[German]Very brief information for users and administrators who use Microsoft 365 or Microsoft Office 365 with Exchange Online and are suddenly confronted with the problem that the sending of emails in Microsoft Outlook or in other applications is on strike. Microsoft has disabled SMTP support for security reasons with an update for Exchange Online. Here is a brief overview for those affected, administrators and service providers.

Note from a reader

German blog reader Robert G. was kind enough to email me the information this morning (thanks for that), that there is a change in Exchange Online. Robert wrote on July 13, 2022:

A little chicanery from Microsoft. Today (at night) SMTP authentication was disabled for security reasons and you have to explicitly turn it on for the accounts you want. sTunnel reports:

535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. 
Visit https://aka.ms/smtp_auth_disabled for more information. [FR3P281CA0086.DEUP281.PROD.OUTLOOK.COM]
The SMTP server did not accept Auth LOGIN PASSWD value.

There came quite hints from MS, but I must admit that the consequences were not quite clear to me.

sTunnel is a utility also for sending emails that transparently turns an unencrypted connection into a TLS connection. It is not trivial to implement it in your own programs. Outlook uses its own protocol for Office365 or Exchange Online. But all other email programs that don't have that implemented requires POP3/IMAP and SMTP and can then get a problem. The topic had completely passed me by. Let's see what this means, what Microsoft says about it and who is affected.

The abbreviation SMTP stands for Simple Mail Transfer Protocol, a protocol for sending e-mail, while POP3 and IMAP are used for retrieval. The problem is that the original SMTP transmission method did not use authentication in 1982, and since the initial implementation, auxiliary solutions have been used to send e-mail securely. 

SMTP authentication in Exchange Online

The link mentioned in the sTunnel message leads to the support article Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online. There Microsoft states:

Client SMTP email submissions (also known as authenticated SMTP submissions) are used in the following scenarios in Office 365 and Microsoft 365::

• POP3 and IMAP4 clients. With these protocols, clients can only receive email messages, so they must use authenticated SMTP.
• Applications, report servers, and multifunction devices that generate and send email messages.

The SMTP AUTH protocol (available since Feb. 2020) is used to deliver SMTP email to clients, typically on TCP port 587. SMTP AUTH supports modern authentication (Modern Auth)..

Virtually all modern email clients that connect to Exchange Online mailboxes in Office 365 or Microsoft 365 (e.g. Outlook, Outlook on the Web, iOS Mail, Outlook for iOS and Android, etc.) do not use SMTP AUTH to send email messages.

Therefore, in the support post, Microsoft strongly recommends disabling SMTP AUTH in the Exchange Online organization and enabling it only for those accounts (i.e. mailboxes) that still need it. However, the article also describes how to re-enable support. Beside Outlook clients also app (like for scanners that sends scans via mail to Exchange online, or reporting tools) may be affected.