Share via

SMTP Authentication Error with App Passwords

Mohana Reddy 165 Reputation points
2025-05-18T01:22:50.67+00:00

An app password was generated successfully, but an error occurs when attempting to use it for sending emails. The following error message is received:

❌ Email sending error: Error: Invalid login: 535 5.7.139 Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator. [[CH0PR03CA0235.namprd03.prod.outlook.com](http://ch0pr03ca0235.namprd03.prod.outlook.com/) 2025-05-15T12:36:27.024Z 08DD9219C89EDD6F]

SMTP settings have been enabled for the user, but global restrictions are in place by default.

The error details indicate an issue with authentication.

How can this issue be resolved?

Note: My client is not agreeing to go for disabling security defaults or enabling conditional access policies.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,687 questions
Accepted answer
  1. Jyotishree Moharana 1,600 Reputation points Microsoft External Staff Moderator
    2025-05-19T20:02:29.87+00:00

    Hello @Mohana Reddy,

    The error message is indicating that the security default setting is blocking the use of legacy authentication. As security defaults are global setting excluding one user is not possible neither it provides any customization option.

    As an alternative and more secure solution, also given that basic authentication is being depreciated kindly consider using Microsoft Graph API with OAuth 2.0 for sending emails, which aligns with Microsoft’s current security best practices and long-term support strategy.

    Please review the below document for more information on the implementation.
    Deprecation-of-basic-authentication-exchange-online

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 156.4K Reputation points MVP Moderator
    2025-05-18T12:38:20.5+00:00

    App passwords do not work if the accounts require modern auth or ( MFA)

    https://learn.microsoft.com/en-us/entra/identity/authentication/howto-mfa-app-passwords

    User's image

    0 comments
  2. Eric Nguyen 555 Reputation points Independent advisor
    2025-05-19T08:48:56.07+00:00

    Thank you for contacting Q&A Forum. I would like to provide my findings and proposed solution:  

    This error occurs because Microsoft’s security defaults block legacy authentication protocols like SMTP AUTH by default, even if SMTP is enabled on the user account. Since disabling security defaults or enabling conditional access policies is not an option, the recommended approach is to use modern authentication methods instead of app passwords and legacy protocols. For sending emails programmatically, consider switching to OAuth 2.0 authentication with Microsoft Graph API or using SMTP AUTH with multi-factor authentication (MFA) compliant methods, if supported. Alternatively, if the app supports it, migrate to using the Microsoft Graph API’s sendMail endpoint, which aligns with security defaults and modern auth. This approach avoids conflicts with security policies while maintaining strong security posture.  

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know. 

    Best regards, 

    Eric

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.