Important Notice:
Office365 has deprecated basic SMTP authentication per their Blog Announcement. Due to this change by Microsoft, clients will no longer be able to use smtp.office365.com as their Custom Email Domain / SMTP host.
Please see the deprecation notice below:
"For many years, applications have used Basic authentication to connect to servers, services, and API endpoints. Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. Traditionally, Basic authentication is enabled by default on most servers or services and is simple to set up.
Simplicity isn't at all bad, but Basic authentication makes it easier for attackers to capture user credentials (particularly if the credentials are not protected by TLS), which increases the risk of those stolen credentials being reused against other endpoints or services. Furthermore, the enforcement of multifactor authentication (MFA) is not simple or in some cases, possible when Basic authentication remains enabled.
Basic authentication is an outdated industry standard. Threats posed by it have only increased since we originally announced that we were going to turn it off (see Improving Security - Together) There are better and more effective user authentication alternatives.
We actively recommend that customers adopt security strategies such as Zero Trust (Never Trust, Always Verify), or apply real-time assessment policies when users and devices access corporate information. These alternatives allow for intelligent decisions about who is trying to access what from where on which device rather than simply trusting an authentication credential that could be a bad actor impersonating a user.
The changes described in this article can affect your ability to connect to Exchange Online, so you should take steps to understand if you are impacted and determine the steps you need to take to ensure you can continue to connect once they roll out.
It's recommended that you first investigate the impact on your tenant and users. Look out for Message Center posts that either summarize your usage or report you don't have any.
More information can be found here: New tools to block legacy authentication in your organization - Microsoft Tech Community. The report can help you track down and identify clients and devices using Basic authentication.
Once you have an idea of the users and clients you know are using Basic authentication, come up with a remediation plan. That might mean upgrading client software, reconfiguring apps, updating scripts, or reaching out to third-party app developers to get updated code or apps."
Deprecation of Basic Authentication
If you have issues using smtp.office365.com as your SMTP host, we suggest using a dedicated SMTP provider.