SMTP with office365?

Disabling security defaults may no longer be necessary with MFA enforcement. If you enable and then enforce MFA on a M365 account, you can go to the account’s MFA setup page and add an app password to use and bypass MFA. I got it working with a M365 Business Basic-licensed user with MFA enforcement, SMTP AUTH, and security defaults all enabled. I just had to turn up the SMTP open and read timeouts with two additional lines. 30 may be excessive, but 5 was too little.

Working app.yml entry, as of September 2023:

  DISCOURSE_SMTP_ADDRESS: smtp.office365.com
  DISCOURSE_SMTP_PORT: 587
  DISCOURSE_SMTP_USER_NAME: user@domain.com
  DISCOURSE_SMTP_PASSWORD: whatever-your-app-password-is
  DISCOURSE_SMTP_AUTHENTICATION: login
  DISCOURSE_SMTP_ENABLE_START_TLS: true
  DISCOURSE_NOTIFICATION_EMAIL: user@domain.com
  DISCOURSE_SMTP_OPEN_TIMEOUT: 30
  DISCOURSE_SMTP_READ_TIMEOUT: 30