The Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module) uses modern authentication and works with multi-factor authentication (MFA) for connecting to all Exchange-related PowerShell environments in Microsoft 365: Exchange Online PowerShell, Security & Compliance PowerShell, and standalone Exchange Online Protection (EOP) PowerShell.

This article describes the various kinds of mailbox permissions that can be granted and how those permissions are granted in Microsoft Exchange Online and in Microsoft Outlook in Microsoft Office 365. Get business-class email as either a standalone Exchange Online plan, or as part of a Microsoft 365 for business plan that includes Office apps and more. If you successfully connected to the account before, try to connect to it from another Exchange application, such as Outlook on the web. You can also check the status of the Exchange server by contacting your Exchange server administrator. Cause: Items from an Exchange. Exchange Online offers a web based email and calendaring client through the university's Office 365 subscription called Outlook on the web. If you have previous experience using Outlook, the new version will be familiar. For users newer to Outlook, we recommend visiting Microsoft's Getting Started guide for basic instructions.

-->

Important

Microsoft Exchange 365 Sign In

Mail flow rules are now available in the new Exchange Admin Center. Try it now!

Prerequisites: Office 365 or Microsoft 365 subscription, Exchange Online Plan

This article explains how you can send email from devices and business applications when all of your mailboxes are in Microsoft 365 or Office 365. For example:

  • You have a scanner, and you want to email scanned documents to yourself or someone else.

  • You have a line-of-business (LOB) application that manages appointments, and you want to email reminders to clients of their appointment time.

Option 1 (recommended): Authenticate your device or application directly with a Microsoft 365 or Office 365 mailbox, and send mail using SMTP AUTH client submission

Note

This option is not compatible with Microsoft Security Defaults or multi-factor authentication (MFA). If your environment uses Microsoft Security Defaults or MFA, we recommend using Option 2 or 3 below.

You must also verify that SMTP AUTH is enabled for the mailbox being used. For more information, see Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.

See Basic Authentication and Exchange Online for the latest announcements concerning this option..

This option supports most usage scenarios and it's the easiest to set up. Choose this option when:

  • You want to send email from a third-party hosted application, service, or device.

  • You want to send email to people inside and outside your organization.

To configure your device or application, connect directly to Microsoft 365 or Office 365 using the SMTP AUTH client submission endpoint smtp.office365.com.

Each device or application must be able to authenticate with Microsoft 365 or Office 365. The email address of the account that's used to authenticate with Microsoft 365 or Office 365 will appear as the sender of messages from the device or application.

How to set up SMTP AUTH client submission

Enter the following settings directly on your device or in the application as their guide instructs (it might use different terminology than this article). As long as your scenario meets the requirements for SMTP AUTH client submission, the following settings will enable you to send email from your device or application.

Device or Application settingValue
Server/smart hostsmtp.office365.com
PortPort 587 (recommended) or port 25
TLS/StartTLSEnabled
Username/email address and passwordEnter the sign in credentials of the hosted mailbox being used

TLS and other encryption options

Determine what version of TLS your device supports by checking the device guide or with the vendor. If your device or application does not support TLS 1.2 or above:

  • Use direct send (Option 2) or Microsoft 365 or Office 365 SMTP relay (Option 3) for sending mail instead (depending on your requirements).

  • Use an on-premises Exchange server (or another SMTP email server) if your device is unable to meet the previous requirements for connecting to Microsoft 365 or Office 365. In fact, you might find it easier to manage multiple devices and applications that send email messages in an on-premises Exchange server instead of connecting them all to Microsoft 365 or Office 365 directly. The Exchange server would relay messages in the same way that a device would use Microsoft 365 or Office 365 to relay messages using Option 3 below. You can find out more about configuring your own email server to send emails to Microsoft 365 or Office 365 here: Set up connectors to route mail between Microsoft 365 or Office 365 and your own email servers.

Note

If your device recommends or defaults to port 465, it does not support SMTP AUTH client submission.

How SMTP AUTH client submission works

The following diagram gives you a conceptual overview of what your environment will look like.

Features of SMTP AUTH client submission

  • SMTP AUTH client submission allows you to send email to people in your organization and outside your company.

