Office 365 SMTP settings: server smtp.office365.com, port 587, encryption STARTTLS, authentication required with full Office 365 username and password. Use this for SMTP AUTH client submission from apps and devices. For high-volume relay or service accounts, use direct send (smtp.office365.com, port 25, no auth, IP restricted) or SMTP relay via connectors. Setup steps and alternatives below.
Office 365 SMTP Settings: A Complete Configuration Guide
The Three Office 365 SMTP Methods
Microsoft 365 offers three ways to send mail via SMTP. Pick based on your use case:
| Method | Server | Port | Auth | Use Case |
|---|---|---|---|---|
| SMTP AUTH client submission | smtp.office365.com | 587 | Yes (mailbox creds) | Apps/devices sending as a user |
| Direct send | tenant.mail.protection.outlook.com | 25 | No (IP-restricted) | Sending to your own users only |
| SMTP relay | tenant.mail.protection.outlook.com | 25 | No (IP-restricted, connector required) | Sending to external users |
Method 1: SMTP AUTH Client Submission (Most Common)
This is the standard Office 365 SMTP setup for apps and devices that send as a specific mailbox.
Configuration:
- Server / host for office 365:
smtp.office365.com - Port:
587 - Encryption:
STARTTLS(required) - Authentication: yes — full Microsoft 365 email address + password
- Username: e.g.,
[email protected] - Password: mailbox password (or app password if MFA enabled)
Limits:
- 30 messages per minute per mailbox
- 10,000 recipients per day per mailbox
- Authenticated SMTP submissions count against the mailbox's daily limit
Requirements:
- SMTP AUTH must be enabled at the tenant level (default is disabled in newer tenants)
- SMTP AUTH must be enabled per-mailbox
- TLS 1.2 or higher (TLS 1.0/1.1 deprecated)
Method 2: Direct Send
For sending mail to your own users only (e.g., a printer scanning documents to internal addresses). No authentication required, but tightly restricted.
Configuration:
- Server:
tenant-com.mail.protection.outlook.com(your tenant's MX record — find it in Microsoft 365 Admin → Domains → Domain DNS info) - Port:
25 - Encryption: TLS (optional but recommended)
- No authentication
- From: address must be a domain on your tenant
Limits:
- Recipients must be in your tenant's accepted domains
- Bypass standard mailbox limits but subject to provider rate limiting
- SPF for office 365 from sending IP must align
Method 3: SMTP Relay
For applications that need to send to both internal AND external recipients without per-mailbox auth.
Configuration:
- Server:
tenant-com.mail.protection.outlook.com - Port:
25 - Requires an Exchange Online connector with your sending IP
- TLS recommended
Setup (admin only):
- Exchange Admin Center → Mail flow → Connectors
- Add connector → From: "Your organization's email server"
- Identify by IP address
- Add the sending IP
- Enable TLS
Limits:
- Subject to anti-spam evaluation
- Bulk sending may be throttled
- Recipient limits depend on relationship to your tenant
Office 365 IMAP and POP3 Settings (Inbound)
For completeness, IMAP/POP3 settings (used for reading mail, not sending):
IMAP:
- Server:
outlook.office365.com - Port:
993 - Encryption: SSL/TLS
- Auth: yes (full Microsoft 365 email + password or app password)
POP3:
- Server:
outlook.office365.com - Port:
995 - Encryption: SSL/TLS
- Auth: yes
For office 365 IMAP configuration or office 365 pop3 settings, these are the standard values. Exchange Online SMTP, IMAP, and POP3 all use the same hostname pattern.
Common Office 365 SMTP Issues
"550 5.7.60 SMTP; Client does not have permissions to send as this sender"
The authenticating mailbox doesn't have permission to send as the From: address. Either send as the authenticating mailbox or grant Send As permissions.
