English (GB) Deutsch

Articles in this section

See more

How-to send SwyxWare Voicemails to Microsoft 365

Avatar
Swyx Info
  • Updated

Introduction

SwyxWare uses SMTP to send voicemail and other emails like Welcome Emails to a mail server.

The connection is secured using TLS and authenticated using a username and password. This is called SMTP Basic Authentication (SMTP Basic Auth).

Microsoft recently announced (latest update) that new Microsoft 365 customers will have SMTP Basic AUTH disabled per default.

For non-interactive server applications and devices SMTP Basic Auth is still available because the so called "Modern authentication" based on OAuth 2.0 is only available on Microsoft 365 for client applications.

 

This How-To describes how to configure your Microsoft 365 tenant to use one Microsoft 365 mailbox for sending mails from SwyxWare using SMTP Basic Auth while keeping that authentication mechanism disabled for all other mailboxes. This is the recommended Option 1 in Microsoft's documentation.

 

Step-by-step guide

Microsoft has detailed documentation about that here. The following summarise the necessary steps to keep modern authentication for client applications including MFA, but allow SwyxWare to use a "SwyxWare" mailbox to deliver emails to your Microsoft 365 users.

  1. Disable Security Defaults. Newer Microsoft 365 tenant have Security Defaults enabled which not only enables Multi-Factor-Authentication but also blocks SMTP Basic auth for all users. You need to disable the default to allow a more fine-grained configuration allowing one mailbox to use SMTP Basic Auth.
  2. Enable SMTP Client Authentication in your tenant via Set-TransportConfig -SmtpClientAuthenticationDisabled $false.
    If this setting is $True, SMTP cannot be used at all, neither with modern, nor with basic authentication.
  3. Disable Basic Authentication in default authentication policy
    On admin.microsoft.com you disable basic authentication (if not already done). This creates/changes the default authentication policy used for all mailboxes which do not have another one. 
  4. Create a SwyxWare Mailbox in Exchange
    For SwyxWare to send emails you need a user (mailbox) in Exchange which is the sender of the SwyxWare emails. SwyxWare authenticates as that user to send emails via SMTP.
  5. Allow SMTP Basic Authentication for the SwyxWare Mailbox
    The SwyxWare mailbox must be allowed to use SMTP Basic Authentication. To do that you create a second authentication policy and assign that to the SwyxWare Mailbox.
  6. Configure SwyxWare SMTP Settings
    SwyxWare needs to use the above created mailbox. This step describes how to configure that.

 

 

Detailed Description of each step

Disable Security Defaults

See Azure AD Security Defaults for an explanation of the concept. Note that the Conditional Access Policies in Azure AD are deprecated and should not be used. The Exchange Online Authentication Policies are recommended instead. 

  1. Go to admin.microsoft.com and log in with an admin account. 
  2. Go to Settings, Org Settings and click Modern Authentication:
  3. Click on the "enable security defaults in the Azure Portal" link which brings you to your Azure AD properties.
  4. Click on Manage Security Defaults. If the setting is enabled, disable it.
    Note that the following more fine-grained configuration keeps the security defaults for all users and allows SwyxWare to use one Exchange user to send emails.

Enable SMTP Client authentication in your tenant

Make sure that SMTP Client authentication is enabled in your tenant. To do that:

  1. Open an Exchange Online Powershell Console
  2. Connect to your tenant via Connect-ExchangeOnline -UserPrincipalName admin@example.com.
  3. Check that SMTP Client authentication is enabled via Get-TransportConfig | format-list SmtpClientAuthenticationDisabled.
  4. If SMTP client authentication is disabled, enable it with Set-TransportConfig -SmtpClientAuthenticationDisabled $false.

Disable Basic authentication in your tenant

This will configure your Exchange Online authentication policy which is applied to all users when not configured otherwise.

  1. Login to admin.microsoft.com as an Administrator
  2. Go to Settings, Org Settings and click Modern Authentication:
  3. Microsoft recommends to enable "Turn on Modern Authentication...". If you do, make sure to read Microsoft documentation before.
  4. Under the "Allow access to basic authentication protocols" switch off all options. Make sure to check the Sign-in Reports in the Azure Active Directory portal for your Microsoft 365 tenant before you do that in order to not block existing clients.

Create a mailbox for SwyxWare email sending

  1. Create a user in your Microsoft 365 tenant which will be used by SwyxWare to send emails, e.g. with display name SwyxWare.
    1. Make sure to create a long, complex password
    2. Switch off "Require this user to change their password when they first sign in
  2. After you created the user, click it to open the user settings, select Mail and click Manage Email apps:
     
  3. Make sure that Authenticated SMTP is switched on for this mailbox:
  4. Switch off all other email apps because that mailbox will only be used to send emails from SwyxWare. 

Allow SMTP Basic Authentication for the SwyxWare Mailbox

This creates an additional authentication policy to allow the SwyxWare user to use SMTP

  1. Open an Exchange Online Powershell Console
  2. Connect to your tenant via
    Connect-ExchangeOnline -UserPrincipalName admin@example.com.
  3. Create a new authentication policy:
    New-AuthenticationPolicy -Name "AllowBasicAuthSmtpPolicy" -AllowBasicAuthSmtp
  4. Assign the policy to the SwyxWare mailbox user:
    set-user -Identity "swyxware@example.com" -AuthenticationPolicy AllowBasicAuthSmtpPolicy
  5. Wait 24 hours for the policy to be applied or use this to get it applied within 30 minutes:
    set-user -Identity "swyxware@example.com" -StsRefreshTokensValidFrom $([System.DateTime]::UtcNow)

Configure SwyxWare SMTP Settings

  1. Open Swyx Control Center 
  2. Login as SwyxWare Administrator
  3. Go to General Settings, System Settings, Mail Server
  4. Enter the following information
    SMTP Mail Server: smtp.office365.com
    SMTP Port: 587
    Sender Address: <your Microsoft 365 SwyxWare mailbox created in step 4>
    Activate SMTP authentication: <checked>
    Use SSL: <checked>
    Username: <your Microsoft 365 SwyxWare mailbox created in step 4>
    Password: <your Microsoft 365 SwyxWare mailbox password created in step 4>
  5. Click Save to apply the settings
  6. To send a test email, click Send test email and check your Microsoft 365 SwyxWare mailbox to confirm that is has been received

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.