[{"data":1,"prerenderedAt":998},["ShallowReactive",2],{"navigation":3,"/features/smtp-troubleshoot":166,"/features/smtp-troubleshoot-surround":993},[4,23,44,89,111,136],{"title":5,"path":6,"stem":7,"children":8,"icon":22},"Getting Started","/getting-started","1.getting-started/1.index",[9,12,17],{"title":10,"path":6,"stem":7,"icon":11},"Introduction","i-lucide-house",{"title":13,"path":14,"stem":15,"icon":16},"Installation","/getting-started/installation","1.getting-started/2.installation","i-lucide-download",{"title":18,"path":19,"stem":20,"icon":21},"Usage","/getting-started/usage","1.getting-started/3.usage","i-lucide-sliders",false,{"title":24,"icon":22,"path":25,"stem":26,"children":27,"page":22},"Time tracking & monitoring","/time-tracking","2.Time Tracking",[28,32,36,40],{"title":29,"path":30,"stem":31},"Time & Projects","/time-tracking/timeandprojects","2.Time Tracking/Time&Projects",{"title":33,"path":34,"stem":35},"Time Tracking","/time-tracking/time-tracking","2.Time Tracking/Time-tracking",{"title":37,"path":38,"stem":39},"Timeboard","/time-tracking/timeboard","2.Time Tracking/TimeBoard",{"title":41,"path":42,"stem":43},"Timesheets","/time-tracking/timesheets","2.Time Tracking/Timesheets",{"title":45,"icon":22,"path":46,"stem":47,"children":48,"page":22},"Features","/features","3.features",[49,53,57,61,65,69,73,77,81,85],{"title":50,"path":51,"stem":52},"Dashboard","/features/dashboard","3.features/1.dashboard",{"title":54,"path":55,"stem":56},"SMTP troubleshoot","/features/smtp-troubleshoot","3.features/10.smtp-troubleshoot",{"title":58,"path":59,"stem":60},"Calendar & Leave Overview","/features/calendar","3.features/2.calendar",{"title":62,"path":63,"stem":64},"Calendar Integration","/features/calendar-integration","3.features/3.calendar-integration",{"title":66,"path":67,"stem":68},"Shift Scheduling","/features/schedules","3.features/4.schedules",{"title":70,"path":71,"stem":72},"Project Management","/features/projects","3.features/5.projects",{"title":74,"path":75,"stem":76},"Expense Settings","/features/expense-settings","3.features/6.expense-settings",{"title":78,"path":79,"stem":80},"Auth0 SSO Integration","/features/auth0-integration","3.features/7.auth0-integration",{"title":82,"path":83,"stem":84},"Password & Authentication Policy","/features/policies","3.features/8.policies",{"title":86,"path":87,"stem":88},"Email Configuration (SMTP)","/features/email-configuration","3.features/9.email-configuration",{"title":90,"icon":22,"path":91,"stem":92,"children":93,"page":22},"Expenses","/expenses","4.expenses",[94,98,102,106],{"title":95,"path":96,"stem":97},"Expense Claims","/expenses/overview","4.expenses/1.overview",{"title":99,"path":100,"stem":101},"Add & Manage Purchases","/expenses/purchases","4.expenses/2.purchases",{"title":103,"path":104,"stem":105},"Travel & Mileage Entry","/expenses/travelentries","4.expenses/3.travelentries",{"title":107,"path":108,"stem":109,"icon":110},"Company Card Expenses","/expenses/company-cards","4.expenses/4.company-cards","i-lucide-credit-card",{"title":112,"icon":22,"path":113,"stem":114,"children":115,"page":22},"Settings","/settings","5.settings",[116,120,124,128,132],{"title":117,"path":118,"stem":119},"General","/settings/general","5.settings/1.general",{"title":121,"path":122,"stem":123},"Leave Types","/settings/leavetype","5.settings/2.leaveType",{"title":125,"path":126,"stem":127},"Carry Forward","/settings/carryforward","5.settings/3.carryForward",{"title":129,"path":130,"stem":131},"Department