  • This method bypasses most spam checks for email sent to people in your organization. This can help protect your company IP addresses from being blocked by a spam list.

  • With this method, you can send email from any location or IP address, including your (on-premises) organization's network, or a third-party cloud hosting service, like Microsoft Azure.

Requirements for SMTP AUTH client submission

  • Authentication: You must be able to configure a username and password to send email on the device. You cannot use Microsoft Security Defaults or multi-factor authentication (MFA), which disable basic authentication and are designed to protect your users from compromise. If your environment uses Microsoft Security Defaults or MFA, we recommend using Option 2 or 3 below.

  • Mailbox: You must have a licensed Microsoft 365 or Office 365 mailbox to send email from.

  • Transport Layer Security (TLS): Your device must be able to use TLS version 1.2 and above.

  • Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports, especially port 25.

  • DNS: You must use the DNS name smtp.office365.com. Do not use an IP address for the Microsoft 365 or Office 365 server, as IP Addresses are not supported.

Note

For information about TLS, see How Exchange Online uses TLS to secure email connections and for detailed technical information about how Exchange Online uses TLS with cipher suite ordering, see Enhancing mail flow security for Exchange Online.

Limitations of SMTP AUTH client submission

You can only send from one email address unless your device can store login credentials for multiple Microsoft 365 or Office 365 mailboxes. Microsoft 365 or Office 365 imposes a limit of 30 messages sent per minute, and a limit of 10,000 recipients per day.

Option 2: Send mail directly from your printer or application to Microsoft 365 or Office 365 (direct send)

Choose this option when:

  • Your environment uses Microsoft Security Defaults or multi-factor authentication (MFA).

  • SMTP client submission (Option 1) is not compatible with your business needs or with your device.

  • You only need to send messages to recipients in your own organization who have mailboxes in Microsoft 365 or Office 365; you don't need to send email to people outside of your organization.

Other scenarios when direct send may be your best choice:

  • You want your device or application to send from each user's email address and do not want each user's mailbox credentials configured to use SMTP client submission. Direct send allows each user in your organization to send email using their own address.

    Avoid using a single mailbox with Send As permissions for all your users. This method is not supported because of complexity and potential issues.

  • You want to send bulk email or newsletters. Microsoft 365 or Office 365 does not allow you to do this via SMTP client submission. Direct send allows you to send a high volume of messages.

    Note that there is a risk of your email being marked as spam by Microsoft 365 or Office 365. You might want to enlist the help of a bulk email provider to assist you. For example, they'll help you adhere to best practices, and can help ensure that your domains and IP addresses are not blocked by others on the internet.

Settings for direct send

Enter the following settings on the device or in the application directly.

Device or application settingValue
Server/smart hostYour MX endpoint, for example, contoso-com.mail.protection.outlook.com
PortPort 25
TLS/StartTLSEnabled
Email addressAny email address for one of your Microsoft 365 or Office 365 accepted domains. This email address does not need to have a mailbox.

We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar's DNS settings as follows:

DNS entryValue
SPFv=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all

Step-by-step instructions for direct send

  1. If your device or application can send from a static public IP address, obtain this IP address and make a note of it. You can share your static IP address with other devices and users, but don't share the IP address with anyone outside of your company. Your device or application can send from a dynamic or shared IP address but messages are more prone to antispam filtering.

  2. Sign in to the Microsoft 365 admin center.

  3. Go to Settings > Domains, select your domain (for example, contoso.com), and find the MX record.

    The MX record will have a Points to address or value value that looks similar to contoso-com.mail.protection.outlook.com.

  4. Make a note of the MX record Points to address or value value, which we refer to as your MX endpoint.

  5. Go back to the device, and in the settings, under what would normally be called Server or Smart Host, enter the MX record POINTS TO ADDRESS value you recorded in step 4.

    Note

    Do NOT use an IP address for the Microsoft 365 or Office 365 server connection, as IP addresses are not supported.

  6. Now that you are done configuring your device settings, go to your domain registrar's website to update your DNS records. Edit your sender policy framework (SPF) record. In the entry, include the IP address that you noted in step 1. The finished string looks similar to this:

    v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all

    where 10.5.3.2 is your public IP address.

