Prerequisites: Office 365 or Microsoft 365 subscription, Exchange Online Plan

Example scenario:

  • You have a scanner, printer or photocopier and you want to email scanned documents to yourself or someone else.

  • You have an application that wants to sends out emails such as a document, auto-billing invoice or quote from a third-party hosted application, service, or device

Recommended method: 

Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP AUTH client submission

To configure your device or application, connect directly to Office 365 using the SMTP AUTH client submission endpoint

Each device or application must be able to authenticate with Office 365. The email address of the account that's used to authenticate with Office 365 will appear as the sender of messages from the device or application.

Enter the following settings directly on your device or in the application as their guide instructs (it might use different terminology than this article). As long as your scenario meets the requirements for SMTP AUTH client submission, the following settings will enable you to send email from your device or application.

Device or Application settingValue
PortPort 587 (recommended) or port 25
Username/email address and passwordEnter the sign in credentials of the hosted mailbox being used

Features of SMTP AUTH client submission

  • SMTP AUTH client submission allows you to send email to people in your organization as well as outside your company.

  • This method bypasses most spam checks for email sent to people in your organization. This can help protect your company IP addresses from being blocked by a spam list.

  • With this method, you can send email from any location or IP address, including your (on-premises) organization's network, or a third-party cloud hosting service, like Microsoft Azure.

Requirements for SMTP AUTH client submission

  • Authentication: You must be able to configure a user name and password to send email on the device. Note that you cannot use Microsoft Security Defaults or multi-factor authentication (MFA), which disable basic authentication and are designed to protect your users from compromise. If your environment uses Microsoft Security Defaults or MFA, we recommend using Option 2 or 3 below.

  • Mailbox: You must have a licensed Office 365 mailbox to send email from.

  • Transport Layer Security (TLS): Your device must be able to use TLS version 1.2 and above.

  • Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports, especially port 25.

  • DNS: You must use the DNS name Do not use an IP address for the Office 365 server, as IP Addresses are not supported.

Limitations of SMTP AUTH client submission

You can only send from one email address unless your device can store login credentials for multiple Office 365 mailboxes. Office 365 imposes a limit of 30 messages sent per minute, and a limit of 10,000 recipients per day.