fbpx

Disable SMTP Authentication for Exchange Online – Tenant Wide Setting

Introduction

The SMTP protocol is prone to brute force password spray attacks. Disabling SMTP authentication reduces a tenant’s attack surface, making it more secure. 

Before disabling SMTP authentication you must take into account any 3rd party applications or devices (such as MFC) using SMTP to send emails through Exchange Online.

This setting should be used in conjunction with Disable Legacy Email Protocols (POP, IMAP) – Default Setting for New Mailboxes

License Requirement

Any Exchange Online plan

User Impact

Medium
Disabling SMTP protocol tenant wide will stop any user, device or 3rd party application from authenticating via SMTP to send emails through Exchange Online.

Note: This setting overrides the mailbox setting for SMTP authentication. If the mailbox has SMTP Authentication enabled and you disable SMTP Authentication at the tenant level, it will no longer work.

Admin Portal Reference

This setting is switched on via PowerShell. The following cmdlets are run on the tenants Exchange Online.

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

If Action is set to Notify

We report the setting as compliant if Set-TransportConfig -SmtpClientAuthenticationDisabled is set to $true.

We report the setting as non-compliant if Set-TransportConfig -SmtpClientAuthenticationDisabled is set to $false.

If Action is set to Enforce

We report the setting as compliant if Set-TransportConfig -SmtpClientAuthenticationDisabled is set to $true.

We report the setting as compliant-fixed if Set-TransportConfig -SmtpClientAuthenticationDisabled was set to $false and MSPMagic change it to $true.

Get Started!

The first three tenants are free! No credit card required.

Sign Up