SMTP AUTH is disabled in the Exchange Online Transport Configuration
exchange_transport_config_smtp_auth_disabled
Microsoft 365 Exchange Online transport configuration disables authenticated SMTP submission (SMTP AUTH) at the organization level
Risk
With SMTP AUTH enabled, attackers can:
- Launch password spraying against mailboxes
- Bypass MFA on SMTP submissions
- Send unauthorized email, enabling internal spoofing and phishing
This undermines message integrity, aids lateral movement, and harms tenant reputation and deliverability.
prowler m365 --checks exchange_transport_config_smtp_auth_disabled
Recommendation
Disable SMTP AUTH tenant-wide and allow per-mailbox exceptions only when justified, time-bound, and monitored. Prefer modern authentication and secure submission alternatives. Apply least privilege and defense in depth, restrict app access, rotate secrets, and monitor send patterns for anomalies.
Remediation
Set-TransportConfig -SmtpClientAuthenticationDisabled $true
- Open the Exchange admin center: https://admin.exchange.microsoft.com
- Go to Settings > Mail flow
- Turn on "Turn off SMTP AUTH protocol for your organization"
- Click Save
Source Code
Resource Type
NotDefined