How do I set up Outlook SMTP authentication with 2FA and OAuth2 for GlockApps?

Summary

To set up Outlook SMTP authentication with 2FA and OAuth2 for GlockApps, begin by enabling 2FA in your Microsoft account settings. The specific steps depend on whether basic authentication (with app passwords) is permitted by your Microsoft 365 account type; if not, OAuth2 is necessary. If using app passwords, generate one specifically for GlockApps. Ensure SMTP AUTH is enabled in Exchange Online. When configuring GlockApps, use smtp.office365.com on port 587 with TLS encryption, and provide your full Outlook email address and the app password or OAuth2 credentials. For OAuth2, register GlockApps as an application in Azure AD, granting it SMTP.Send permissions. Also, check that legacy authentication isn't disabled in Office 365 and that conditional access policies aren't blocking GlockApps. Ensure your firewall permits connections on port 587 to the Outlook SMTP server. In GlockApps, the 'from address' must match your Outlook email address. Finally, understanding and enabling SMTP authentication are crucial for proper email transmission.

Key findings

  • 2FA and Authentication: Enable 2FA in Microsoft account; decide between app password or OAuth2 based on Microsoft 365 account type.
  • SMTP AUTH: Verify SMTP AUTH is enabled in Exchange Online.
  • GlockApps Configuration: Configure GlockApps with smtp.office365.com, port 587, TLS, and either app password or OAuth2 credentials.
  • OAuth2 Setup: For OAuth2, register GlockApps in Azure AD and grant SMTP.Send permissions.
  • Office 365 Settings: Ensure legacy authentication is enabled, and conditional access policies aren't blocking GlockApps.
  • Email Addresses: From address in GlockApps must match Outlook email address.
  • Core SMTP Settings: Understanding and setting up SMTP correctly is crucial.

Key considerations

  • Microsoft 365 Restrictions: Be aware that Microsoft 365 account settings might restrict basic authentication.
  • Azure AD Setup: Correctly configure GlockApps in Azure AD if using OAuth2, setting the correct redirect URI and permissions.
  • Firewall: Configure the firewall to allow connections between GlockApps and the Outlook SMTP server on port 587.
  • Email Address Consistency: Ensure the 'from' address matches to avoid errors
  • Settings validation: Double check SMTP settings for optimal authentication.

What email marketers say
10Marketer opinions

To set up Outlook SMTP authentication with 2FA and OAuth2 for GlockApps, several factors need to be considered. First, ensure that basic authentication (with app passwords) is enabled at the Microsoft 365 domain level if you're not using OAuth2. Microsoft requires OAuth2 StartTLS, and GlockApps may need browser cookies enabled. If the domain only allows OAuth2, GlockApps must natively support it, which involves registering GlockApps as an application in Azure Active Directory and granting it SMTP.Send permissions. Configure GlockApps with the Outlook SMTP server address (smtp.office365.com), port 587, and TLS encryption, using your full Outlook email address and either an app password or OAuth2 credentials. Also, check that legacy authentication isn't disabled in Office 365 and that conditional access policies aren't blocking GlockApps. Specify the correct 'from address' in GlockApps, matching your Outlook email. Finally, verify that your firewall isn't blocking the connection, allowing SMTP port 587 and GlockApps IP address.

Key opinions

  • Authentication Type: Microsoft 365 account type may restrict basic authentication with app passwords, necessitating OAuth2.
  • OAuth2 Requirement: If OAuth2 is required, GlockApps must have native support and be registered as an application in Azure AD with SMTP.Send permissions.
  • SMTP Settings: GlockApps configuration involves using smtp.office365.com, port 587, TLS encryption, and either an app password or OAuth2 credentials.
  • Legacy Authentication: Disabling legacy authentication in Office 365 can prevent SMTP from working.
  • Conditional Access: Conditional access policies may block GlockApps; ensure they aren't restricting access.

Key considerations

  • App Password vs OAuth2: Decide whether to use an app password (if basic authentication is allowed) or OAuth2 for authentication.
  • Azure AD Configuration: If using OAuth2, correctly register GlockApps in Azure AD and grant necessary permissions.
  • Firewall Settings: Ensure your firewall allows connections between GlockApps and Outlook SMTP server on port 587.
  • From Address: The 'from address' in GlockApps must match the Outlook email address used for authentication.
  • Browser Cookies: Glockapps may require cookies to be enabled if your MUA requires them.
Marketer view

Marketer from Email Geeks explains that depending on the account type on Microsoft365, the ability to use basic authentication (even with app-specific passwords) might be disabled by the domain admin.

June 2022 - Email Geeks
Marketer view

Email marketer from SuperUser shares to ensure that your firewall isn't blocking the connection between GlockApps and the Outlook SMTP server. You may need to add exceptions for the SMTP port (587) and the GlockApps IP address.

May 2024 - SuperUser
Marketer view

Email marketer from GlockApps Community Forum shares that within GlockApps, you need to configure the SMTP settings using the Outlook SMTP server address (smtp.office365.com), port 587, and TLS encryption. The username should be your full Outlook email address, and the password should be the app password generated from your Microsoft account.

January 2024 - GlockApps Community Forum
Marketer view

Email marketer from EmailGeeks Forum answers that disabling legacy authentication in Office 365 could be why SMTP isn't working. This can be turned off and on within your admin panel.

