SCSM 2019 – How to configure Notification Channel with Exchange Online mailbox

Note: This article applies for configuration of Email notifications with Exchange Online for SCSM2019 only. For SCSM2022 users, we have released a new Hotfix that adds support for Modern Auth.

Introduction

Microsoft Service Manager (SCSM) uses SMTP server to send notification emails. If the sender mailbox is an Exchange Online mailbox, then you may face some issues because Basic Authentication has been deprecated. Please be informed that SMTP is still available in Exchange Online (see last section at Deprecation of Basic authentication in Exchange Online). As a solution, SCSM connects to an SMTP server (via Anonymous or Windows ) that relays email messages to Exchange Online. This blog highlights the steps to configure Service Manager notifications using SMTP that relays Emails to Exchange Online.

Steps to configure a SCSM Notification Channel

Follow the steps at Configure Service Manager notifications so that SCSM sends email messages to an SMTP server. As an example, we will use a local Windows SMTP service that runs on the same machine as the Primary SCSM Management Server and allows Anonymous connections on port 25.

AakashMSFT_0-1686456533030.png

Steps to configure the SMTP server to relay messages to Exchange Online

As an example, below are the steps to be configured on a local Windows SMTP service that runs on the same machine as the Primary SCSM Management Server.

1. Open IIS 6.0 Manager

AakashMSFT_1-1686456533034.png

2. Open Properties of the SMTP Virtual Server.

AakashMSFT_2-1686456533037.png

3. Click the Access tab, then the button. Configure how SCSM will connect to this SMTP service. We will use Anonymous access here. Click OK to close the Authentication window.

AakashMSFT_3-1686456533040.png

4. Click the Relay… button then configure accordingly. We will accept only relays from localhost (127.0.0.1), which is the SCSM. Click OK to close the Relay Restrictions window.

AakashMSFT_4-1686456533043.png

5. Click the Delivery tab, then the Outbound Security… button. Configure how this SMTP server will connect to Exchange Online. Select Basic Authentication, type the user name (=email address) and password of the Exchange Online mailbox. Ensure that is selected. Click OK to close the Outbound Security window.

AakashMSFT_5-1686456533048.png

6. Click the Outbound connections… button and enter port of Exchange Online. Usually this is port 587. Click OK to close the Outbound connections window.

AakashMSFT_6-1686456533051.png

7. Click the Advanced… button. Type smtp.office365.com in the Smart host field. Click OK to close the Advanced Delivery window.

AakashMSFT_7-1686456533053.png

8. Click OK to close the Virtual Server Properties window.

To verify that SCSM can successfully send emails to the SMTP server, you can use telnet. Replace the Italicized bold text with SMTP server details. Note that every line below must be completed by pressing the ENTER key. The dot character must be the last line followed by the ENTER key.

Telnet localhost 25
HELO 127.0.0.1
MAIL FROM: ExchOnlineMailbox@ExchOnlineDomain.onmicrosoft.com
RCPT TO: RecipientUser@RecipientDomain.com
DATA
stmp test message via telnet
.

Troubleshooting Tips

If email messages are successfully sent to the SMTP server but not relayed to Exchange Online, then it's possible that Exchange Online is denying SMTP authentication requests coming from your SMTP server. Exchange Online must be configured to allow authenticated SMTP submissions. All four steps mentioned at Error: Authentication unsuccessful must be made. Please note that each step can take a few minutes to take in effect.

After you follow the four steps, you can use the PowerShell script below to verify if Exchange accepts authenticated SMTP submissions. Please replace the bold parts accordingly and run the script on the Primary SCSM Management Server.

$credential = Get-Credential -UserName ExchOnlineMailbox@ExchOnlineDomain.onmicrosoft.com -Message “enter pwd of the sender mailbox ”
$mailParams = @{
SmtpServer = ‘smtp.office365.com'
Port = ‘587'
UseSSL = $true
Credential = $credential
From = ‘ExchOnlineMailbox@ExchOnlineDomain.onmicrosoft.com'
To = ‘RecipientUser@RecipientDomain.com'
Subject = “SMTP Client Submission – $(Get-Date -Format g)”
Body = ‘This is a test email using SMTP Client Submission'
}
Send-MailMessage @mailParams

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.