cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1014
Views
5
Helpful
5
Replies
Highlighted
VIP Advisor

ISE and SMTP to Office365

Hello

 

I have not installed ISE 2.7 yet but I believe that it allows authenticated SMTP - has anyone out there got it working with Office365?

Is it a general best practice to create a service account in O365 to allow ISE (or any on-prem device) to send mails ? 

 

We're still on ISE 2.4 because it's stable (warm and fuzzy) but I would like ISE to be able to send emails - we don't have an on-prem SMTP server and I don't want the hassle of building such a solution just for emails (low prio).

 

Arne

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Hi

Yes i have it configured use authentication and TLS connection.
I did some tests with my customer and it worked fine.
I always ask to create a dedicated account but can't confirm if it's a service account as I don't manage myself the O365 side.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

5 REPLIES 5
Highlighted
VIP Mentor

Hi

Yes i have it configured use authentication and TLS connection.
I did some tests with my customer and it worked fine.
I always ask to create a dedicated account but can't confirm if it's a service account as I don't manage myself the O365 side.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Highlighted

I did some more research and for Office365 there are some options/complications to allow this to work. In our case we could not use smtp://smtp.office365.com - since we have some security options configured, it turns out that I had to specify a different SMTP server, as shown in the dummy example below - I did a query for my mail domain and the MX record tells you which SMTP server(s) to use:

 

C:\Windows\system32>nslookup -q=mx somedomain.com.au

somedomain.com.au    MX preference = 5, mail exchanger = some-domain.mail.protection.outlook.com

I used port 25 and didn't use authentication or encryption - I was able to send an email to my gmail address as a test (by sending an email notification of a sponsored guest account - the test functionality in the Guest Portal didn't work for me at all) - ISE is still lacking a proper "Send a Test Email" feature, which should be on the same page as the SMTP config.

 

Highlighted

I agree. We can test the connection with o365 smtp and then generate alerts or use the guest portal to test emails

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted

Hi

I am not an O365 expert but as I understood ISE does not support service account authentication with an external/cloud SMTP server.

 

Are you using API calls from ISE? 

 

Could you provide some detail on how you resolved this ?

 

Many thanks.

Highlighted

Hi Scott

 

[Edit: 6 Aug 2020 - It turns out that if you want to send emails from ISE to Office/Microsoft365 then it's possible even in versions older than 2.7 - the key thing is to check your mx records in DNS and if you have a secure mx record, then simply paste that into the ISE SMTP field - I tested it just now in ISE 2.4 and it works great! Even using TCP/25 ]

 

ISE 2.7 is the first version of ISE that has better SMTP support. You can configure an external mail agent for auth and encryption, and you can specify the TCP port.

In my case I used ISE 2.7 patch 1 (which I had to delete because it constantly crashed on me) and then configured the SMTP server for the CORRECT office 365 mail address as per our MX record. You cannot send emails to smtp.outlook.com - use nslookup to find the MX record - in our case we have an MX record that points to the correct Mail Exchanger. e.g.

 

C:\Windows\system32>nslookup -q=mx somedomain.com.au

somedomain.com.au    MX preference = 5, mail exchanger = some-domain.mail.protection.outlook.com

 

I didn't use API's for this. I tested the sending of emails by configuring an alarm (e.g. Configuration Changed) to send an email when an ISE config change occured. That's a nice test, because you can find it easily and also change the FROM field.

Content for Community-Ad