Introduction
Your LANIER scanner can be configured to use Office365 to send scans to email, you may find that unlike other SMTP providers, there are special caveats to setting up Office365.
Setting Up Scanning With Office 365 SMTP (LANIER)
Office365 and SMTP
The following article will first establish the 3 ways you can enable and/or obtain the SMTP settings and credentials required to connect your LANIER device to send emails with your Office365 or Microsoft365 accounts, then provide you with instructions on where to enter those settings on your LANIER device. If you already have your SMTP settings configured on your Office365 account, you can skip to setting up your LANIER device.
Prerequisites
- Office365, Microsoft365 subscription, or Exchange Online Plan.
- You have a scanner, and you want to email scanned documents to yourself or someone else.
- Your scanner supports TLS1.2 or newer.
- You have an email account you wish to send from (e.x. [email protected])
Obtaining Your SMTP Settings
Option 1:
Authenticate your device directly with a Microsoft365 or Office365 mailbox, and send mail using SMTP AUTH client submission
This option supports most usage scenarios and is the easiest to set up. Choose this option when:
- You want to send email from a third-party hosted application, service, or device.
- You want to send email to people inside and outside your organization.
To configure your device, connect directly to Microsoft365 or Office365 using the SMTP AUTH client submission endpoint smtp.office365.com.
Each device must be able to authenticate with Microsoft365 or Office365. The email address of the account that’s used to authenticate with Microsoft365 or Office365 will appear as the sender of messages from the device or application.
NOTE:This option is not compatible with Microsoft Security Defaults. We recommend using Modern Authentication when connecting with the service. Although SMTP AUTH now supports OAuth, most devices and clients have not been designed to use OAuth with SMTP AUTH. As a result, Microsoft says there are no plans to disable Basic Authentication for SMTP AUTH clients at this time. To find out more about OAuth, see Authenticate an IMAP, POP or SMTP connection using OAuth.
You must also verify that SMTP AUTH is enabled for the mailbox being used. SMTP AUTH is disabled for organizations created after January 2020 but can be enabled per-mailbox. For more information, see Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.
| Device or Application setting | Value |
|---|---|
| Server/smart host | smtp.office365.com |
| Port | Port 587 (recommended) or port 25 |
| TLS/StartTLS | Enabled |
| Username/email address and password | Enter the sign-in credentials of the hosted mailbox being used |
Features of SMTP AUTH client submission
- SMTP AUTH client submission allows you to send email to people in your organization and outside your company.
- This method bypasses most spam checks for email sent to people in your organization. This bypass can help protect your company IP addresses from being blocked by a spam list.
- With this method, you can send email from any location or IP address, including your (on-premises) organization’s network, or a third-party cloud hosting service, like Microsoft Azure.
Requirements for SMTP AUTH client submission
- Authentication: If possible, we recommend using Modern Authentication in the form of OAuth. Otherwise, you’ll need to use Basic Authentication (which is simply a username and password) to send email from the device or application. To find out more about OAuth, see Authenticate an IMAP, POP, or SMTP connection using OAuth. If SMTP AUTH is intentionally disabled for the organization or the mailbox being used, you must use Option 2 or 3 below.
- Mailbox: You must have a licensed Microsoft365 or Office365 mailbox to send email from.
- Transport Layer Security (TLS): Your device must be able to use TLS version 1.2 and above.
- Port: Port 587 (recommended) or port 25 is required and must be unblocked on your network. Some network firewalls or ISPs block ports, especially port 25, because that’s the port that email servers use to send mail.
- DNS: Use the DNS name smtp.office365.com. Do not use an IP address for the Microsoft365 or Office365 server, as IP Addresses are not supported.
Limitations of SMTP AUTH client submission
- You can only send from one email address unless your device can store login credentials for multiple Microsoft365 or Office365 mailboxes.
- Microsoft365 or Office365 imposes some sending limits. See Exchange Online limits – Receiving and sending limits for more information.
Option 2:
Send mail directly from your printer to Microsoft365 or Office365 (direct send)
Choose this option when:
- Your environment has SMTP AUTH disabled.
- SMTP client submission (Option 1) is not compatible with your business needs or with your device.
- You only need to send messages to recipients in your own organization who have mailboxes in Microsoft365 or Office365; you don’t need to send email to people outside of your organization.
Other scenarios when direct send may be your best choice:
- You want your device to send from each user’s email address and do not want each user’s mailbox credentials configured to use SMTP client submission. Direct send allows each user in your organization to send email using their own address.Avoid using a single mailbox with Send As permissions for all your users. This method is not supported because of complexity and potential issues.
