Skip to main content

office365 mfp smtp config high volume email

I've configured multiple MFPs in the past, for email sending of attachments. With Exchange Online this became a little more complicated but app passwords did the trick, I recently came across a doc indicating that all basic authentication would be disabled next year so took a look at the suggested alternative.
The steps below assume a couple of things:
  1. Emails will not need to be sent externally, only within the same domain as would be standard enough for MFP scan-to-email config.
  2. Device does not support modern OAuth authentication.
  3. There is no on-prem hybrid Exchange server setup.

Given the above which I think would be standard enough, (note, been a while since I setup an MFP, maybe I do them a disservice and OAuth is common now??) the suggested approach is to configure High Volume Email for Microsoft 365 which will allow you to setup an account that can send email internally using basic authentication.

First step is to connect to Exchange Online (steps below assume you don't have the module installed)

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName

Assuming the Get-AcceptedDomain command returned the expected values and not an error you are now connected to the tenant, next step is to create the high volume email account:

$securePassword = Read-Host "Enter password" -AsSecureString
New-MailUser -LOBAppAccount -Name "MFP-01" -Password $securePassword -PrimarySmtpAddress ""

Finally we disconnect from our Exchange Online session with: Disconnect-ExchangeOnline

The account is now ready to use and you can configure the device with the account details and send a test, in the absence of an MFP, I'm just using a cli command to test, the required settings are:

  • server:
  • port: 587
  • TLS/StartTLS: Enabled (this is mandatory, device must support it)
  • username:
  • password: (password entered above)
$emailCreds = Get-Credential
Send-MailMessage -SMTPServer -Credential $emailCreds -From '' -To '' -UseSSL True -Port 587 -subject 'Test Scan'

screenshot of message received

(Note: these mailboxes can be managed via the admin console too, in my case I can delete the test mailbox as I no longer need it.)

exchange admin mailflow settings

(Note2: it is mentioned in a few places that this is currently in Preview so I guess there is a slight possibility that it gets pulled before release, however given the desire to remove basic auth on Office365 accounts it will likely stay around as a necessary alternative)