sending emails from my Home Assistant and had the same issue as others here.
Following your proposal of "Disable Azure Security Defaults" did the trick for me. Thank you!
Just curious - will this affect security of my tenant somehow?
We got this error when we set up a Lexmark X736de MFP network scanner/printer
the way to setup the printer is nicely explained
here:
The user account used for authentification needs to have a licenced exchange subscription so shared mailboxes do not work
Azure Security Defaults are set to "NO"
No conditional access policies are active but the selected user uses MFA Multifactor authentifaction anyway.
When trying to scan we got errors like "535 5.7.139 authentication unsuccessful"
You can check in azure acive directory --> users --> user that you want to authenticate --> sign-in logs for details
As a work around you can use an APP PASSWORD which can be created by
login into the relevant o365 user account --> clicking on user icon in upper right corner on browser (office account, not brower profile) -> view account --> my sign-ins --> security info --> add method --> app password
When setting up the smtp user account of the printer use the email address + app password (instead of the normal user password connected to MFA)
So nor option 3 nor option 4 were working for me.
The security defaults were already turned off and the conditional access is only available when you have an Azure premium setup.
I got it solved with the workaround proposed by StephaneAngele-7722
As a work around you can use an APP PASSWORD which can be created by
login into the relevant o365 user account --> clicking on user icon in upper right corner on browser (office account, not brower profile) -> view account --> my sign-ins --> >security info --> add method --> app password
When setting up the smtp user account of the printer use the email address + app password (instead of the normal user password connected to MFA)
Thank you so much! :)
APP PASSWORDS is not offered as a sign in method. I only get Phone, Microsoft Authenticator and Email(?).
Any suggestions?
[edit] I found the answer here:
https://d365demystified.com/2021/10/17/allow-users-to-create-app-passwords-in-office-365-multi-factor-authentication/
