3/18/2025 Update
We've just published the following article about this SMTP authentication issue, including a promising solution using a new M365 feature:
Basic Authentication Retirement for SMTP and Dynamics GP Workflow
3/6/2025 Update
We have started to see some reports of certain workflow e-mail functionality that is no longer working. After digging into this further it appears that the Office365/Outlook SMTP e-mail endpoint is undergoing a planned retirement of the Basic Authentication sign-in method, as described in the following article:
Exchange Online to retire Basic auth for Client Submission (SMTP AUTH) | Microsoft Community Hub
As a reminder, the only time SMTP is used for Workflow e-mail in the following situations:
1. You do not have Modern Authentication enabled in Dynamics GP and you perform a workflow action (e.g. Submit or Approve) from within the Dynamics GP client
2. If an approver receives an assignment e-mail and uses one of the Workflow Action links (e.g. Approve, Reject or Delegate) it will SMTP to send any e-mail notifications
3. If you use the Reminder or Escalation functionality in Workflow the SQL Server Agent Jobs that trigger those e-mails also use SMTP
We are currently evaluating options to address this in Dynamics GP. In the meantime some possible workarounds are:
A. Use a self-hosted SMTP server that does support Basic Authentication
B. Utilize the pre-build "Pending Approval" navigation lists in Dynamics GP so approvers can log into the GP client and perform their Workflow actions. This will use Modern Authentication to send e-mail notifications
C. You may also be able to find a different public SMTP server that still does allow Basic Authentication
As we learn more about this situation we will be sure to provide updates on the Dynamics GP Support and Services blog.
We have had an increase in cases with intermittent workflow emails failing. Some of the Workflows have worked for years so we know the configuration is valid, but they are now becoming less reliable.
The cause has to do with a change that has long been in the works. After several announcements and delays the TLS changes have been updated on the SMTP endpoints on the Exchange team side. Workflow uses SMTP as the transport for sending the emails. The following blog explains what they have done
New opt-in endpoint available for SMTP AUTH clients still needing legacy TLS - Microsoft Tech Community
In that blog they provide a way for machines such as copiers to send emails using a legacy endpoint. Software such as Dynamics GP can also use the smtp-legacy endpoint to continue to send SMTP emails.
The general configuration steps are covered in the following document
Opt in to the Exchange Online endpoint for legacy TLS clients using SMTP AUTH | Microsoft Docs
For Dynamics GP you will need to follow the steps to Opt in to the client legacy endpoint in your Office 365 tenant. Connecting to your tenant using powershell is beyond the scope of this blog but once connected you would run the following powershell command
Set-TransportConfig -AllowLegacyTLSClients $true
And to view the status would be the following command
Get-TransportConfig | Format-List AllowLegacyTLSClients
Once the above Opt in has been set the only other part in GP that needs to be updated is the SMTP server in the Workflow setup window. Microsoft Dynamics GP>> Tools>>Setup>>System >> Workflow Setup
For emails other than workflow SMTP emails refer to this blog
