Modern email is moving away from basic authentication for SMTP. This means email services like Office 365 and Google are recommending to disable basic auth in favor of MS Modern Authorization and Google 2-Step Verification. Unfortunately, ArcGIS Portal does not currently support these authentication types making it impossible to configure email settings for ArcGIS Enterprise. That also means organizations relying on email services with basic authentication disabled cannot enable multifactor authentication in ArcGIS Enterprise, as enabling MFA requires email be configured for Portal.
Seconded. Currently have a client that insists on MFA for all external facing services, but basic auth is a considered a bigger security risk than not having MFA. Most clients now using M365 and exchange online services.
Note! Configuring, activating and using the MFA doesn't require a working configuration of SMTP settings in place - to activate MFA, just define some SMTP setting. Naturally, if you want the whole package to work smoothly (e.g forgot password functionalities etc.) you should use correct SMTP (e.g. dedicated application account from Google) - you may also always define the sender (from) in the configuration regardless of the SMTP provider.
The organization that I work for is requesting thsi to be setup.
We did not have Security Defaults enabled (Requirement for MFA, etc)
But it still DID NOT work.
Further, we even enabled security defaults, and MFA for the account we are going to use for this function. So we generated an APP PASSWORD, still did not work.
Okay, we got this one figured out.
We used the DIRECT SEND method from this MS Article - How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 ...
Specifically this option - https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-de...
We entered our MX Record in the server field, Port 25, StarTLS, and as the email address, we used the ArcGIS account that is licensed (EOP1) and NO SMTP AUTH and were able to send test e-mails successfully.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.