How to configure SMTP server with authentication under MetaDefender Core to send notification to M365?
This article applies to all MetaDefender Core releases deployed on Windows and Linux.
- To be able to send notification to your Microsoft 365 (M365) tenant from MetaDefender Core, the following fields should be configured properly under MetaDefender Core:
- Server: smtp.office365.com
- Port: 587
- Connection type: TLS
- Auth Method: Auth Login
- Email: Email address for sender of notification, it should be a real mailbox which is licensed on M365 side.
- Username: username of the mailbox provided under “email” field.
- Password: password of the mailbox provided under “Email” field.
More details about M365 URLs can be found checking following link: Microsoft 365 URLs and IP address ranges - Microsoft 365 Enterprise | Microsoft Learn
Example:

Basic auth is currently disabled by default by M365, with deprecation following soon on April 30th, 2026.
Exchange Online will permanently remove support for Basic authentication with Client Submission (SMTP AUTH) gradually beginning with a small percentage of submission rejections for all tenants on March 1st 2026 and reaching 100% rejections on April 30th 2026, (previously September 2025).
After this time, applications and devices will no longer be able to use Basic auth as an authentication method and must use OAuth when using SMTP AUTH to send email. As a result, you may be unable to configure the SMTP server in MetaDefender Core due to an error "Something went wrong":

Resolution:
To address the deprecation of basic auth for M365, upcoming MetaDefender Core releases will have planned support for modern OAuth.
Workaround:
As a temporary workaround, if you are comfortable using basic authentication, you can enable that feature manually for the email account that MetaDefender Core uses to connect to M365.
Steps:
- In PowerShell, run:
New-AuthenticationPolicy -Name "Allow Basic Auth" -AllowBasicAuthSmtp Set-User -Identity username@domain.com -AuthenticationPolicy "Allow Basic Auth"
- Note: Replace
username@domain.com
with the actual email address. - Verify that basic auth is working by adding the SMTP configuration in MetaDefender Core and send notification emails.
- If basic auth was enabled correctly in M365, the SMTP server should be added successfully without encountering the “Something went wrong” error:

References:
If Further Assistance is required, please proceed to log a support case or chatting with our support engineer.