Management","/settings/departments","5.settings/4.departments",{"title":133,"path":134,"stem":135},"Public Holidays","/settings/publicholiday","5.settings/5.publicholiday",{"title":137,"path":138,"stem":139,"children":140,"page":22},"Mcp","/mcp","6.mcp",[141,146,151,156,161],{"title":142,"path":143,"stem":144,"icon":145},"Overview","/mcp/overview","6.mcp/1.overview","i-lucide-bot",{"title":147,"path":148,"stem":149,"icon":150},"Connecting","/mcp/connecting","6.mcp/2.connecting","i-lucide-plug",{"title":152,"path":153,"stem":154,"icon":155},"Tools Reference","/mcp/tools","6.mcp/3.tools","i-lucide-wrench",{"title":157,"path":158,"stem":159,"icon":160},"Security","/mcp/security","6.mcp/4.security","i-lucide-shield",{"title":162,"path":163,"stem":164,"icon":165},"Integrating Your Own MCP Client","/mcp/custom-client","6.mcp/5.custom-client","i-lucide-code",{"id":167,"title":54,"body":168,"description":198,"extension":987,"links":988,"meta":989,"navigation":990,"path":55,"seo":991,"stem":56,"__hash__":992},"docs/3.features/10.smtp-troubleshoot.md",{"type":169,"value":170,"toc":961},"minimark",[171,176,181,188,199,205,210,216,221,226,232,237,242,248,253,256,260,265,275,279,326,332,334,338,385,391,393,397,436,440,442,446,472,475,497,541,546,548,552,555,557,561,567,572,578,583,591,596,604,610,612,616,621,625,631,635,646,650,661,666,672,683,685,689,694,698,704,708,731,736,749,754,756,760,764,778,782,793,808,812,823,840,842,846,849,896,899,901,905,909,941,944],[172,173,175],"h1",{"id":174},"microsoft-office-365-smtp-authentication-errors-troubleshooting-guide","Microsoft Office 365 SMTP Authentication Errors - Troubleshooting Guide",[177,178,180],"h2",{"id":179},"quick-reference-common-error-messages","Quick Reference: Common Error Messages",[182,183,184],"p",{},[185,186,187],"strong",{},"Error 1:",[189,190,195],"pre",{"className":191,"code":193,"language":194},[192],"language-text","535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant.\n","text",[196,197,193],"code",{"__ignoreMap":198},"",[182,200,201,204],{},[185,202,203],{},"Fix:"," Enable SMTP AUTH at tenant level (Exchange Admin Center)",[182,206,207],{},[185,208,209],{},"Error 2:",[189,211,214],{"className":212,"code":213,"language":194},[192],"535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy.\n",[196,215,213],{"__ignoreMap":198},[182,217,218,220],{},[185,219,203],{}," Disable Security Defaults in Azure Portal OR exclude user from Conditional Access policies",[182,222,223],{},[185,224,225],{},"Error 3:",[189,227,230],{"className":228,"code":229,"language":194},[192],"535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully.\n",[196,231,229],{"__ignoreMap":198},[182,233,234,236],{},[185,235,203],{}," Enable SMTP AUTH for the specific mailbox",[182,238,239],{},[185,240,241],{},"Error 4:",[189,243,246],{"className":244,"code":245,"language":194},[192],"5.7.57 Client not authenticated to send mail.\n",[196,247,245],{"__ignoreMap":198},[182,249,250,252],{},[185,251,203],{}," Check all three layers (tenant, security policy, mailbox) + verify no MFA app is configured",[254,255],"hr",{},[177,257,259],{"id":258},"step-by-step-solution-for-microsoft-office-365-smtp-tested-working","Step-by-Step Solution for Microsoft Office 365 SMTP (Tested & Working)",[261,262,264],"h3",{"id":263},"email-authentication-smtp-to-microsoft-office-365","Email Authentication SMTP to Microsoft Office 365",[182,266,267,270,271,274],{},[185,268,269],{},"IMPORTANT:"," Before starting, make