The issue occurs when using Microsoft’s Exchange Online (part of the Microsoft 365 suite) as the email service. It is caused by Microsoft’s policies to improve authentication security for the Exchange Online service.
While Microsoft’s plan to drop support for TLS 1.0, Basic Authentication and SMTP Authentication and push everyone to use Multi Factor Authentication (MFA) is a good thing in the long term, it will cause problems for software and devices that do not support the more modern authentication methods and protocols.
Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth.
As at October 2021, Exchange Online dropped support for TLS 1.0 & TLS 1.1 and Basic Auth on the SMTP endpoint smtp.office365.com. If still you need to use the older TLS versions you can enable legacy TLS mode on your Exchange Online tenant and then use the smtp-legacy.office365.com endpoint instead.
Starting in February 2022, Microsoft are enforcing the disabling of Basic Auth by randomly turning it off for tenants for 12-48 hours! (see article):
IMPORTANT: Beginning early 2022, we will selectively pick tenants and disable Basic Auth for all affected protocols except SMTP AUTH for a period of 12-48 hours.
This means that you might have your system work one day, then fail for a while and then work again, which is not ideal. By October 2022, the protocols will be disabled for all tenants.
As far as Microsoft Dynamics GP is concerned, please ensure your sites are upgraded to the latest versions such as 18.3 and 18.4 as the GP support team are seeing more problems with older GP versions 18.2 or before. This is because the later versions of GP have been updated to support the new authentication protocols.
The following information is from the GP Support team:
We need all customers upgraded to 18.3 or later by October 2022 if they want to continue to use email in Dynamics GP without problems.
In my next article I will explain how to check and change settings on your Exchange Online tenant using PowerShell. This will allow enabling of Legacy TLS protocol or SMTP Authentication.
The following articles from the Dynamics GP Support and Services blog have more details:
- Dynamics GP Workflow intermittent emails failing
- Emails intermittent failing when sending out of Dynamics GP (Not workflow emails)
- Microsoft Dynamics GP Email Troubleshooting Guide
- Dynamics GP and Modern Authentication (with video)
The following articles from Microsoft provide more details about the changes:
- Basic Authentication and Exchange Online – February 2021 Update
- Basic Authentication and Exchange Online – September 2021 Update
- New opt-in endpoint available for SMTP AUTH clients still needing legacy TLS
- Opt in to the Exchange Online endpoint for legacy TLS clients using SMTP AUTH
- Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online
Hope you find this information helpful.
This article was originally posted on http://www.winthropdc.com/blog.