You are viewing limited content. For full access, please sign in.

Question

Question

Disabling basic authentication causing Workflow emails to fail

Workflow Administration
Updated April 28
asked on July 14, 2022

Due to Microsoft deprecation of basic authentication, our client would like to disable it on exchange online mail servers.  However, disabling basic authentication causes workflows with email activities to fail.  The error message being produced is: 

 

The SMTP server requires a secure connection, or the client was not authenticated. The server response was: 5.7.57 Client not authenticated to send mail. Error: 535 5.7.139 Authentication unsuccessful, basic authentication is disabled.

 

Is there a known configuration that will allow the email account being used by workflow to login under the new protocol?

 

Here is a link to the Microsoft Documentation regarding the deprecation of basic authentication in Exchange Online https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

0 0

Answers

APPROVED ANSWER
replied on April 8
1 0
SELECTED ANSWER
replied on July 14, 2022 Show version history

Update April 28, 2025:

Microsoft is indeed finally killing off SMTP Basic Auth in September 2025. See:

Exchange Online to retire Basic auth for Client Submission (SMTP AUTH) | Microsoft Community Hub

Customers must upgrade to the Laserfiche Workflow 12 2025H1 release or later to use OAuth 2.0 for SMTP through Exchange Online. There are no current plans to backport OAuth support for Exchange Online SMTP to earlier versions of Workflow.

If upgrading Workflow before September 2025 is not an option for your organization (note: we strongly recommend finding a way to make that happen), the Microsoft article linked above provides several alternatives to Exchange Online that will still work with SMTP AUTH.

----------------------------------------

Hi Justin,

Microsoft is specifically not deprecating Basic Authentication for SMTP (known as SMTP AUTH). 

See: Basic Authentication Deprecation in Exchange Online – May 2022 Update
Also: Basic Authentication Deprecation in Exchange Online – September 2022 Update

We’re turning off Basic Auth for the following protocols: MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell.

We are not turning off SMTP AUTH. We have turned off SMTP AUTH for millions of tenants not using it, but if SMTP AUTH is enabled in your tenant, it’s because we see usage and so we won’t touch it. We do recommend you disable it at the tenant level and re-enable it only for those user accounts that still need it.

The linked article goes on to note:

Client SMTP email submissions (also known as authenticated SMTP submissions) are used in the following scenarios in Office 365 and Microsoft 365:

  • ...
  • Applications, reporting servers, and multifunction devices that generate and send email messages.

...

Therefore, we highly recommend that you disable SMTP AUTH in your Exchange Online organization, and enable it only for the accounts (that is, mailboxes) that still require it. There are two settings that can help you do this:

  • An organization-wide setting to disable (or enable) SMTP AUTH.
  • A per-mailbox setting that overrides the tenant-wide setting.

Workflow does not have an out-of-the-box alternative to SMTP AUTH. You would need to use a custom .NET Script activity or write a Custom Workflow Activity to implement an alternative email authentication method. There are no current plans to add alternative email auth support to Workflow, and we would not recommend rolling your own.

We recommend your customer follow Microsoft's guidance to disable SMTP AUTH at the tenant level and then add an override to enable it only on the email account(s) Workflow is using.

Laserfiche Forms also uses SMTP for email notifications and everything above applies to it as well.

Cheers,
Sam

1 0
View 3 previous replies
replied on July 15, 2022

Thank you Samuel, I believe this gets us what we needed to know.  Appreciate your time.

1 0
replied on July 20, 2022 Show version history

We are using Workflow to send Exchange Calendar Items via EWS. Is there a plan to change how this Workflow item works? What are the alternatives?

0 0
replied on July 20, 2022

John, thanks for bringing that up. Microsoft does appear to be removing the ability to use Basic authentication in Exchange Online for EWS soon. I suspect we may have overlooked that because (historically) most customers using those activities use them with on-prem Exchange Server. Of course, as migrations to O365 and Office Online continue to accelerate, those would be changing.

I'll bring this up with the Workflow team right away, though I likely won't have a response to share until they evaluate and decide on a plan.

0 0
replied on August 17, 2022

We are working on updating the Exchange activities ahead of the October deadline. The update will only apply to Workflow 11.

Adding OAuth as an authentication option along SMTP Auth to the mail server configuration is targeted for next year.

1 0
replied on October 5, 2022 Show version history

Workflow 11 Update 2 adds OAuth options for connecting to Exchange Online.

1 0
replied on May 3, 2024

Hi

I was wondering about the Laserfiche Road Map to support the following Microsoft SMTP AUTH Deprecation notice. I could be mistaken but I think this would effect LFDS, Workflow and Web Client SMTP support.

 

https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-to-retire-basic-auth-for-client-submission-smtp/ba-p/4114750

1 0

Replies

replied on September 6, 2022

Just posting a ling to the most recent update article from Microsoft:

Basic Authentication Deprecation in Exchange Online – September 2022 Update

2 0
replied on October 17, 2022

Is there a guide for setting up the OAuth/token/app in Azure? I see in the Laserfiche instructions that it mentions the EWS right(s) that are required but having a step-by-step guide to creating the app/tokens would be greatly appreciated!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...