sure the account you are adding for SMTP ",[185,272,273],{},"does not have Microsoft Authenticator app setup",".",[261,276,278],{"id":277},"step-1-enable-smtp-auth-at-tenant-level-exchange-admin-center","Step 1: Enable SMTP AUTH at Tenant Level (Exchange Admin Center)",[280,281,282,292,301,320],"ol",{},[283,284,285,286],"li",{},"Go to ",[287,288,289],"a",{"href":289,"rel":290},"https://admin.exchange.microsoft.com/",[291],"nofollow",[283,293,294,295,297,298],{},"Navigate to ",[185,296,112],{}," → ",[185,299,300],{},"Mail flow",[283,302,303,304],{},"Verify settings:\n",[305,306,307,314],"ul",{},[283,308,309,310,313],{},"✅ ",[185,311,312],{},"UNCHECKED",": \"Turn off SMTP AUTH protocol for your organization\"",[283,315,309,316,319],{},[185,317,318],{},"CHECKED",": \"Turn on use of legacy TLS clients\"",[283,321,322,323],{},"Click ",[185,324,325],{},"Save",[182,327,328,331],{},[185,329,330],{},"Wait 15 minutes"," and test. If it works, you're done! Otherwise, continue...",[254,333],{},[261,335,337],{"id":336},"step-2-enable-smtp-for-specific-user-microsoft-365-admin-center","Step 2: Enable SMTP for Specific User (Microsoft 365 Admin Center)",[280,339,340,347,353,356,362,367,372,381],{},[283,341,285,342,346],{},[287,343,344],{"href":344,"rel":345},"https://admin.cloud.microsoft",[291]," (or admin.microsoft.com)",[283,348,349,350],{},"Select ",[185,351,352],{},"Active users",[283,354,355],{},"Click on your SMTP user account",[283,357,322,358,361],{},[185,359,360],{},"Mail"," tab",[283,363,322,364],{},[185,365,366],{},"Email apps",[283,368,322,369],{},[185,370,371],{},"Manage email apps",[283,373,374,375,378,379],{},"Ensure ",[185,376,377],{},"Authenticated SMTP"," is ",[185,380,318],{},[283,382,322,383],{},[185,384,325],{},[182,386,387,390],{},[185,388,389],{},"Wait a few minutes"," and test again. If still not working, continue...",[254,392],{},[261,394,396],{"id":395},"step-3-disable-security-defaults-azure-portal","Step 3: Disable Security Defaults (Azure Portal)",[280,398,399,405,411,417,422,432],{},[283,400,285,401],{},[287,402,403],{"href":403,"rel":404},"https://portal.azure.com/",[291],[283,406,294,407,410],{},[185,408,409],{},"Microsoft Entra ID"," (Azure Active Directory)",[283,412,285,413,416],{},[185,414,415],{},"Properties"," (under Manage)",[283,418,322,419],{},[185,420,421],{},"Manage Security defaults",[283,423,424,425,428,429],{},"Set ",[185,426,427],{},"Security defaults"," to ",[185,430,431],{},"Disabled",[283,433,322,434],{},[185,435,325],{},[182,437,438,390],{},[185,439,330],{},[254,441],{},[261,443,445],{"id":444},"step-4-exclude-user-from-conditional-access-policies-final-step","Step 4: Exclude User from Conditional Access Policies (Final Step)",[280,447,448,453,462],{},[283,449,285,450],{},[287,451,403],{"href":403,"rel":452},[291],[283,454,294,455,297,457,297,459],{},[185,456,409],{},[185,458,157],{},[185,460,461],{},"Conditional Access",[283,463,285,464,467,468,471],{},[185,465,466],{},"Policy snapshots"," (or ",[185,469,470],{},"Policies",")",[182,473,474],{},"You will see 4 default Microsoft-managed policies:",[305,476,477,482,487,492],{},[283,478,479],{},[185,480,481],{},"Block legacy authentication",[283,483,484],{},[185,485,486],{},"Multifactor authentication for Azure Management",[283,488,489],{},[185,490,491],{},"Multifactor authentication for admins",[283,493,494],{},[185,495,496],{},"Multifactor authentication for all users",[280,498,500,538],{"start":499},4,[283,501,502,503,506,507],{},"For ",[185,504,505],{},"each of the 4 policies",", do the following:",[305,508,509,512,517,523,534],{},[283,510,511],{},"Click on the policy name",[283,513,322,514],{},[185,515,516],{},"Edit",[283,518,285,519,522],{},[185,520,521],{},"Users"," section",[283,524,525,526,529,530,471],{},"Under ",[185,527,528],{},"Exclude",", add your SMTP user (e.g., ",[287,531,533],{"href":532},"mailto:noreply@bookyourpto.com","noreply@bookyourpto.com",[283,535,322,536],{},[185,537,325],{},[283,539,540],{},"Repeat for all 4 policies",[182,542,543,545],{},[185,544,330],{}," and test. All errors should be resolved!",[254,547],{},[261,549,551],{"id":550},"important-notes","Important Notes",[182,553,554],{},"VERIFIED: These instructions were tested and confirmed working\nNOTE: No app passwords required for this configuration\nWARNING: Excluding users from Conditional Access policies reduces security for those accounts. Only use for service accounts with strong passwords.\nWARNING: Do not configure Microsoft Authenticator on the SMTP service account",[254,556],{},[177,558,560],{"id":559},"error-1-smtp-authentication-disabled-for-tenant","Error #1: SMTP Authentication Disabled for Tenant",[182,562,563,566],{},[185,564,565],{},"Timestamp:"," Initial error",[182,568,569],{},[185,570,571],{},"Error Message:",[189,573,576],{"className":574,"code":575,"language":194},[192],"535 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. \nVisit https://aka.ms/smtp_auth_disabled for more information.\n",[196,577,575],{"__ignoreMap":198},[182,579,580],{},[185,581,582],{},"What it means:",[305,584,585,588],{},[283,586,587],{},"SMTP AUTH protocol was completely disabled at the Microsoft 365 tenant/organization level",[283,589,590],{},"No mailboxes in the organization could use SMTP authentication",[182,592,593],{},[185,594,595],{},"Solution Applied:",[305,597,598,601],{},[283,599,600],{},"Went to Exchange Admin Center → Settings → Mail flow",[283,602,603],{},"Unchecked \"Turn off SMTP AUTH protocol for your organization\" (confusing wording - unchecking it enables SMTP AUTH)",[182,605,606,609],{},[185,607,608],{},"Root Cause:","\nMicrosoft disables SMTP AUTH by default for security reasons in newer tenants",[254,611],{},[177,613,615],{"id":614},"error-2-security-defaults-policy-blocking-user","Error #2: Security Defaults Policy Blocking User",[182,617,618,620],{},[185,619,565],{}," After enabling tenant-wide SMTP AUTH",[182,622,623],{},[185,624,571],{},[189,626,629],{"className":627,"code":628,"language":194},[192],"535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. \nContact your administrator.\n",[196,630,628],{"__ignoreMap":198},[182,632,633],{},[185,634,582],{},[305,636,637,640,643],{},[283,638,639],{},"Microsoft 365 Security Defaults were enabled in Azure AD",[283,641,642],{},"Security Defaults block legacy/basic authentication methods (including SMTP AUTH)",[283,644,645],{},"This is a tenant-wide security policy that overrides SMTP AUTH settings",[182,647,648],{},[185,649,595],{},[305,651,652,655,658],{},[283,653,654],{},"Went to Azure Portal → Microsoft Entra ID (Azure AD) → Properties",[283,656,657],{},"Clicked \"Manage Security defaults\"",[283,659,660],{},"Changed Security defaults from \"Enabled\" to \"Disabled\"",[182,662,663,665],{},[185,664,608],{},"\nSecurity Defaults is Microsoft's baseline security policy that blocks basic authentication to prevent credential compromise",[182,667,668,671],{},[185,669,670],{},"Security Note:","\nAfter disabling Security Defaults, you