I recently migrated to a new tenant in Azure and switched my email to a .gov domain with O365. Now, I'm encountering a challenge: some of our service accounts and email accounts need to send and receive emails without Multi-Factor Authentication (MFA). I set up a security group and included it in the System-Preferred MFA Exclude Target, which I thought would eliminate the MFA requirement for that group. However, when I try to log in with those accounts, MFA is still enforced, preventing SMTP functionality. This is crucial, as one account is used for scan-to-email on our multifunction printers, and another sends documents from a third-party application. Is there something I'm overlooking? Additionally, we're using a free Azure account; if this requires an upgrade to P1, it might not sit well with my bosses.
3 Answers
Have you considered switching to a third-party SMTP service like SendGrid or SMTP2GO? Or you could set up your own SMTP server using Postfix or hMailServer. It might save you some hassle with the current MFA issues.
One easy workaround is to avoid using service accounts altogether. If that's not feasible, you might want to consider disabling security defaults and managing MFA through the Per-User settings. Just keep in mind, this approach won’t work if those accounts need admin portal access, which could complicate things.
Check if you're using conditional access for MFA. If you are, don't forget to ensure that MFA is also disabled in the Entra admin center under Entra ID MFA settings. Just a heads-up, conditional access is a P1 feature, which may not be an option for you with the free plan.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures