Mail service providers are moving away from basic authentication to modern authentication as an added layer of security.
Older cryptographic protocols like TLS 1.0 and TLS 1.1 are also deprecated due to vulnerability of SHA-1 used by handshake process in TLS 1.0 and TLS 1.1.
This requires an firmware update on all older multi-function printers to support at a minimum TLS 1.2 and cater for OAuth2 (tokens).
Devices generally don’t work well with OAuth1, as it requires signature verification on both client and service provider, causes browser prompt and thus results in poor user experience.
As of October 2022, Microsoft has disabled SMTP AUTH and it has to be enabled manually on a per user basis.
To enable, login as tenant administrator to https://admin.microsoft.com, select Users – Active users.
Click on account to use for SMTP AUTH, click on Mail and select Manage email apps.
Tick on Authenticated SMTP, click Save changes.
Once enabled, administrators can setup their multi-function printers accordingly. Also, older multi-function printers handle special characters poorly when doing SMTP authentication with mail server. (especially ~”, which could be reserved special characters required to construct the connection and are not handled correctly).
Typical configuration for SMTP authentication would be;
Server: mail.office365.com
SSL/TLS: TLS1.2 enabled (TLS1.1 and below will fail to connect)
Port: 25/465
SMTPAUTH: enabled
Using OAuth for authentication
If you have updated the printer firmwares to support OAuth, you may be required to consent printer manufacturer to have access and be able to query your Azure AD tenant.
For FujiFilm(Xerox) printer, the consent url, as per their notice in August 2022 specifies the steps to do.
Admin will need to allow the permissions requested as per screenshot.
Once accepted, it will appear as an app under Enterprise Application in Azure Active Directory.
POP3 server settings has to be enabled too for the email account used for SMTP scanning.