"535 5.7.139 Authentication unsuccessful"
SMTP AUTH is likely disabled. Verify: Microsoft 365 Admin Center → Settings → Org settings → Modern authentication → SMTP AUTH. Then per-mailbox: Active Users → mailbox → Mail → Manage email apps → SMTP enabled.
Modern Authentication / OAuth2
Microsoft is pushing OAuth2-based authentication. Basic auth (username/password) is being phased out. For new integrations, use OAuth2 with the SMTP AUTH extension. Apps that don't support OAuth2 will need app passwords (when MFA is on) or basic auth tenants (rare in 2026).
Sending from devices with hardcoded SMTP
Older devices (printers, scanners) often only support basic auth. Use SMTP relay via connector with IP-based auth instead — bypasses the auth requirement.
Practitioner note: The 30-messages-per-minute limit on SMTP AUTH catches a lot of teams off guard. If you're sending bulk mail via SMTP AUTH, you'll hit throttling. The fix is either: 1) batch sends with delays, 2) use SMTP relay via connector for higher volumes, or 3) use a transactional ESP (Postmark, Resend, SendGrid) which removes this constraint entirely.
Practitioner note: Office 365 SMTP settings work but Office 365 isn't actually optimized for bulk sending — it's a mailbox service, not an ESP. For more than 5K-10K messages/day, you'll fight throttling, deliverability, and reputation issues. Move marketing/bulk to a dedicated ESP and keep Office 365 for human-sent mailbox traffic.
Practitioner note: When configuring SMTP for Office 365 in a managed service or agency context, document EVERYTHING per client: the connector setup, the IP restrictions, the mailbox permissions. These configurations break silently when admins change. Keep a runbook.
If you need help configuring Office 365 SMTP at scale — for service accounts, devices, applications, or SMTP relay scenarios — book a consultation. I configure Office 365 mail flow architectures regularly for SaaS teams and agencies.
Sources
- Microsoft: How to set up a multifunction device or application to send email
- Microsoft: POP, IMAP, and SMTP settings for Outlook.com
- Kinsta: Office 365 SMTP guide
- Mailtrap: Office 365 SMTP settings
v1.0 · May 2026
Frequently Asked Questions
What are the SMTP settings for Office 365?
Server: smtp.office365.com. Port: 587. Encryption: STARTTLS (required). Authentication: required, using your full Microsoft 365 username and password. This is the SMTP AUTH client submission method — works for apps, devices, and scripts that authenticate as a specific mailbox. Limits: 30 messages per minute and 10,000 recipients per day.
What's the Office 365 SMTP server and port?
Server (host) is smtp.office365.com. Port is 587 for SMTP AUTH client submission with STARTTLS. For direct send or relay scenarios, port 25 is used with IP restrictions instead of authentication. SMTP office365 com port 465 (SMTPS) is not supported by Microsoft — use 587 with STARTTLS.
How do I configure SMTP for Office 365?
For SMTP AUTH (most common): set host to smtp.office365.com, port 587, enable STARTTLS, provide username (full Microsoft 365 email address) and password. App password may be required if MFA is enabled. For high-volume use cases, configure a connector via Exchange Online Admin Center for direct send or relay.
What's the office 365 SMTP host for relay?
For SMTP relay (sending from a device/app to multiple recipients without per-message authentication), the host is yourtenant.mail.protection.outlook.com (your MX record value). Port 25. Requires an Office 365 connector and IP-based authentication. Microsoft restricts this to scenarios where the sender controls the IP address.
Why is my office 365 SMTP authentication failing?
Most common causes: 1) SMTP AUTH is disabled at the tenant level (admin must enable). 2) SMTP AUTH is disabled per-mailbox (admin must enable). 3) MFA is on and you're using a regular password instead of an app password. 4) Basic Authentication has been deprecated for your tenant. Check Exchange Online → Active Users → Mail → Manage email apps → ensure SMTP is enabled.
Want this handled for you?
Free 30-minute strategy call. Walk away with a plan either way.