Prerequisites: Office 365 Subscription, Exchange Online Plan
This article explains how you can send email from devices and business applications when all of your mailboxes are in Office 365. For example:
-
You have a scanner, and you want to email scanned documents to yourself or someone else.
-
You have a line-of-business (LOB) application that manages appointments, and you want to email reminders to clients of their appointment time.
Note
Beginning September 1st, 2018, Office 365 is slowly rolling out changes to SMTP client submission (also known as SMTP Authenticated Submission), which may affect your devices and your applications that send emails. For more information, see the KB article Improvements to the SMTP Authenticated Submission client protocol.
Option 1 (recommended): Authenticate your device or application directly with an Office 365 mailbox, and send mail using SMTP client submission
This option supports most usage scenarios and it's the easiest to set up. Choose this option when:
-
You want to send email from a third-party hosted application, service, or device.
-
You want to send email to people inside and outside your organization.
To configure your device or application, connect directly to Office 365 using the SMTP client submission endpoint smtp.office365.com.
Each device/application must be able to authenticate with Office 365. The email address of the account that's used to authenticate with Office 365 will appear as the sender of messages from the device/application.
How to set up SMTP client submission
Enter the following settings directly on your device or in the application as their guide instructs (it might use different terminology than this article). As long as your scenario meets the requirements for SMTP client submission, the following settings will enable you to send email from your device or application.
| Device or Application setting | Value |
|---|---|
| Server/smart host | smtp.office365.com |
| Port | Port 587 (recommended) or port 25 |
| TLS/StartTLS | Enabled |
| Username/email address and password | Enter the sign in credentials of the hosted mailbox being used |
For more information, expand the following sections.
TLS and other encryption options
Determine what version of TLS your device supports by checking the device guide or with the vendor. If your device or application does not support TLS 1.2 or above:
-
Use direct send (Option 2) or Office 365 SMTP relay (Option 3) for sending mail instead (depending on your requirements).
-
If it is essential to use SMTP client submission and your printer only supports SSL 3.0, you can set up an alternative configuration called Indirect SMTP client submission. This uses a local SMTP relay server to connect to Office 365. This is a much more complex setup. Instructions can be found here: How to configure IIS for relay with Office 365.
Note
If your device recommends or defaults to port 465, it does not support SMTP client submission.
How SMTP client submission works
The following diagram gives you a conceptual overview of what you're environment will look like.
Features of SMTP client submission
-
SMTP client submission allows you to send email to people in your organization as well as outside your company.
-
This method bypasses most spam checks for email sent to people in your organization. This can help protect your company IP addresses from being blocked by a spam list.
-
With this method, you can send email from any location or IP address, including your (on-premises) organization's network, or a third-party cloud hosting service, like Microsoft Azure.
Requirements for SMTP client submission
-
Authentication: You must be able to configure a user name and password to send email on the device.
-
Mailbox: You must have a licensed Office 365 mailbox to send email from.
-
Transport Layer Security (TLS): Your device must be able to use TLS version 1.2 and above.
-
Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports, especially port 25.
-
DNS: You must use the DNS name smtp.office365.com. Do not use an IP address for the Office 365 server, as IP Addresses are not supported.
Note
For information about TLS, see How Exchange Online uses TLS to secure email connections in Office 365 and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.
Limitations of SMTP client submission
You can only send from one email address unless your device can store login credentials for multiple Office 365 mailboxes. Office 365 imposes a limit of 30 messages sent per minute, and a limit of 10,000 recipients per day.