Controlling SMTP authentication for Office 365 mailboxes

In case you are not following the EHLO blog, you might have missed an announcement made recently regarding some changes coming to SMTP authenticated submission in Exchange Online. In a nutshell:

  • Sent email will now be stored in the Sent Items folder of the mailbox.
  • Only three concurrent connections to our service per mailbox will be allowed. Additional connections will be rejected with the error: 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded.

In addition to the changes mentioned above, another set of changes has been rolled out to the service, allowing us to control the SMTP authenticated submission protocol on the organizational or per-mailbox level. Here’s how to do this.

The organization-wide settings are controlled via the Set-TransportConfig cmdlet. To disable SMTP authenticated submission on the company level, use:

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

To enable SMTP authenticated submission on the company level, use

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

As the default value for this setting is $false, as in SMTP authenticated submission enabled, you don’t need to make any changes unless you want to disable it. To check the currently set value, use:

Get-TransportConfig | ft SmtpClientAuthenticationDisabled

To control SMTP authenticated submission on the per-mailbox level, use the Get-CASMailbox cmdlet. For example, to disable SMTP authenticated submission on a specific mailbox:

Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $true

To enable SMTP authenticated submission , use:

Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $false

To check the status of SMTP authenticated submission for particular user, use:

Get-CASMailbox mailboxname | ft SmtpClientAuthenticationDisabled
This entry was posted in Exchange Online, Office 365, PowerShell. Bookmark the permalink.

10 Responses to Controlling SMTP authentication for Office 365 mailboxes

  1. Badger 23 says:

    When used in a hybrid setup – will this also impact the on premise servers as well? Or is the scope just limited to Exchange online?

  2. Mark Orser says:

    To confirm, is this correct?

    Unlike using CASMailboxPlan to disable POP, IMAP and Activesync for any NEW mailboxes created and leaving those mailboxes already existing with POP, IMAP and Activesync enabled…

    Using Set-TransportConfig -SmtpClientAuthenticationDisabled $true will disable SMTP for every mailbox existing and new?

  3. Marc says:

    Can you disable this feature at the company level and then enable at the user level?

    • Vasil Michev says:

      Yes, you can. Disable it via the first cmdlet, then enable it per-mailbox via Set-CASMailbox.

      • Marc says:

        Awesome, thanks Vasil.

      • Marc says:

        Hi Vasil,

        I made the change at the company level but it did not reflect on anyone’s mailbox (the toggles still say enabled).

        Should this take a while to apply?

        • Vasil Michev says:

          The per-mailbox attribute value will not get updated by toggling the org-wide one. It’s all explained in the documentation 🙂

          • Marc says:

            Thanks Vasil, I must have missed that. (Still can’t find where it states that though).

Leave a Reply

Your email address will not be published. Required fields are marked *