Results 1 to 6 of 6
  1. #1
    Senior Tech 250+ Posts progoffice's Avatar
    Join Date
    Nov 2008
    Posts
    318
    Rep Power
    49

    Scan to email via Office 365 using an App Password

    Has anybody had any luck setting up and using an app specific password in O365 to get scan to email working? I'm seeing this issue more and more with businesses who have recently started using O365 and not so much with long time users. With all of the Microsoft Security Defaults turned on, trying to set up scan to email has become much more difficult. I kept getting Error Code 535 and ultimately just used a Gmail account the customer had with an app password (worked the first time). I verified that SMTP AUTH was turned on for the account I was trying to send from, but even when I finally found where to create an app password it still wouldn't work.

  2. #2
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,779
    Rep Power
    108

    Re: Scan to email via Office 365 using an App Password

    You need to turn the security defaults off as otherwise the use of app passwords and SMTP AUTH are disabled at the tenant level, which overrides any settings you make.


    You may also need to confirm that the devices support TLS 1.2, otherwise you'll need a relay of some sort to add the necessary encryption.



    Sent from my Pixel 6 Pro using Tapatalk

  3. #3
    Senior Tech 250+ Posts progoffice's Avatar
    Join Date
    Nov 2008
    Posts
    318
    Rep Power
    49

    Re: Scan to email via Office 365 using an App Password

    Quote Originally Posted by rthonpm View Post
    You need to turn the security defaults off as otherwise the use of app passwords and SMTP AUTH are disabled at the tenant level, which overrides any settings you make.


    You may also need to confirm that the devices support TLS 1.2, otherwise you'll need a relay of some sort to add the necessary encryption.



    Sent from my Pixel 6 Pro using Tapatalk

    These looks like the steps you are referencing.

    Can Security Defaults be set to on at the tenant level and still allow settings to be changed for a single user or mailbox? If so, is this a Conditional Access setting? I'm fine with turning off the security defaults, but the customer may not be.


    Error: Authentication unsuccessful



    If you receive one of the following errors:

    • 535 5.7.3 Authentication unsuccessful
    • 5.7.57 Client not authenticated to send mail

    There are a few things you should check:

    1. Use Exchange Online PowerShell to verify that authenticated SMTP submission (also known as SMTP AUTH) is enabled on the licensed mailbox that the printer or application is using to connect to Microsoft 365 or Office 365:
    2. Disable Multi-Factor Authentication (MFA) on the licensed mailbox that's being used:
      • In the Microsoft 365 admin center, in the left navigation menu, choose Users > Active users.
      • On the Active users page, choose Multi-Factor Authentication.
      • On the multi-factor authentication page, select the user and disable the Multi-Factor Authentication status.

    3. Disable the Azure Security Defaults by toggling the Enable Security Defaults to No:
      [COLOR=var(--theme-text)][COLOR=var(--theme-danger-dark)] Caution[/COLOR]
      Don't do this step unless you understand the risks that are involved.
      [/COLOR]
      • Sign in to the Azure portal as a Security administrator, Conditional Access administrator, or Global administrator.
      • Browse to Microsoft Entra ID > Properties.
      • Select Manage security defaults.
      • Set the Enable security defaults toggle to No.
      • Select Save.

    4. Exclude the user from a Conditional Access policy that blocks Legacy Authentication:
      • Sign in to the Azure portal as a Security administrator, Conditional Access administrator, or Global administrator.
      • Browse to Microsoft Entra ID > Security > Conditional Access.
      • In the policy that blocks Legacy Authentication, exclude the mailbox being used under Users and Groups > Exclude.
      • Select Save.

  4. #4
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,779
    Rep Power
    108

    Re: Scan to email via Office 365 using an App Password

    That would be it.

    Sent from my Pixel 6 Pro using Tapatalk

  5. #5
    Retired 10,000+ Posts
    Scan to email via Office 365 using an App Password

    slimslob's Avatar
    Join Date
    May 2013
    Location
    Bakersfield, CA
    Posts
    33,989
    Rep Power
    983

    Re: Scan to email via Office 365 using an App Password

    Quote Originally Posted by progoffice View Post
    These looks like the steps you are referencing.

    Can Security Defaults be set to on at the tenant level and still allow settings to be changed for a single user or mailbox? If so, is this a Conditional Access setting? I'm fine with turning off the security defaults, but the customer may not be.
    You might want to create a user specifically for the device to send with. If you have them use Direct Send that user does not need a mailbox. Direct Send can only send to mailboxes within their organization. Usually the individuals send to themselves and then attaches additional files and notes before forwarding to the final recipient.

    Here is documentation from Microsoft on the various methods of setting up a multifunction device for sending. How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 | Microsoft Learn

  6. #6
    Service Manager 2,500+ Posts rthonpm's Avatar
    Join Date
    Aug 2007
    Location
    Pennsyltucky
    Posts
    2,779
    Rep Power
    108

    Re: Scan to email via Office 365 using an App Password

    Quote Originally Posted by progoffice View Post
    Can Security Defaults be set to on at the tenant level and still allow settings to be changed for a single user or mailbox? If so, is this a Conditional Access setting? I'm fine with turning off the security defaults, but the customer may not be.
    The Security Defaults being turned on also prevents any individual changes.

    Securing Authenticated SMTP in Exchange Online - Microsoft Community Hub

    Sent from my Pixel 6 Pro using Tapatalk

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Get the Android App
click or scan for the Copytechnet Mobile App

-= -= -= -= -=


IDrive Remote Backup

Lunarpages Internet Solutions

Advertise on Copytechnet

Your Link Here