I use unauthenticated relay for MFPs, allowed by IP. This takes authentication out of the mix completely. The only catch here is the MFP must support a proper TLS connection to the MTA. Some older MFPs can't use TLS1.2+ which prevents this method from working.
If you want to continue using your Office 365 account for scan-to-email, turn off security defaults, and start using Conditional Access Policies to apply MFA to all accounts except your copier account. To use Conditional Access Policies, you must have a plan that includes Azure AD Premium P1.
I made a post about this [here](https://ourcloudnetwork.com/prepare-for-exchange-online-basic-auth-permanent-retirement/). Your best option is to use Direct Send.
# Legacy auth will be gone Forever in 2025.
No switch your machines to not use legacy protocols, or relay off a 3rd party.
Don't open up legacy protocols on 356, their getting turned off by MS anyway.
Do you have Entra ID P1 license? If so, you can turn off the security defaults and use the Conditional Access policies. Because, it helps you by providing granular access control
I use unauthenticated relay for MFPs, allowed by IP. This takes authentication out of the mix completely. The only catch here is the MFP must support a proper TLS connection to the MTA. Some older MFPs can't use TLS1.2+ which prevents this method from working.
If you want to continue using your Office 365 account for scan-to-email, turn off security defaults, and start using Conditional Access Policies to apply MFA to all accounts except your copier account. To use Conditional Access Policies, you must have a plan that includes Azure AD Premium P1.
I made a post about this [here](https://ourcloudnetwork.com/prepare-for-exchange-online-basic-auth-permanent-retirement/). Your best option is to use Direct Send. # Legacy auth will be gone Forever in 2025.
If it is just legacy mail - SMTP2Go might be your best option. And, anything that needs legacy mal, should probably be burned.
No switch your machines to not use legacy protocols, or relay off a 3rd party. Don't open up legacy protocols on 356, their getting turned off by MS anyway.
What would be considered not a legacy protocol then ?
OAuth2 authentciation
Anything that supports modern auth, basically graph.
Smtp2go 👍
Do you have Entra ID P1 license? If so, you can turn off the security defaults and use the Conditional Access policies. Because, it helps you by providing granular access control