    Note

    Skipping this step might cause email to be sent to recipients' junk mail folders.

  7. To test the configuration, send a test email from your device or application, and confirm that the recipient received it.

How direct send works

In the following diagram, the application or device in your organization's network uses direct send and your Microsoft 365 or Office 365 mail exchange (MX) endpoint to email recipients in your organization. It's easy to find your MX endpoint in Microsoft 365 or Office 365 if you need to look it up.

You can configure your device to send email direct to Microsoft 365 or Office 365. Use direct send to relay email to recipients with Microsoft 365 or Office 365 mailboxes in your organization. Direct send also works for external recipients with mailboxes in Microsoft 365 or Office 365. If your device uses direct send to try to relay an email for a recipient who doesn't have a Microsoft 365 or Office 365 mailbox, the email will be rejected.

Note

If your device or application has the ability to act as a email server to deliver messages to Microsoft 365 or Microsoft 365 or Office 365 as well as other email providers, there are no Microsoft 365 or Office 365 settings needed for this scenario. Consult your device or application instructions for more information.

Features of direct send

  • Uses Microsoft 365 or Office 365 to send emails, but does not require a dedicated Microsoft 365 or Office 365 mailbox.

  • Doesn't require your device or application to have a static IP address. However, this is recommended if possible.

  • Doesn't work with a connector; never configure a device to use a connector with direct send, this can cause problems.

  • Doesn't require your device to support TLS.

Direct send has higher sending limits than SMTP client submission. Senders are not bound by the 30 messages per minute or 10,000 recipients per day limit.

Requirements for direct send

  • Port: Port 25 is required and must be unblocked on your network.

  • Static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. This helps avoid your messages being flagged as spam.

  • Does not require a Microsoft 365 or Office 365 mailbox with a license.

Limitations of direct send

  • Direct send cannot be used to deliver email to external recipients, for example, recipients with Yahoo or Gmail addresses.

  • Your messages will be subject to antispam checks.

  • Sent mail might be disrupted if your IP addresses are blocked by a spam list.

  • Microsoft 365 and Office 365 use throttling policies to protect the performance of the service.

Option 3: Configure a connector to send mail using Microsoft 365 or Office 365 SMTP relay

This option is more difficult to implement than the others. Only choose this option when:

  • Your environment uses Microsoft Security Defaults or multi-factor authentication (MFA).

  • SMTP client submission (Option 1) is not compatible with your business needs or with your device

  • You can't use direct send (Option 2) because you must send email to external recipients.

SMTP relay lets Microsoft 365 or Office 365 relay emails on your behalf by using a connector that's configured with your public IP address or a TLS certificate. Setting up a connector makes this a more complicated option.

Settings for Microsoft 365 or Office 365 SMTP relay

Device or application settingValue
Server/smart hostYour MX endpoint, for example, yourdomain-com.mail.protection.outlook.com
PortPort 25
TLS/StartTLSEnabled
Email addressAny email address in one of your Microsoft 365 or Office 365 verified domains. This email address does not need a mailbox.

If you already have a connector that's configured to deliver messages from your on-premises organization to Microsoft 365 or Office 365 (for example, a hybrid environment), you probably don't need to create a dedicated connector for Microsoft 365 or Office 365 SMTP relay. If you need to create a connector, use the following settings to support this scenario:

Connector settingValue
FromYour organization's email server
ToMicrosoft 365 or Office 365
Domain restrictions: IP address/rangeYour on-premises IP address or address range that the device or application will use to connect to Microsoft 365 or Office 365

We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar's DNS settings as follows:

DNS entryValue
SPFv=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all

Step-by-step configuration instructions for SMTP relay

  1. Obtain the public (static) IP address that the device or application with send from. A dynamic IP address isn't supported or allowed. You can share your static IP address with other devices and users, but don't share the IP address with anyone outside of your company. Make a note of this IP address for later.

  2. Sign in to the Microsoft 365 admin center.

  3. Go to Settings > Domains, select your domain (for example, contoso.com), and find the MX record.

    The MX record will have a Points to address or value value that looks similar to contoso-com.mail.protection.outlook.com.

  4. Make a note of the MX record Points to address or value value, which we refer to as your MX endpoint.

  5. Check that the domains that the application or device will send to have been verified. If the domain is not verified, emails could be lost, and you won't be able to track them with the Exchange Online message trace tool.

  6. In Microsoft 365 or Office 365, select Admin and then Exchange to go to the Exchange admin center.

  7. In the Exchange admin center, go to Mail flow > Connectors.

  8. Check the list of connectors set up for your organization. If there is no connector listed from your organization's email server to Microsoft 365 or Office 365, create one:

    a. To start the wizard, click the plus symbol +.

    b. On the first screen, choose the options that are depicted in the following screenshot:

    c. Click Next, and give the connector a name.

    d. On the next screen, choose the option By verifying that the IP address of the sending server matches one of these IP addresses that belong to your organization, and add the IP address from step 1.

    e. Leave all the other fields with their default values, and select Save.

  9. Now that you are done with configuring your Microsoft 365 or Office 365 settings, go to your domain registrar's website to update your DNS records. Edit your SPF record. Include the IP address that you noted in step 1. The finished string should look similar to this v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~all, where 10.5.3.2 is your public IP address. Skipping this step can cause email to be sent to recipients' junk mail folders.

  10. Now, go back to the device, and in the settings, find the entry for Server or Smart Host, and enter the MX record POINTS TO ADDRESS value that you recorded in step 3.

  11. To test the configuration, send a test email from your device or application, and confirm that it was received by the recipient.

Configure a certificate-based connector to relay email through Microsoft 365 or Office 365

If your devices or applications are capable of using a certificate for mail flow, you can configure a certificate-based connector to relay email through Microsoft 365 or Office 365.

To do this, verify the subject name on the certificate used by the sending device or application. The common name (CN) or subject alternative name (SAN) in the certificate should contain a domain name that you have registered in Microsoft 365 or Office 365. Also, you must create a certificate-based connector in Microsoft 365 or Office 365 with this same domain name to accept and relay emails coming from these devices, applications, or any other on-premises server. For more information about this method, see important notice for email customers who have configured connectors.

How Microsoft 365 or Office 365 SMTP relay works

In the following diagram, the application or device in your organization's network uses a connector for SMTP relay to email recipients in your organization.

  • The Microsoft 365 or Office 365 connector that you configure authenticates your device or application with Microsoft 365 or Office 365 using an IP address. Your device or application can send email using any address (including ones that can't receive mail), as long as the address uses one of your domains. The email address doesn't need to be associated with an actual mailbox. For example, if your domain is contoso.com, you could send from an address like do_not_reply@contoso.com.

  • Microsoft 365 or Office 365 SMTP relay uses a connector to authenticate the mail sent from your device or application. This allows Microsoft 365 or Office 365 to relay those messages to your own mailboxes and external recipients. Microsoft 365 or Office 365 SMTP relay is similar to direct send except that it can send mail to external recipients.

  • Due to the added complexity of configuring a connector, direct send is recommended over Microsoft 365 or Office 365 SMTP relay, unless you must send email to external recipients. To send email using Microsoft 365 or Office 365 SMTP relay, your device or application server must have a static IP address or address range. You can't use SMTP relay to send email directly to Microsoft 365 or Office 365 from a third-party hosted service, such as Microsoft Azure. For more information, see Troubleshoot outbound SMTP connectivity issues in Azure.

Features of Microsoft 365 or Office 365 SMTP relay

  • Microsoft 365 or Office 365 SMTP relay does not require the use of a licensed Microsoft 365 or Office 365 mailbox to send emails.

  • Microsoft 365 or Office 365 SMTP relay has higher sending limits than SMTP client submission; senders are not bound by the 30 messages per minute or 10,000 recipients per day limits.

Requirements for Microsoft 365 or Office 365 SMTP relay

  • Static IP address or address range: Most devices or applications are unable to use a certificate for authentication. To authenticate your device or application, use one or more static IP addresses that are not shared with another organization.

  • Connector: You must set up a connector in Exchange Online for email sent from your device or application.

  • Port: Port 25 is required and must not be blocked on your network or by your ISP.

