I recently migrated to a new Azure tenant and switched from a standard email address to a .gov email, as well as moving to O365. Now, I'm running into a problem where some of our service and email accounts need to send and receive emails without Multi-Factor Authentication (MFA). I created a security group and set it to 'Exclude Target' in the System-Preferred MFA settings. However, when I try logging in with one of those accounts, it's still asking for MFA and blocking SMTP sending. One account is crucial for scanning emails from large MFPs, and another is for sending documents via a 3rd party program. Is there something obvious I might be overlooking? Since we're using a free Azure account, I hope this doesn't require an upgrade to P1, as that would frustrate my bosses.
2 Answers
Just a heads up, if you're using a regular mailbox account, Microsoft will be retiring Basic SMTP Authentication in April 2026. It might be a good idea to look into a different solution for your email sending, though it sounds like you are already on OAuth 2.0, which is good.
Have you checked if the Self-Service Password Reset (SSPR) settings are applied to all users? If so, try setting it to a dynamic group that includes only the relevant users. Sometimes, these settings can inadvertently affect MFA requirements.
I turned off SSPR and will check back in a bit, but I’m not really sure how it connects to MFA if they're already excluded from the group.
Got it. Keep me posted on whether it helps! This stuff can get tricky.
Yep, we’re already using OAuth 2.0, so we've avoided that issue!