This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 94%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
We need a hero.
With the improvement in the Security of M365, it is a challenge to properly set up various Multi-Function Printers. Anyone familiar with the Business Printer Provider Community knows their support struggles to provide comprehensive solutions for relatively common configurations. Terms like Basic versus Modern Authentication, OAuth versus Oath 2.0, etc. are not well understood by many of us and this leads to confusion on the practical steps to get the MFP's to support applications like Scan to E-mail.
I want to provide one example, complete with the solution I used. I could not get a Xerox AltaLink C8045 to work with a public outlook.com account. Wanted to try that to keep the cost down. I think Microsoft might be blocking that?
So, I created a M365 account. Using that account with the XEROX recommended settings only worked after I enabled SMTP AUTH in the Microsoft Admin Portal as explained in the following Microsoft link: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission#use-the-microsoft-365-admin-center-to-enable-or-disable-smtp-auth-on-specific-mailboxes.
This info should help others with a similar problem, which is great.
I think the M365 account being used for Scan to E-mail is now supporting SMTP AUTH and that is what the Xerox MFP requires. Furthermore, this is the only account supporting SMTP AUTH because Microsoft has set the default to not support SMTP AUTH. I think that is considered Basic Auth, not Modern Auth. I also think SMTP AUTH is a part of OAuth and Modern Auth is the same things as OAuth 2.0.
The Xerox Support folks don't know get the C8045 to use Modern Auth. If they did, that is the best way to set up Scan to E-mail. They believe the C8045 can utilize Modern Auth but not how to do it.
So, I will finish this post asking that someone who truly knows replies to say if my use of the terms is correct or not. If not, please correct them.
If some does that, it will go a long way to getting MFP’s using M365 accounts securely.
Also, as a bonus, it would help a lot of us out, if you could confirm:
Thanks, Peter
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Hello @Pwzcebic ,
To answer the last two inquires,
1) Basic Auth is also called OAuth?
2) Modern Auth is also call OAuth 2.0?
To clarify things a bit more, in order to allow apps/printers/devices to access a certain mailbox and send email from that mailbox you can use either of the following:
All of these methods are explained here: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365
SMTP AUTH is usually recommended by most vendors/suppliers and is supported by most apps/devices. SMTP AUTH can be done using Basic and Modern Auth, depending on the vendor/app/device (but since MS is deprecating basic auth, it needs to be configured with Modern Auth). One thing to take into account here is that SMTP AUTH is controlled tenant-wide and on individual mailboxes. It is good practice to disable it tenant wide using Set-TransportConfig and then enable it on the mailboxes that need to be accessed using SMTP AUTH with the command Set-CASMailbox or via EAC. More details here: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
I hope this is insightful,
Regards,
Said.
Hi @Said Amchart ,
Thank you for your response. It clears up my understanding and should be helpful for others.
I do have a related question to this explanation. I am still fuzzy on what whether or not I am using Basic Authentication or Modern Authentication in the example I gave in my initial post. I had to enable SMTP AUTH as an Admin for M365 for the user/email supporting the scan to e-mail on the Xerox MFP. I think I am now using Basic Authentication for this user/email. Is that right or wrong?
@Pwzcebic , Hey again, I hope you got your answer eventually.
If not, I have mentioned in in my answer above:
It depends on what you used on the Xereox MFP to provide access to the Exchange Online mailbox:
Good luck,
Said.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 31%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJX%3C/text%3E%3C/svg%3E)
Hi @Pwzcebic ,
Agree with @Said Amchart and i will make some additions.
Microsoft is disabling Basic Authentication, and those that previously had SMTP authentication enabled will continue to be able to use it.
Refer to: Deprecation of Basic authentication in Exchange Online
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Thanks for your response. Together with the response from @Said Amchart , I think we are getting a good source to understand the terminology.
I have a specific question related to your response. Is SMTP AUTH considered a method of Basic authentication? I think the answer is yes.
Thanks to @Said Amchart and @Jame Xu-MSFT for your responses. I look forward to your responses to my follow-up questions.
Hi @Pwzcebic ,
You could not consider SMTP AUTH as a method of basic authentication. You could consider one of the methods in SMTP AUTH to be basic authentication based on username and password. SMTP AUTH supports modern authentication (Modern Auth) through OAuth in addition to basic authentication. Disabling basic authentication only disables one of the SMTP AUTH authentication methods.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
And what happens with the security reasons of not having plain user and password in the connection? Any of these options could be done with a third party vendor for SMTP Relay? How to avoid SPAM, Phishing and others impersonating users with these devices that not support Multifactor Auth?