- You want to send bulk email or newsletters. Microsoft365 or Office365 does not allow you to send bulk messages via SMTP client submission. Direct send allows you to send a high volume of messages.There is a risk of your email being marked as spam by Microsoft365 or Office365. You might want to enlist the help of a bulk email provider to assist you. For example, they’ll help you adhere to best practices, and can help ensure that your domains and IP addresses are not blocked by others on the internet.
Settings for direct send
Enter the following settings on the device or in the application directly.
| Device or application setting | Value |
|---|---|
| Server/smart host | Your MX endpoint, for example, domainname-com.mail.protection.outlook.com |
| Port | Port 25 |
| TLS/StartTLS | Optional |
| Email address | Any email address for one of your Microsoft365 or Office365 accepted domains. This email address does not need to have a mailbox. |
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:
| DNS entry | Value |
|---|---|
| SPF | v=spf1 ip4: include:spf.protection.outlook.com ~all |
Step-by-step instructions for direct send
- If your device or application can send from a static public IP address, obtain this IP address and make a note of it. You can share your static IP address with other devices and users, but don’t share the IP address with anyone outside of your company. Your device or application can send from a dynamic or shared IP address but messages are more prone to antispam filtering.
- Sign in to the Microsoft365 admin center.
- Go to Settings > Domains, select your domain (for example, domainname.com), and find the MX record.The MX record will have data for Points to address or value that looks similar to
domainname.mail.protection.outlook.com. - Make a note of the data of Points to address or value for the MX record, which we refer to as your MX endpoint.
- Go back to the device, and in the settings, under what would normally be called Server or Smart Host, enter the MX record Points to address or value you recorded in step 4.
NOTE:Do NOT use an IP address for the Microsoft365 or Office365 server connection, as IP addresses are not supported. - Now that you are done configuring your device settings, go to your domain registrar’s website to update your DNS records. Edit your sender policy framework (SPF) record. In the entry, include the IP address that you noted in step 1. The finished string looks similar to the following example:
v=spf1 ip4:10.5.3.2 include:spf.protection.outlook.com ~allwhere 10.5.3.2 is your public IP address.
CAUTION: This IP address will be authorized to send on your domain’s behalf. Anyone with access to it could send email to any external recipient and it would pass SPF checking. You should consider carefully who has access to use this IP address.NOTE: Skipping this step might cause email to be sent to recipient Junk Email folders. - To test the configuration, send a test email from your device or application, and confirm that the recipient received it.
Features of direct send
- Uses Microsoft365 or Office365 to send emails, but does not require a dedicated Microsoft365 or Office365 mailbox.
- Doesn’t require your device or application to have a static IP address. However, it is recommended for your device or application to have a static IP address, if possible.
- Doesn’t require your device to support TLS.
- Direct send has higher sending limits than SMTP client submission. Senders are not bound by the limits described in Option 1.
- Does not require a Microsoft365 or Office365 mailbox with a license.
Requirements for direct send
- Port: Port 25 is required and must be unblocked on your network.
- Static IP address is recommended: A static IP address is recommended so that an SPF record can be created for your domain. The SPF record helps avoid your messages being flagged as spam.
Limitations of direct send
- Direct send cannot be used to deliver email to external recipients, for example, recipients with Yahoo or Gmail addresses.
- Your messages will be subject to antispam checks.
- Sent mail might be disrupted if your IP addresses are blocked by a spam list.
- Microsoft365 and Office365 use throttling policies to protect the performance of the service.
Option 3:
Configure a connector to send mail using Microsoft365 or Office365 SMTP relay
This option is more difficult to implement than the others. Only choose this option when:
- Your environment has SMTP AUTH disabled, and cannot enable it.
- SMTP client submission (Option 1) is not compatible with your business needs or with your device
- You can’t use direct send (Option 2) because you must send email to external recipients.
SMTP relay lets Microsoft365 or Office365 relay emails on your behalf by using a connector that’s configured with your public IP address or a TLS certificate. Setting up a connector makes this option more complicated.
