Controlling SMTP authentication for Office 365 mailboxes

In case you are not following the EHLO blog, you might have missed an announcement made recently regarding some changes coming to SMTP authenticated submission (or SMTP authentication) in Exchange Online. In a nutshell:

  • Sent email will now be stored in the Sent Items folder of the mailbox.
  • Only three concurrent connections to our service per mailbox will be allowed. Additional connections will be rejected with the error: 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded.

In addition to the changes mentioned above, another set of changes has been rolled out to the service, allowing us to control the SMTP authenticated submission protocol on the organizational or per-mailbox level. Here’s how to do this.

The organization-wide settings are controlled via the Set-TransportConfig cmdlet. To disable SMTP authenticated submission on the company level, use:

Set-TransportConfig -SmtpClientAuthenticationDisabled $true

To enable SMTP authenticated submission on the company level, use

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

As the default value for this setting is $false, as in SMTP authenticated submission enabled, you don’t need to make any changes unless you want to disable it. To check the currently set value, use:

Get-TransportConfig | ft SmtpClientAuthenticationDisabled

To control SMTP authenticated submission on the per-mailbox level, use the Get-CASMailbox cmdlet. For example, to disable SMTP authenticated submission on a specific mailbox:

Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $true

To enable SMTP authenticated submission , use:

Set-CASMailbox mailboxname -SmtpClientAuthenticationDisabled $false

To check the status of SMTP authenticated submission for particular user, use:

Get-CASMailbox mailboxname | ft SmtpClientAuthenticationDisabled

15 thoughts on “Controlling SMTP authentication for Office 365 mailboxes

  1. Shawn E Cantu says:

    Any ideas why NT AUTHORITY\System would have run this command and disabled SMTP on its own?

    Reply
    1. Vasil Michev says:

      Microsoft is in the process of toggling off basic auth across the board, which also includes disabling SMTP auth for tenants that do not use it. If you have Security defaults enabled, that would also toggle SMTP auth off. So you’re likely seeing the background process responsible for that.

      Reply
  2. Daniel Del Pino says:

    Friend. You save me!!

    I was becoming crazy because I could not config Gmail to send messages using Office365 account, Gmail inform a password error. Same situation using Thunderbird.

    Microsoft now set the parameter SmtpClientAuthenticationDisabled to TRUE by default!!!!
    They want force user to use Outlook clients applications and not others.

    Reply
  3. Anmol Bhardwaj says:

    Only three concurrent connections to our service per mailbox will be allowed. Additional connections will be rejected with the error: 4.3.2 STOREDRV.ClientSubmit; sender thread limit exceeded.

    How can i imcrease the limit of mails at a time upto 100 mails ?

    Reply
    1. shashank says:

      Hi @Anmol Bhardwaj,

      Any clue regrading three concurrent connections issue?

      Reply
  4. Marc says:

    Can you disable this feature at the company level and then enable at the user level?

    Reply
    1. Vasil Michev says:

      Yes, you can. Disable it via the first cmdlet, then enable it per-mailbox via Set-CASMailbox.

      Reply
      1. Marc says:

        Hi Vasil,

        I made the change at the company level but it did not reflect on anyone’s mailbox (the toggles still say enabled).

        Should this take a while to apply?

        Reply
        1. Vasil Michev says:

          The per-mailbox attribute value will not get updated by toggling the org-wide one. It’s all explained in the documentation 🙂

        2. Marc says:

          Thanks Vasil, I must have missed that. (Still can’t find where it states that though).

  5. Mark Orser says:

    To confirm, is this correct?

    Unlike using CASMailboxPlan to disable POP, IMAP and Activesync for any NEW mailboxes created and leaving those mailboxes already existing with POP, IMAP and Activesync enabled…

    Using Set-TransportConfig -SmtpClientAuthenticationDisabled $true will disable SMTP for every mailbox existing and new?

    Reply
  6. Badger 23 says:

    When used in a hybrid setup – will this also impact the on premise servers as well? Or is the scope just limited to Exchange online?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.