The three gates SMTP AUTH must pass

Each gate has its own enable path, its own PowerShell equivalent, and its own failure mode. Go through them in order.

1. Security Defaults - tenant-wide setting that, when on, blocks SMTP AUTH no matter what else you configure.
2. Tenant-wide SmtpClientAuthenticationDisabled - Exchange Online setting that controls SMTP AUTH for the entire tenant.
3. Per-mailbox SmtpClientAuthenticationDisabled - overrides the tenant setting on a specific mailbox.

Gate 1 - Confirm Security Defaults are OFF (or you have an exception)

If "Security defaults" is enabled in your tenant (the default on new tenants since 2019), SMTP AUTH is blocked organization-wide regardless of any other setting.

1. Sign in to entra.microsoft.com as a tenant admin.
2. Left rail, Identity → Overview.
3. Click Properties.
4. Click Manage Security defaults.
5. If "Security defaults" is Enabled, you have two options: turn it off (and replace it with Conditional Access policies that allow SMTP AUTH for the sender), or accept that SMTP AUTH cannot be used in this tenant.

Gate 2 - Enable SMTP AUTH at the tenant level

Two paths.

Exchange admin center (EAC):

1. Sign in to admin.exchange.microsoft.com.
2. Settings → Mail Flow.
3. Find the toggle "Turn off SMTP AUTH protocol for your organization". Set it to OFF.

PowerShell (Exchange Online module):

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

Confirm with:

Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled

Expected: SmtpClientAuthenticationDisabled : False

Gate 3 - Enable SMTP AUTH on the specific mailbox

Even with tenant-wide AUTH on, the per-mailbox setting can disable it.

Admin center path:

1. Open admin.microsoft.com.
2. Users → Active users, click the sending mailbox.
3. Flyout: Mail tab.
4. In the Email apps section, click Manage email apps.
5. Check the Authenticated SMTP box.
6. Save changes.

PowerShell equivalent:

Set-CASMailbox -Identity sender@yourtenant.com -SmtpClientAuthenticationDisabled $false

Confirm:

Get-CASMailbox -Identity sender@yourtenant.com | Format-List SmtpClientAuthenticationDisabled

Generate the App Password

1. The mailbox user signs in to portal.office.com.
2. Top-right profile avatar → View account.
3. Left rail, Security info.
4. Click Add sign-in method, choose App password, name it "Inflowave".
5. Microsoft shows the password once. Copy and paste into Inflowave immediately.

If the App Password option does not appear: The user does not have MFA enabled, OR the tenant authentication policy disables App Passwords via Conditional Access. Ask your Microsoft 365 admin.

Connect to Inflowave

1. Inflowave → Settings → Email → Add sending domain → Custom SMTP.
2. Host: smtp.office365.com, Port: 587.
3. Username: the User Principal Name (UPN), e.g. sender@yourtenant.onmicrosoft.com. Do NOT use an alias.
4. Password: the App Password.
5. Save, then send a test.

UPN, not alias: The SMTP username must be the UPN. Sending as an alias returns 550 5.7.60 SMTP; Client does not have permissions to send as this sender. To send as an alias, configure it as a primary SMTP address or set up Send As permissions in Exchange.

Troubleshooting

Exchange Online sending limits

• 10,000 recipients per user per 24h on standard Exchange Online plans.
• 500 recipients per single message in the To, Cc, Bcc fields combined.
• 30 messages per minute via SMTP AUTH.
• Exceeding any of these returns 554 5.4.1 and outbound is throttled or paused.
• High Volume Email (HVE) plan available for tenants needing higher volume - Microsoft's recommended path for transactional sending replacing legacy SMTP AUTH.

Official sources

• Microsoft Learn - Enable or disable SMTP AUTH in Exchange Online
• Microsoft Learn - Security defaults in Microsoft Entra ID
• Microsoft Learn - Disable Basic authentication in Exchange Online
• Microsoft Learn - Exchange Online sending and recipient limits

Other provider guides

• Outlook.com / Hotmail (personal)
• Google Workspace SMTP Relay
• SendGrid SMTP
• Amazon SES SMTP
• All providers at a glance (hub article)