Skip to main content

Notifications

Announcements

No record found.

Small and medium business | Business Central, N...
Answered

Setup up SMTP with MFA and the setting to block legacy authentication

(0) ShareShare
ReportReport
Posted on by 997

We have set the MFA on our azure and then we also have to setup  the appcode password for Business Central.

This only work if you also set  the setting to block legacy authentication

Here is my problem i cant set  the setting to block legacy authentication, as it seem to require you buy more security option to you Azure account

 or  how else to set this up, with out to buy more.

  • Claus Macali.dk Profile Picture
    Claus Macali.dk 997 on at
    RE: Setup up SMTP with MFA and the setting to block legacy authentication

    Thanks Marco, very helpfull

  • Verified answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: Setup up SMTP with MFA and the setting to block legacy authentication

    Hello,

    My favorite topic 

    There is a requirement to be 100% compliant as a CSP (if you are a CSP). The requirement here is that all the accounts you did add to your customer tenant (as a CSP) is that you add MFA to these accounts. The customer which you assist as as CSP do not have whereabouts of these accounts that were added (delegated admin for instance). So MFA is a must in that setup. If you are not a CSP, then this really a great idea  to do this as a requirement to all your accounts that access ERP data. 

    More information for CSP's:
    docs.microsoft.com/.../partner-security-requirements

    There is always this misunderstanding:

    1. Azure Policy => not compatible with App Passwords

    2. Not being able to use these Azure Policies => not compliant => SMTP / CRM accounts can no longer be used

    This is not true. Only 1 is true. Related to 2: It does not matter how you enable MFA on your accounts. The only requirement is that you do. Now with these Azure policies you do have the option to assign the policy and exclude the two accounts needed in Dynamics NAV / Dynamics 365 BC. Still you do have to enable MFA. This can be done on a per user base. Enabling MFA on all accounts with exceptions does require Azure Premium licenses. The free Azure policy like the Security Policy does simply switch MFA for all users including the two ones that do require App passwords.

    If you do not need these Azure Premium license, you simply enable MFA on all account on a per user base. This can be done in Azure AD, Users, username or Office 365 Portal, Users, Edit users. Here you can also do this in bulk. 

    The only issue here is that when creating new users, you may forget to enable but you can overcome this by ensuring this does become a managed process. This is where the Azure Premium license do come into place. 

    Thanks.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Congratulations 2024 Spotlight Honorees

Kudos to all of our 2024 community stars! 🎉

Meet the Top 10 leaders for December

Congratulations to our December super stars! 🥳

Start Your Super User Journey Pt 2

Join the ranks of our community heros! 🦹

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,904 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,605 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans