SMTP AUTH SHALL be disabled.

Why This Matters

SMTP AUTH (or SMTP client submission) is a legacy protocol that bypasses modern authentication requirements like multi-factor authentication. If left enabled, attackers can use compromised credentials to send spam, phishing emails, or escalate a breach through authenticated email relays. Disabling this protocol reduces the attack surface and aligns with zero-trust security principles.

What Aether365 Checks

Aether365 verifies that SMTP AUTH is disabled on your Microsoft 365 tenant. This check appears in the dashboard under microsoft-365 checks and alerts you if the setting remains enabled.