  • Licensing: SMTP relay doesn't use a specific Microsoft 365 or Office 365 mailbox to send email. This means that users must have their own licenses if they send email from devices or applications that are configured for SMTP relay. If you have senders who use a device or LOB application and those senders do not have Microsoft 365 or Office 365 mailbox licenses, obtain and assign an Exchange Online Protection license to each unlicensed sender. This is the least expensive license that allows you to send email via Microsoft 365 or Office 365.

Limitations of Microsoft 365 or Office 365 SMTP relay

  • Sent mail can be disrupted if your IP addresses are blocked by a spam list.

  • Reasonable limits are imposed for sending. For more information, see High-risk delivery pool for outbound messages.

  • Requires static unshared IP addresses (unless a certificate is used).

Compare the options

Here's a comparison of each configuration option and the features they support.

FeaturesSMTP client submissionDirect sendSMTP relay
Send to recipients in your domain(s)YesYesYes
Relay to internet via Microsoft 365 or Office 365YesNo. Direct delivery only.Yes
Bypasses antispamYes, if the mail is destined for one of your Microsoft 365 or Office 365 mailboxes.No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record.No. Suspicious emails might be filtered. We recommend a custom SPF record.
Supports mail sent from applications hosted by a third partyYesYes. We recommend updating your SPF record to allow the third party to send as your domain.No
Saves to Sent Items folderYesNoNo
Requirements
Open network portPort 587 or port 25Port 25Port 25
Device or application server must support TLSRequiredOptionalOptional
Requires authenticationMicrosoft 365 or Office 365 username and password requiredNoneOne or more static IP addresses. Your printer or the server running your LOB app must have a static IP address to use for authentication with Microsoft 365 or Office 365.
LimitationsSMTP client submissionDirect sendSMTP relay
Throttling limits10,000 recipients per day. 30 messages per minute.Standard throttling is in place to protect Microsoft 365 or Office 365.Reasonable limits are imposed. The service can't be used to send spam or bulk mail. For more information about reasonable limits, see High-risk delivery pool for outbound messages.

Use your own email server to send email from multifunction devices and applications

Office 365 Exchange Email

If you happen to have an on-premises email server, you should seriously consider using that server for SMTP relay instead of Microsoft 365 or Office 365. A local email server that you have physical access to is much easier to configure for SMTP relay by devices and applications on your local network. The details about how to do this depend on your on-premises email server. For Exchange Server, see the following articles:

Related articles

-->

This topic describes how to configure server-based authentication between Dynamics 365 (on-premises) and Exchange Online. The diagram below illustrates the communication between Dynamics 365 (on-premises), Azure Active Directory, and Exchange Online.

Permissions required

Microsoft Dynamics 365

  • System Administrator security role.
  • If you are using a self-signed certificate for evaluation purposes, you must have local Administrators group membership on the computer where Microsoft Dynamics 365 Server is running.
  • The account that you use to sign in to the CRM deployment servers must have full local administrator rights.

Exchange Online

  • Office 365 Global Administrators membership. This is required for administrative-level access to the Office 365 subscription and to run the Microsoft AzurePowerShell cmdlets.

Important

In this deployment, the Dynamics 365 administrator can approve mailboxes.

Set up server-based authentication with Microsoft Dynamics 365 and Exchange Online

Follow the steps in the order provided to set up Dynamics 365 (on-premises) with Exchange Online.

Important

Admin

The steps described here must be completed in the order provided. If a task is not completed, such as a Windows PowerShell command that returns an error message, the issue must be resolved before you continue to the next command, task, or step.

Verify prerequisites

Before you configure Dynamics 365 (on-premises) and Exchange Online for server-based authentication, the following prerequisites must be met:

Exchange 365 whitelist
  • The Dynamics 365 (on-premises) deployment must already be configured and available through the Internet. More information: Configure IFD for Dynamics 365 Customer Engagement (on-premises)
  • Microsoft Dynamics 365 Hybrid Connector. The Microsoft Dynamics 365 Hybrid Connector is a free connector that lets you use server-based authentication with Microsoft Dynamics 365 (on-premises) and Exchange Online. More information: Microsoft Dynamics 365 Hybrid Connector
  • An x509 digital certificate issued by a trusted certificate authority that will be used to authenticate between Dynamics 365 (on-premises) and Exchange Online. If you are evaluating server-based authentication, you can use a self-signed certificate.
  • Verify that all servers that run the Asynchronous Processing Service have the certificate that is used for Server-to-Server authentication.
  • Verify that the account that runs the Asynchronous Processing Service has read access for the certificate.

