Select to view content in your preferred language

Support Modern Auth for Office 365 in Enterprise email configuration

2661
4
08-04-2023 07:03 PM
Status: Open
CarlosBarahona
Occasional Contributor

Modern email is moving away from basic authentication for SMTP. This means email services like Office 365 and Google are recommending to disable basic auth in favor of MS Modern Authorization and Google 2-Step Verification. Unfortunately, ArcGIS Portal does not currently support these authentication types making it impossible to configure email settings for ArcGIS Enterprise. That also means organizations relying on email services with basic authentication disabled cannot enable multifactor authentication in ArcGIS Enterprise, as enabling MFA requires email be configured for Portal.

 

4 Comments
Scott_Tansley

Seconded.  Currently have a client that insists on MFA for all external facing services, but basic auth is a considered a bigger security risk than not having MFA.  Most clients now using M365 and exchange online services.

sodtom
by

Note! Configuring, activating and using the MFA doesn't require a working configuration of SMTP settings in place - to activate MFA, just define some SMTP setting. Naturally, if you want the whole package to work smoothly (e.g forgot password functionalities etc.) you should use correct SMTP (e.g. dedicated application account from Google) - you may also always define the sender (from) in the configuration regardless of the SMTP provider.

CV_Frank

The organization that I work for is requesting thsi to be setup.

 

We did not have Security Defaults enabled (Requirement for MFA, etc)

But it still DID NOT work.

Further, we even enabled security defaults, and MFA for the account we are going to use for this function. So we generated an APP PASSWORD, still did not work.

 

CV_Frank

Okay, we got this one figured out.

We used the DIRECT SEND method from this MS Article - How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 ...

Specifically this option - https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-de...

We entered our MX Record in the server field, Port 25, StarTLS, and as the email address, we used the ArcGIS account that is licensed (EOP1) and NO SMTP AUTH and were able to send test e-mails successfully.