Settings for Microsoft365 or Office365 SMTP relay
| Device or application setting | Value |
|---|---|
| Server/smart host | Your MX endpoint, for example, yourdomain-com.mail.protection.outlook.com |
| Port | Port 25 |
| TLS/StartTLS | Enabled |
| Email address | Any email address in one of your Microsoft 365 or Office 365 verified domains. This email address does not need a mailbox. |
If you already have a connector that’s configured to deliver messages from your on-premises organization to Microsoft 365 or Office 365 (for example, a hybrid environment), you probably don’t need to create a dedicated connector for Microsoft 365 or Office 365 SMTP relay. If you need to create a connector, use the following settings to support this scenario:
| Connector setting | Value |
|---|---|
| From | Your organization’s email server |
| To | Microsoft 365 or Office 365 |
| Domain restrictions: IP address/range | Your on-premises IP address or address range that the device or application will use to connect to Microsoft 365 or Office 365 |
We recommend adding an SPF record to avoid having messages flagged as spam. If you are sending from a static IP address, add it to your SPF record in your domain registrar’s DNS settings as follows:
| DNS entry | Value |
|---|---|
| SPF | v=spf1 ip4:<Static IP Address> include:spf.protection.outlook.com ~all |
Step-by-step configuration instructions for SMTP relay
Due to the complex nature of this process, we recommend you visit Microsoft’s own documentation for instructions.
Compare the options
Here’s a comparison of each configuration option and the features they support.
| Features | SMTP client submission | Direct send | SMTP relay |
|---|---|---|---|
| Send to recipients in your domain(s) | Yes | Yes | Yes |
| Relay to internet via Microsoft365 or Office365 | Yes | No. Direct delivery only. | Yes |
| Bypasses antispam | Yes, if the mail is destined for one of your Microsoft365 or Office365 mailboxes. | No. Suspicious emails might be filtered. We recommend a custom Sender Policy Framework (SPF) record. | No. Suspicious emails might be filtered. We recommend a custom SPF record. |
| Supports mail sent from applications hosted by a third party | Yes | Yes. We recommend updating your SPF record to allow the third party to send as your domain. | No |
| Saves to Sent Items folder | Yes | No | No |
| Requirements | |||
| Open network port | Port 587 or port 25 | Port 25 | Port 25 |
| Device or application server must support TLS | Required | Optional | Optional |
| Requires authentication | Microsoft365 or Office365 username and password required | None | One or more static IP addresses. Your printer or the server running your LOB app must have a static IP address to use for authentication with Microsoft365 or Office365. |
Here are the limitations of each configuration option:
| Limitations | SMTP client submission | Direct send | SMTP relay |
|---|---|---|---|
| Throttling limits | 10,000 recipients per day. 30 messages per minute. | Standard throttling is in place to protect Microsoft365 or Office365. | Reasonable limits are imposed. The service can’t be used to send spam or bulk mail. For more information about reasonable limits, see High-risk delivery pool for outbound messages. |
Setting up your LANIER device
- The IP address is found on the display panel at the machine and is formatted something like: 192.168.0.136 where there are 4 sets of numbers separated by decimals. It can typically be found in the lower left or upper right corner of home screen and may be alternating with other information in that area of the screen.
- Access the web image monitor of your device by entering the IP address in a web browser.
- Click [Login] in the upper right of the browser and, assuming your machine is still set to the factory default credentials, login with the following – Username: admin Password: (none).
- Back on the main page, go to [Device Management] -> [Configuration].
- Look for the [SSL/TLS] option under [Security].
- Ensure that any options below TLS1.2 are inactive, you may find that SMTP with Office365 works without this setting change – as the device is intended to try the settings in decending order. However, a software bug can sometimes cause the versions to be tried in ascending order, resulting in Microsoft rejecting and subsequently blocking the connection.
- Back on the [Configuration] page, look for [Email] found under [Device Settings].
- Fill out the [Email] settings as follows based on your information:
- Administrator Email Address: this should match the email address you wish to mail from, and is used for the Auto Specify Sender Name setting in step 2, or the credentials for the account used must be able to send as this account.
- Auto Specify Sender Name: Should be set to On, with some older LANIER devices this option may only be available from the device control panel if not found here.
- SMTP Server Name: Unless otherwise specified in the option you’re using from above, this should be set to SMTP.OFFICE365.COM.
- SMTP Port No.: Unless otherwise specified in the option you’re using from above, this should be set to 587.
- Use Secure Connection (SSL) & SMTP Authentication: Unless otherwise specified in the option you’re using from above, these should both be set to On.
- SMTP Auth. Email Address & User Name Unless otherwise specified that Authentication is not needed in the option you’re using from above, these should both be set to the email address you wish to send from.
- SMTP Auth Password:Unless otherwise specified that Authentication is not needed in the option you’re using from above, set to the password for the email account you wish to send from.
NOTE: In the event that 2FA or MFA (Two-factor or Multi-Factor Authentication) are enabled on the sending account, you will likely need to create an App Password to use in place of the normal credentials. See More.
- Click [OK] once all settings have been entered. You may now use the scan to email feature.
Was this helpful?
Previous Article