![]() There is no ETA yet for this work.Įxchange administrators are free to take proactive steps to disable SMTP AUTH for all mailboxes that do not require it. We will work to have the disable setting for their tenant set while enabling the mailbox setting to continue their usage of SMTP AUTH. Finally, the last group of customers are those who have some mailboxes using SMTP AUTH. Affected customers will receive targeted Message Center posts if they are affected by this in the next few months. The next step will be to disable SMTP AUTH for existing tenants who do not make use of the SMTP AUTH protocol for sending any messages. This means Exchange administrators of newly created tenants will need to enable SMTP AUTH for any mailbox that requires it, using the per-mailbox setting we provide. Firstly we have already started rolling out a change to disable it for new Office 365 tenants. To reduce what attackers can do with compromised user credentials, we are also taking steps to disable SMTP AUTH by default in Exchange Online. You can find out more about these settings here. These two settings will provide administrators with the granularity required to allow most mailboxes to have SMTP AUTH disabled, and a few select mailboxes to have it enabled. Additionally, we ensured that each mailbox has a setting to override the tenant setting and enable SMTP AUTH. We previously added a setting to make it possible for tenants to disable SMTP AUTH for their entire organization. For that reason Basic Authentication will need to be supported in Exchange Online for the foreseeable future, though it is still very wise to turn off SMTP AUTH in Office 365 tenants when possible. ![]() As we have previously indicated we are working on adding support for OAuth with SMTP AUTH, but we also know that many clients have yet to add support for OAuth. All clients have ever needed to send messages was a username and password, and these credentials are all too often obtained and used by attackers. SMTP AUTH (also known as authenticated SMTP client submission) is a legacy internet protocol which does not support OAuth by design. Email clients such as Outlook rarely use this protocol anymore and instead make use of other protocols secured with Modern Authentication (OAuth). The majority of the clients connecting to Exchange Online like this are devices such as multi-function printers or some piece of software that send automated emails. This will help us as well as others in the community who may be researching similar issues.The SMTP AUTH protocol is used to submit millions of emails every day. If the information helped you, please Accept the answer. Happy to share any feedback with the product team on your behalf! Let me know if this helps and if you have further questions. If you need to customize your security requirements and need more fine-tuned MFA options, the recommendation is to use Conditional Access. Tenants will be reevaluated periodically and if not using conditional access, security defaults will be enabled.Ĭonditional Access is really the best solution for your scenario since it allows the use of any authentication method and provides the option for call-to-phone and text-to-phone. Also, per-user MFA is going away entirely shortly, so the recommendation is to use conditional access going forward. You can use per-user MFA settings, but those require (and have always required) your users to have the correct number of licenses assigned for use of MFA. That said, my understanding (and I've reached out to verify this with the PG) is that security defaults do not override pre-existing per-user MFA controls, so those should still be in effect at least for now. The recommendation going forward is to use Conditional Access. To add to the previous response, security defaults are the free option that allows all users to MFA using the Microsoft Authenticator app.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |