Note: This article applies for configuration of Email notifications with Exchange Online for SCSM2019 only. For SCSM2022 users, we have released a new Hotfix that adds support for Modern Auth.

Introduction

Microsoft Service Manager (SCSM) uses SMTP server to send notification emails. If the sender mailbox is an Exchange Online mailbox, then you may face some issues because Basic Authentication has been deprecated. Please be informed that SMTP Authentication is still available in Exchange Online (see last section at Deprecation of Basic authentication in Exchange Online). As a solution, SCSM connects to an SMTP server (via Anonymous or Windows authentication) that relays email messages to Exchange Online. This blog highlights the steps to configure Service Manager notifications using SMTP that relays Emails to Exchange Online.

Steps to configure a SCSM Notification Channel

Follow the steps at Configure Service Manager notifications so that SCSM sends email messages to an SMTP server. As an example, we will use a local Windows SMTP service that runs on the same machine as the Primary SCSM Management Server and allows Anonymous connections on port 25.

Steps to configure the SMTP server to relay messages to Exchange Online

As an example, below are the steps to be configured on a local Windows SMTP service that runs on the same machine as the Primary SCSM Management Server.

1. Open IIS 6.0 Manager

2. Open Properties of the SMTP Virtual Server.

3. Click the Access tab, then the Authentication… button. Configure how SCSM will connect to this SMTP service. We will use Anonymous access here. Click OK to close the Authentication window.

4. Click the Relay… button then configure accordingly. We will accept only relays from localhost (127.0.0.1), which is the SCSM. Click OK to close the Relay Restrictions window.

5. Click the Delivery tab, then the Outbound Security… button. Configure how this SMTP server will connect to Exchange Online. Select Basic Authentication, type the user name (=email address) and password of the Exchange Online mailbox. Ensure that TLS encryption is selected. Click OK to close the Outbound Security window.

6. Click the Outbound connections… button and enter TCP port of Exchange Online. Usually this is port 587. Click OK to close the Outbound connections window.

7. Click the Advanced… button. Type smtp.office365.com in the Smart host field. Click OK to close the Advanced Delivery window.

8. Click OK to close the Virtual Server Properties window.

To verify that SCSM can successfully send emails to the SMTP server, you can use telnet. Replace the Italicized bold text with SMTP server details. Note that every line below must be completed by pressing the ENTER key. The dot character must be the last line followed by the ENTER key.

Telnet localhost 25

HELO 127.0.0.1

MAIL FROM: ExchOnlineMailbox@ExchOnlineDomain.onmicrosoft.com

RCPT TO: RecipientUser@RecipientDomain.com

DATA

stmp test message via telnet

.

Troubleshooting Tips

If email messages are successfully sent to the SMTP server but not relayed to Exchange Online, then it’s possible that Exchange Online is denying SMTP authentication requests coming from your SMTP server. Exchange Online must be configured to allow authenticated SMTP submissions. All four steps mentioned at Error: Authentication unsuccessful must be made. Please note that each step can take a few minutes to take in effect.

After you follow the four steps, you can use the PowerShell script below to verify if Exchange accepts authenticated SMTP submissions. Please replace the bold parts accordingly and run the script on the Primary SCSM Management Server.