The following software features are required to run the Windows PowerShell cmdlets described in this topic:

Configure server-based authentication

  1. On the Microsoft Dynamics 365 Server where the deployment tools server role is running, start the Azure Active Directory Module for Windows PowerShell.

  2. Prepare the certificate.

    Change the directory to the location of the CertificateReconfiguration.ps1 file (by default it is C:Program FilesMicrosoft Dynamics CRMTool).

  1. Prepare the Windows PowerShell session.

    The following cmdlets enable the computer to receive remote commands and add Office 365 modules to the Windows PowerShell session. For more information about these cmdlets see Windows PowerShell Core Cmdlets.

  1. Connect to Office 365.

    When you run the Connect-MsolService command, you must provide a valid Microsoft account that has Office 365 Global Administrator membership for the Exchange Online license that is required.For detailed information about each of the Azure Active Directory PowerShell commands listed here, see MSDN: Manage Azure AD using Windows PowerShell.

  1. Set the certificate.
  1. Set the Azure Active Directory Service Principal Name (SPN) in Exchange Online.

    Replace *.contoso.com with the domain name where Microsoft Dynamics 365 Server is located.

  1. Configure the Microsoft Dynamics 365 Server for server-based authentication with Exchange.

Set the Exchange Online tenant ID

  1. In the Azure Active Directory module for Windows PowerShell shell, run the following commands.
  1. Copy the GUID that is displayed to the clipboard.

  2. Update S2STenantId for the organization by running these commands, where OrganizationName is the unique name of the organization.

Error received during enable server-based authentication wizard

Error: Failed Authentication. This error can be returned when the certificate used for server-to-server authentication is missing or invalid. To resolve, update or install the certificate and try again.

Create an email server profile

365
  1. Go to Settings > Email Configuration > Email Server Profiles.
  2. Select New > Exchange Online (Hybrid).
  3. For an Exchange email server profile, specify the following details.
FieldsDescription
NameSpecify a meaningful name for the profile.
DescriptionType a short description about the objective of the email server profile.
Server TypePre-populated with Exchange Online (Hybrid).
OwnerPre-populated with the name of the owner of the email server profile.
Use Default Tenant IDIf you've used the PowerShell commands above to set the Exchange Online tenant ID (recommended), select Yes to use that ID. If you set this to No, you must specify the Exchange Online tenant ID manually (not recommended!).
Exchange Online Tenant IDIf you've used the PowerShell commands above to set the Exchange Online tenant ID (recommended), the ID is pre-populated in this field.
Auto Discover Server LocationPre-populated with the Exchange Online URL. Select Yes (recommended), if you want to use the auto discover service to determine the server location. If you set this to No, you must specify the email server location manually.
Incoming Server Location and Outgoing Server LocationIf you select No in Auto Discover Server Location, enter a URL for Incoming Server Location and Outgoing Server Location.
Additional Settings
Process Email FromSelect a date and time. Email received after the date and time will be processed by server-side synchronization for all mailboxes associated with this profile. If you set a value less than the current date, the change will be applied to all newly associated mailboxes and their earlier processed emails will be pulled.
Minimum Polling Intervals in Minutes
Row12Type the minimum polling interval, in minutes, for mailboxes that are associated with this email server profile. The polling interval determines how often server-side synchronization polls your mailboxes for new email messages.
Move Failed Emails to Undeliverable FolderTo move the undelivered email to the Undeliverable folder, select Yes. If there’s an error in tracking email messages in Dynamics 365 as email activities, and if this option is set to Yes, the email message will be moved to the Undeliverable folder.
  1. Select Save.
  2. Select Test Connection and review the results. To diagnose issues, see the following section.

Troubleshoot the Exchange Online (Hybrid) profile connection

If you’ve run Test Connection and have issues with the Exchange Online (Hybrid) profile connection, use the information in the Test Connection dialog box to diagnose and fix the connection.

