SMTP alerts via Office 365

[pstoric83]

For some reason, they always fail. I'm using the exact settings here and they are the same for my scanner which works fine. The credentials are correct. SSL/TLS box is checked, port 587. Has anyone been able to get this to work?

https://docs.microsoft.com/en-us/exchan ... g-office-3

https://imgur.com/w7kYMXJ

[Dima P.]

Paul,

Try to type in your email address in the format username@domain.com without specifying additional settings (after you set email and password - hit Configure) and let us know how it goes. Cheers!

[pstoric83]

I did that first and it failed.

[Dima P.]

Paul,

Do you have a custom domain registered for your mail account at Office 365? Thanks!

[pstoric83]

Yes we do.

[pstoric83]

It only works if I use the same email address for the destination and smtp server settings which is strange.

[Craigb]

From the doc .. (because I'm just bumping into this too) ..

In the Configure and test email notifications window, in the Email settings section, specify the recipient address.
Veeam Agent for Microsoft Windows will send email notifications to the specified address. This address will be also displayed as the sender address in the email notification headers.

https://helpcenter.veeam.com/docs/agent ... tml?ver=30

... I believe the fact that the recipient address being used as the "sender address in the email notification headers" is the likely cause of the problem. Any reasonably aware smtp server is going to flag that as a badly formatted email at the minimum and a phishing attack as the most likely scenario.

I'm also at a complete loss as to why the password field for the sending account is located under the recipient address field instead of with the senders username in the credentials section which is not visible unless you expand it separately.

@pstoric83 .. It only works if I use the same email address for the destination and smtp server settings which is strange .. Your description adds support to my findings. If the sender and recipient are the same (people often send emails to themselves) then the address in the email notification header is the same as the sender address and there is no cause for alarm. I can (do) use different addresses but they need to be in the same domain, (sender 'admin', recipient 'support') which hints that O365 is only checking the domain portion.

edit: I might point out that I got this far trying to send to my logs account in a different domain and it doesn't appear to be possible.

[Dima P.]

It only works if I use the same email address for the destination and smtp server settings which is strange.

Based on the article you've shared before looks like the direct send is working while SMTP client submission is not. I assume this might be related to the relay configuration within your Office 365 account, kindly, check with the Microsoft support team to learn more.

... I believe the fact that the recipient address being used as the "sender address in the email notification headers" is the likely cause of the problem. Any reasonably aware smtp server is going to flag that as a badly formatted email at the minimum and a phishing attack as the most likely scenario.

If the email is rejected by the receiver's smtp server, sender should receive the bounce back notification. Can imagine email notification being detected as spam in case of 'extreme' configuration of third party spam protection but in such case you will get the notification email to a catch all mailbox or junk folder.

I might point out that I got this far trying to send to my logs account in a different domain and it doesn't appear to be possible.

Please open a support case, our team can help you to identify the root case based on the application debug logs. Cheers!

[ortoscale]

>kindly check with the Microsoft support team

we could do that yes, but instead of everyone to kindly check with MS support teams, you guys should just figure it out and post it here

[Dima P.]

Hello Matjaž,

If you faced this issue please raise a ticket, you can check with our support team as well, they can provide guidance based on debug logs. The settings are pretty straight-forward, for instance with my Office 365 account, notification works without any issues, thus debug logs are required to understand the root cause. Cheers!

[ortoscale]

> The settings are pretty straight-forward

no need to raise a ticket, I was just trying to point out that someone from Veeam could write quick and dirty how to use o365 for agents email notifications.

[Dima P.]

That should do it:

Server Address: smtp.office365.com
Username: Office 365 address - user@domain.com
Port Number: 587 (With TLS)

However, if you have any custom relays, usernames or other settings in office 365 configuration should be modified respectively (i.e. domain/username instead of the mailbox / relay instead of the smtp server, port number according to replay configuration).

P.S. I've asked support and technical writers to adjust the existing KBs as well.

[Miles]

I had this issue also, found this post with powershell commands to fix it:

https://answers.microsoft.com/en-us/mso ... 539?page=2

In the old accounts SmtpClientAuthenticationDisabled is false by default on online Exchange, in the new accounts it is True by default.

I had to set it to false by exchange online powershell and also hat do go to e-mail-apps and set the hook to authenticated smtp

after that it worked. Here you can read what is to do by exchange powershell:

https://docs.microsoft.com/en-us/exchan ... submission
Steps in Powershell:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -DisableNameChecking
Take a look if it is True: Get-TransportConfig (if there is True set to false)

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

Take a look again if it works: Get-TransportConfig

Remove-PSSession $Session
In Admin Center --> acitve Users --> click the user --> email-apps --> click the hook --> authenticated smtp

[Dima P.]

Hello Miles,

Thank you for sharing the solution with the community, its highly appreciated!

[Traveler840]

I have a Microsoft 365 account, and I'm unable to get SMTP authentication to work. I *did* go into the Admin Center user settings and tick the authenticated SMTP box for the user. And I used the SMTP settings above. However, it complains my credentials are wrong when I do a test. For my credentials I'm using username@customdomain.com and my password. My user account is MFA enabled.

Any ideas?

[HannesK]

Hello,
and welcome to the forums

My user account is MFA enabled.

how do you expect the software to apply the second factor? MFA is built for humans, not machines...

Best regards,
Hannes

[VNR-LF]

the software does not need to apply a second factor... that's what mfa enabled users can generate app passwords for

kind regards,
lars

[HannesK]

yes, we use app passwords in other situations. As the Veeam Agent for Windows doesn't support app passwords, my question seems still valid to me.

If your request is that we add app password support, then it's a valid feature request

As there are many alternatives that allow sending emails much easier, the chances of adding the feature are probably low...

[OmiFreak]

Hi Hannes,

The problem with this mask in Veeam Backup for Office 365 is mostly not only MFA but Conditional Access Policies for Office 365 that prohibit access for legacy protocols.
So if Exchange Online is configured according to Microsoft's best practices, sending notification mail as described in your documentation will never work.
Might be a good idea to change the mask or documentation so that your customers don't waste time unnecessarily.

Best regards,
Bernd