September 2022 - EmailGeeks Forum
Marketer view

Marketer from Email Geeks clarifies that unless Glockapps has native OAuth2 support for Microsoft's SMTP servers, it won't work if the domain only allows OAuth2. He states you are not supposed to hijack another apps OAuth2 credentials.

December 2024 - Email Geeks
Marketer view

Email marketer from Microsoft Tech Community shares that conditional access policies might be blocking GlockApps. Ensure that the policies aren't configured to restrict access from the IP address or location GlockApps is using.

November 2021 - Microsoft Tech Community
Marketer view

Email marketer from EmailOnAcid Forum answers that for GlockApps you need to also specify the 'from address', in addition to the SMTP authentication settings. This address needs to match the Outlook email address used for authentication to prevent errors.

June 2021 - EmailOnAcid Forum
Marketer view

Email marketer from Reddit responds that to set up 2FA for Outlook, navigate to your Microsoft account security settings, find the two-step verification option, and follow the prompts to enable it using an authenticator app or phone number.

May 2024 - Reddit
Marketer view

Marketer from Email Geeks shares that Microsoft requires OAuth2 StartTLS and mentions that your MUA / Glockapps will require browser cookies enabled.

May 2022 - Email Geeks
Marketer view

Email marketer from Stack Overflow responds that if GlockApps supports OAuth2, you'll need to register GlockApps as an application in your Azure Active Directory, grant it the necessary permissions (e.g., SMTP.Send), and then configure GlockApps to use the OAuth2 client ID and secret for authentication. This avoids the need for app passwords.

November 2021 - Stack Overflow

What the experts say
1Expert opinion

Setting up Outlook SMTP authentication correctly with 2FA and OAuth2 for GlockApps requires understanding and properly enabling SMTP authentication settings to ensure emails are sent correctly.

Key opinions

  • SMTP Authentication: Understanding and enabling SMTP authentication settings is crucial for proper email sending.

Key considerations

  • Configuration: Ensure SMTP authentication settings are correctly configured.
Expert view

Expert from Word to the Wise explains that understanding and enabling SMTP authentication settings is critical to ensuring your emails are sent properly.

January 2025 - Word to the Wise

What the documentation says
7Technical articles

Setting up Outlook SMTP authentication with 2FA and OAuth2 for GlockApps involves understanding the OAuth 2.0 authorization code flow for API authentication, using app passwords for apps lacking 2FA support, and enabling SMTP AUTH in Exchange Online. Modern Authentication (OAuth 2.0) is typically required for Office 365, making legacy protocols less ideal. Configuration also includes setting up SMTP details within GlockApps. If using OAuth2, register GlockApps in Azure, specifying the application name, account types, and redirect URI. API permissions, particularly SMTP.Send, are crucial in Azure for enabling email functionality.

Key findings

  • OAuth 2.0 Flow: OAuth 2.0 authorization code flow allows applications to exchange an authorization code for an access token.
  • App Passwords: App passwords are used for applications that do not support two-step verification, enabling SMTP access.
  • SMTP AUTH: SMTP AUTH needs to be enabled in Exchange Online for authenticated SMTP submission.
  • Modern Authentication: Modern Authentication (OAuth 2.0) is recommended and often required for connecting to Office 365.
  • Azure App Registration: Registering the application in Azure Active Directory is key for OAuth2 implementations.
  • SMTP.Send Permissions: SMTP.Send API permissions in Azure are required.

Key considerations

  • Authentication Method: Decide between using app passwords or OAuth 2.0 based on application support and security requirements.
  • Azure Configuration: Correctly configure the application in Azure, including setting the correct redirect URI and permissions.
  • Exchange Online Settings: Verify SMTP AUTH is enabled and that other settings align with Microsoft's recommendations for secure email transmission.
  • GlockApps Setup: Configure GlockApps to use the appropriate SMTP settings, either with an app password or OAuth 2.0 credentials.
Technical article

Documentation from Microsoft Learn describes how to enable or disable authenticated SMTP (SMTP AUTH) protocol submission in Exchange Online. It details the steps required to ensure the mailbox is configured correctly, including checking the 'SmtpClientAuthenticationDisabled' property and enabling SMTP AUTH if needed.

December 2022 - Microsoft Learn
Technical article

Documentation from Glockapps details setting up SMTP settings. It shows where to enter your host, username and password to get going.

November 2022 - Glockapps
Technical article

Documentation from Azure provides a step-by-step guide on API permissions, including Graph and others. The key API permission that is required is SMTP.Send

December 2021 - Microsoft
Technical article

Documentation from Microsoft Learn answers that modern Authentication (OAuth 2.0) is required for connecting to office 365. Basic authentication will not work unless you enable legacy protocols, which is not recommended.

October 2021 - Microsoft Learn
Technical article

Documentation from Azure provides a step-by-step guide on how to register an application, it details name, supported account types, and redirect URI (optional)

August 2023 - Microsoft
Technical article

Documentation from Microsoft Learn explains the OAuth 2.0 authorization code flow, detailing how applications supporting this flow can exchange an authorization code obtained during the initial request for an access token. This access token is then used to authenticate API requests.

February 2024 - Microsoft Learn
Technical article

Documentation from Microsoft Support details how to use app passwords with apps that don't support two-step verification. It explains the steps to create an app password within your Microsoft account security settings, emphasizing that this password should be used specifically for the application (like GlockApps) requiring SMTP access.

April 2022 - Microsoft Support