You can find information on recurring issues and other troubleshooting information in Blog: Test and Enable Mailboxes in Microsoft Dynamics CRM 2015 and Troubleshooting and monitoring server-side synchronization.

Configure default email processing and synchronization

Set server-side synchronization to be the default configuration method.

  1. Go to Settings > Email Configuration > Email Configuration Settings.
  2. Set the processing and synchronization fields as follows:
  • Server Profile: The profile you created in the above section.
  • Incoming Email: Server-Side Synchronization or Email Router
  • Outgoing Email: Server-Side Synchronization or Email Router
  • Appointments, Contacts, and Tasks: Server-Side Synchronization or Email Router

Note

If your users primarily use Dynamics 365 for Outlook on their desktop computers, Microsoft Dynamics 365 for Outlook might be a better choice.

If you leave the Email processing form unapproved user and queues at the default values (selected), you will need to approve emails and queues for user mailboxes as directed below in Approve Email.

  1. Select OK.

Configure mailboxes

Exchange

To set mailboxes to use the default profile, you must first set the Server Profile and the delivery method for email, appointments, contacts, and tasks.

In addition to administrator permissions, you must have Read and Write privileges on the Mailbox entity to set the delivery method for the mailbox.

Select one of the following methods:

Edit mailboxes to set the profile and delivery methods

  1. Go to Settings > Email Configuration > Mailboxes.
  2. Select Active Mailboxes.
  3. Select the mailboxes that you want to configure, and then select Edit.
  4. In the Change Multiple Records form, under Synchronization Method, set Server Profile to the Exchange Server profile you created earlier.
  5. Set Incoming and OutgoingEmail to Server-Side Synchronization or Email Router.
  6. Set Appointments, Contacts, and Tasks to Server-Side Synchronization.

Note

If your users primarily use Dynamics 365 for Outlook on their desktop computers, Microsoft Dynamics 365 for Outlook might be a better choice.

  1. Select Change.

Approve email

You need to approve each user mailbox or queue before that mailbox can process email.

Exchange
  1. Go to Settings > Email Configuration > Mailboxes.
  2. Select Active Mailboxes.
  3. Select the mailboxes that you want to approve, and then select More Commands (…) > Approve Email.
  4. Select OK.

Test configuration of mailboxes

  1. Go to Settings > Email Configuration > Mailboxes.
  2. Select Active Mailboxes.
  3. Select the mailboxes you want to test, and then select Test & Enable Mailboxes.

This tests the incoming and outgoing email configuration of the selected mailboxes and enables them for email processing. If an error occurs in a mailbox, an alert is shown on the Alerts wall of the mailbox and the profile owner. Depending on the nature of the error, Microsoft Dynamics 365 tries to process the email again after some time or disables the mailbox for email processing.

The result of the email configuration test is displayed in the Incoming Email Status, Outgoing Email Status, and Appointments, Contacts, and Tasks Status fields of a mailbox record. An alert is also generated when the configuration is successfully completed for a mailbox. This alert is shown to the mailbox owner.

Tip

If you’re unable to synchronize contacts, appointments, and tasks for a mailbox, you may want to select the Sync items with Exchange from this Dynamics 365 org only, even if Exchange was set to sync with a different org check box. Read more about this check box.

Test email configuration for all mailboxes associated with an email server profile

  1. Go to Settings > Email Configuration > Email Server Profiles.
  2. Select the profile you created, and then select Test & Enable Mailboxes.

When you test the email configuration, an asynchronous job runs in the background. It may take a few minutes for the test to be completed. Microsoft Dynamics 365 tests the email configuration of all the mailboxes associated with the Exchange Server profile. For the mailboxes configured with server-side synchronization for synchronizing appointments, tasks, and contacts, it also checks to make sure they’re configured properly.

Tip

If you’re unable to synchronize contacts, appointments, and tasks for a mailbox, you may want to select the Sync items with Exchange from this Dynamics 365 org only, even if Exchange was set to sync with a different org check box. Read more about this check box.

See also

Server-side synchronization
Troubleshooting and monitoring server-side synchronization

Note

Can you tell us about your documentation language preferences? Take a short survey.

The survey will take about seven minutes. No personal data is collected (privacy statement).