should implement:",[305,673,674,677,680],{},[283,675,676],{},"Multi-factor authentication (MFA) for admin accounts",[283,678,679],{},"Conditional Access policies",[283,681,682],{},"Regular monitoring of sign-in logs",[254,684],{},[177,686,688],{"id":687},"error-3-per-mailbox-authentication-criteria-not-met","Error #3: Per-Mailbox Authentication Criteria Not Met",[182,690,691,693],{},[185,692,565],{}," After disabling Security Defaults",[182,695,696],{},[185,697,571],{},[189,699,702],{"className":700,"code":701,"language":194},[192],"535 5.7.139 Authentication unsuccessful, the request did not meet the criteria to be authenticated successfully. \nContact your administrator.\n",[196,703,701],{"__ignoreMap":198},[182,705,706],{},[185,707,582],{},[305,709,710,713,716,722,725,728],{},[283,711,712],{},"Tenant-wide SMTP AUTH is enabled ✓",[283,714,715],{},"Security Defaults are disabled ✓",[283,717,718,719,721],{},"BUT: The specific mailbox (",[287,720,533],{"href":532},") still had SMTP AUTH disabled at the mailbox level",[283,723,724],{},"OR: Incorrect credentials/password",[283,726,727],{},"OR: Mailbox lacks proper licensing",[283,729,730],{},"OR: MFA is enabled and requires an app password",[182,732,733,735],{},[185,734,595],{},"\nVia Microsoft 365 Admin Center:",[305,737,738,743,746],{},[283,739,740,741],{},"Users → Active users → ",[287,742,533],{"href":532},[283,744,745],{},"Mail tab → Manage email apps",[283,747,748],{},"Enable \"Authenticated SMTP\" toggle",[182,750,751,753],{},[185,752,608],{},"\nEven when SMTP AUTH is enabled tenant-wide, individual mailboxes can have it disabled. Microsoft implements this as a multi-layered security approach.",[254,755],{},[177,757,759],{"id":758},"additional-issues-to-check-not-encountered-but-common","Additional Issues to Check (Not encountered but common)",[261,761,763],{"id":762},"issue-shared-mailbox-without-license","Issue: Shared Mailbox Without License",[182,765,766,769,770,773,774,777],{},[185,767,768],{},"Symptom:"," SMTP AUTH fails even when all settings are correct\n",[185,771,772],{},"Cause:"," Shared mailboxes may not support SMTP AUTH without a license\n",[185,775,776],{},"Solution:"," Either assign a license to the shared mailbox OR convert to user mailbox",[261,779,781],{"id":780},"issue-multi-factor-authentication-mfa-enabled","Issue: Multi-Factor Authentication (MFA) Enabled",[182,783,784,786,787,789,790,792],{},[185,785,768],{}," Regular password fails authentication\n",[185,788,772],{}," SMTP doesn't support interactive MFA prompts\n",[185,791,776],{}," Create an App Password:",[280,794,795,802,805],{},[283,796,797,798],{},"Sign in to ",[287,799,800],{"href":800,"rel":801},"https://mysignins.microsoft.com/security-info",[291],[283,803,804],{},"Add sign-in method → App password",[283,806,807],{},"Use the generated app password instead of regular password",[261,809,811],{"id":810},"issue-dnsemail-authentication-missing","Issue: DNS/Email Authentication Missing",[182,813,814,816,817,819,820,822],{},[185,815,768],{}," Emails marked as spam or rejected by recipients\n",[185,818,772],{}," Missing SPF, DKIM, or DMARC records\n",[185,821,776],{}," Add proper DNS records:",[305,824,825,831,834],{},[283,826,827,828],{},"SPF: ",[196,829,830],{},"v=spf1 include:spf.protection.outlook.com -all",[283,832,833],{},"DKIM: Enable in Microsoft 365 and add CNAME records",[283,835,836,837],{},"DMARC: Add TXT record ",[196,838,839],{},"v=DMARC1; p=quarantine; rua=mailto:dmarc@domain.com",[254,841],{},[177,843,845],{"id":844},"summary-microsoft-office-365-three-layer-authentication-model","Summary: Microsoft Office 365 Three-Layer Authentication Model",[182,847,848],{},"Microsoft 365 SMTP authentication has THREE layers that must ALL be enabled:",[280,850,851,865,879],{},[283,852,853,856,857],{},[185,854,855],{},"Tenant Level"," (Organization-wide)",[305,858,859,862],{},[283,860,861],{},"Exchange Admin Center → Mail flow settings",[283,863,864],{},"Must uncheck \"Turn off SMTP AUTH protocol\"",[283,866,867,870,871],{},[185,868,869],{},"Security Policy Level"," (Azure AD)",[305,872,873,876],{},[283,874,875],{},"Security Defaults must be disabled OR",[283,877,878],{},"Conditional Access policies must allow basic auth for SMTP",[283,880,881,884,885],{},[185,882,883],{},"Mailbox Level"," (Individual user/mailbox)",[305,886,887,890,893],{},[283,888,889],{},"Each mailbox must have SMTP AUTH enabled",[283,891,892],{},"Can be set via Admin Center",[283,894,895],{},"Requires proper licensing for non-shared mailboxes",[182,897,898],{},"All three layers must be configured correctly for SMTP to work!",[254,900],{},[177,902,904],{"id":903},"best-practices-going-forward","Best Practices Going Forward",[261,906,908],{"id":907},"for-production-use","For Production Use:",[280,910,911,917,923,929,935],{},[283,912,913,916],{},[185,914,915],{},"Use OAuth2 instead of basic auth"," (more secure, Microsoft's recommended approach)",[283,918,919,922],{},[185,920,921],{},"Implement Conditional Access"," policies instead of completely disabling Security Defaults",[283,924,925,928],{},[185,926,927],{},"Use App Passwords"," if MFA is required",[283,930,931,934],{},[185,932,933],{},"Monitor sign-in logs"," regularly for suspicious activity",[283,936,937,940],{},[185,938,939],{},"Enable SMTP only for specific mailboxes"," that need it, not tenant-wide",[182,942,943],{},"OAuth2 authentication approach:",[305,945,946,949,952,955,958],{},[283,947,948],{},"Works with Security Defaults enabled",[283,950,951],{},"Supports MFA natively",[283,953,954],{},"More secure (no password storage)",[283,956,957],{},"Microsoft's recommended method",[283,959,960],{},"Future-proof (basic auth being phased out)",{"title":198,"searchDepth":962,"depth":963,"links":964},1,2,[965,966,975,976,977,978,983,984],{"id":179,"depth":963,"text":180},{"id":258,"depth":963,"text":259,"children":967},[968,970,971,972,973,974],{"id":263,"depth":969,"text":264},3,{"id":277,"depth":969,"text":278},{"id":336,"depth":969,"text":337},{"id":395,"depth":969,"text":396},{"id":444,"depth":969,"text":445},{"id":550,"depth":969,"text":551},{"id":559,"depth":963,"text":560},{"id":614,"depth":963,"text":615},{"id":687,"depth":963,"text":688},{"id":758,"depth":963,"text":759,"children":979},[980,981,982],{"id":762,"depth":969,"text":763},{"id":780,"depth":969,"text":781},{"id":810,"depth":969,"text":811},{"id":844,"depth":963,"text":845},{"id":903,"depth":963,"text":904,"children":985},[986],{"id":907,"depth":969,"text":908},"md",null,{},true,{"title":54,"description":198},"p0S8H5zT1bgQShBmWbhoOpU073zGuS1FAPCCsjHCbVI",[994,996],{"title":50,"path":51,"stem":52,"description":995,"children":-1},"Learn how to use the Dashboard to view employee availability, track leave across teams, and manage workforce planning in real time.",{"title":58,"path":59,"stem":60,"description":997,"children":-1},"Learn how to view leave balances, track usage, and monitor employee time off across a full calendar year.",1774284204318]