Has anybody had any luck setting up and using an app specific password in O365 to get scan to email working? I'm seeing this issue more and more with businesses who have recently started using O365 and not so much with long time users. With all of the Microsoft Security Defaults turned on, trying to set up scan to email has become much more difficult. I kept getting Error Code 535 and ultimately just used a Gmail account the customer had with an app password (worked the first time). I verified that SMTP AUTH was turned on for the account I was trying to send from, but even when I finally found where to create an app password it still wouldn't work.
-
-
Re: Scan to email via Office 365 using an App Password
You need to turn the security defaults off as otherwise the use of app passwords and SMTP AUTH are disabled at the tenant level, which overrides any settings you make.
You may also need to confirm that the devices support TLS 1.2, otherwise you'll need a relay of some sort to add the necessary encryption.
Sent from my Pixel 6 Pro using Tapatalk -
Re: Scan to email via Office 365 using an App Password
These looks like the steps you are referencing.
Can Security Defaults be set to on at the tenant level and still allow settings to be changed for a single user or mailbox? If so, is this a Conditional Access setting? I'm fine with turning off the security defaults, but the customer may not be.
Error: Authentication unsuccessful
If you receive one of the following errors:
- 535 5.7.3 Authentication unsuccessful
- 5.7.57 Client not authenticated to send mail
There are a few things you should check:
- Use Exchange Online PowerShell to verify that authenticated SMTP submission (also known as SMTP AUTH) is enabled on the licensed mailbox that the printer or application is using to connect to Microsoft 365 or Office 365:
- Disable Multi-Factor Authentication (MFA) on the licensed mailbox that's being used:
- In the Microsoft 365 admin center, in the left navigation menu, choose Users > Active users.
- On the Active users page, choose Multi-Factor Authentication.
- On the multi-factor authentication page, select the user and disable the Multi-Factor Authentication status.
- Disable the Azure Security Defaults by toggling the Enable Security Defaults to No:
[COLOR=var(--theme-text)][COLOR=var(--theme-danger-dark)] Caution[/COLOR]
Don't do this step unless you understand the risks that are involved.
[/COLOR]- Sign in to the Azure portal as a Security administrator, Conditional Access administrator, or Global administrator.
- Browse to Microsoft Entra ID > Properties.
- Select Manage security defaults.
- Set the Enable security defaults toggle to No.
- Select Save.
- Exclude the user from a Conditional Access policy that blocks Legacy Authentication:
- Sign in to the Azure portal as a Security administrator, Conditional Access administrator, or Global administrator.
- Browse to Microsoft Entra ID > Security > Conditional Access.
- In the policy that blocks Legacy Authentication, exclude the mailbox being used under Users and Groups > Exclude.
- Select Save.
Comment
-
Re: Scan to email via Office 365 using an App Password
That would be it.
Sent from my Pixel 6 Pro using TapatalkComment
-
Re: Scan to email via Office 365 using an App Password
You might want to create a user specifically for the device to send with. If you have them use Direct Send that user does not need a mailbox. Direct Send can only send to mailboxes within their organization. Usually the individuals send to themselves and then attaches additional files and notes before forwarding to the final recipient.
Here is documentation from Microsoft on the various methods of setting up a multifunction device for sending. How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft LearnComment
-
Re: Scan to email via Office 365 using an App Password
The Security Defaults being turned on also prevents any individual changes.
Securing Authenticated SMTP in Exchange Online - Microsoft Community Hub
Sent from my Pixel 6 Pro using TapatalkComment
Comment