SMTP Disabled by Microsoft Admin

What this page is for

If WarmySender shows your Microsoft 365 mailbox with a yellow SMTP Disabled by Admin badge, this page explains why and what your administrator needs to do. No user-side action — password reset, app password, reconnect — will help. This is a tenant-level Microsoft policy that only an M365 administrator can change.

WarmySender is a 4-pillar outreach platform — Cold Emailing, Email Warmup, LinkedIn Outreach, and Multichannel sequences. This guide covers a Cold Emailing mailbox-health pattern: the M365 Security Defaults "SMTP AUTH disabled" scenario.

What this means

Your Microsoft 365 tenant has SMTP AUTH disabled at the tenant level. This is the default for all M365 tenants created after late 2022 as part of Microsoft Security Defaults. Until an admin opts in, the affected mailboxes cannot send email through any third-party tool that uses SMTP — including WarmySender, Outlook desktop in some configurations, scanners, multifunction printers, and monitoring software.

The error code Microsoft returns is 550 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. This is a Microsoft-side block, not a WarmySender bug. It affects every third-party tool that needs SMTP AUTH on the affected mailbox, not just WarmySender.

Changing your password, generating a new app password, or reconnecting the mailbox will not resolve this. The tenant-level switch must be flipped first by an administrator with Global Admin or Exchange Admin permissions.

How to verify

Before asking your admin to change anything, confirm this is the actual cause. Two reliable signals:

  1. The error message contains 5.7.139 or the phrase SmtpClientAuthentication is disabled for the Tenant. You will see this in the mailbox detail panel under Last error, or in the WarmySender notification email.
  2. The mailbox health badge reads SMTP Disabled by Admin with an amber tone. This is WarmySender's specific classification for the tenant-disabled case (separate from generic SMTP authentication failures, which show SMTP Auth Failed).

If both signals are present, forward this page to your M365 admin and follow the steps in the next section.

I already connected with Microsoft and still see this error

If you already clicked Connect with Microsoft and your mailbox now shows as OAuth connected but you're STILL seeing the SMTP Disabled by Admin badge, this is normal — and not a problem with the OAuth connection itself.

Microsoft's tenant-level Authenticated SMTP flag controls all SMTP sending — basic password, app password, AND the modern OAuth-secured path. Connecting with Microsoft authorizes WarmySender to send on your behalf using the secure path, but if your tenant has SMTP turned off, even the OAuth-secured path is blocked at Microsoft's gateway.

The fix is the same as for the password-based case: your M365 admin needs to enable Authenticated SMTP on your specific mailbox. The steps in the next section apply whether you connected with a password, an app password, or via Microsoft sign-in.

Once your admin enables Authenticated SMTP, click Test Connection on your mailbox detail page in WarmySender. We'll automatically resume your campaigns and warmup within seconds — you don't need to reconnect or re-sign-in.

Step-by-step fix for the M365 admin

These steps mirror what WarmySender's mailbox-health module shows in the in-app fix card. Forward this section to your administrator.

  1. Sign in to the Microsoft 365 Admin Center. Open admin.microsoft.com and authenticate with a Global Administrator or Exchange Administrator account. User Administrator alone is not sufficient for this change.
  2. Navigate: Users → Active Users → select the affected user → Mail tab → Manage Email Apps. The "Mail" tab is on the user's detail panel that opens when you click their name. "Manage Email Apps" is a small link in the right-hand action area.
  3. Tick Authenticated SMTP and click Save. The checkbox is usually the last item in the list, below IMAP, POP, MAPI, and Exchange Web Services. Saving this change does not affect any other email-app permissions.
  4. Wait at least one minute for propagation, then have the user reconnect in WarmySender. Microsoft usually propagates this change within 60 seconds. Some tenants take up to 30 minutes. If the first reconnect attempt still fails with 5.7.139, wait another 5–10 minutes and try again before assuming the change did not save.

Tenant-wide alternative: if you want to enable SMTP AUTH for many users at once, run the PowerShell command Set-TransportConfig -SmtpClientAuthenticationDisabled $false. We recommend the per-user path above instead — it keeps the tenant-level default disabled for security and only opens SMTP on the specific mailboxes that need it.

How to confirm the fix

Once your admin has saved the change:

  1. Open the affected mailbox in WarmySender (/mailboxes) and click Reconnect.
  2. The mailbox health badge will swap from SMTP Disabled by Admin to Connected within a few seconds if the tenant change has propagated.
  3. The first successful warmup or campaign send clears the sticky blocked health flag entirely. From that point on the badge stays green unless a new issue surfaces.

If the first reconnect attempt still fails after 30 minutes, ask your admin to verify the checkbox is actually saved (some browsers cache the previous state) and that they applied the change to the correct user account.

Frequently asked questions

I already connected with Microsoft — why doesn't it work?

Microsoft's tenant-level Authenticated SMTP setting controls all SMTP sending, including the OAuth path. Even after you click Connect with Microsoft, your admin still needs to enable Authenticated SMTP on your specific mailbox in the M365 Admin Center. The OAuth connection authorizes us to send on your behalf; the tenant flag controls whether sending is allowed at all. Once the admin enables it, click Test Connection on your mailbox in WarmySender and we'll resume sending within seconds — no re-sign-in needed.

Will changing my password fix this?

No. SMTP AUTH at the tenant level is independent of any single user's password. Until your admin enables "Authenticated SMTP" for your mailbox in the Microsoft 365 Admin Center, no password — old, new, app-password, or otherwise — will let WarmySender send through your account.

Is this a WarmySender problem or a Microsoft problem?

It is a Microsoft tenant configuration. Microsoft disabled SMTP AUTH by default for all new tenants in late 2022 as part of Security Defaults. The error code 5.7.139 you might see in logs is generated by Microsoft's servers, not by WarmySender. Every third-party tool that needs SMTP AUTH on your mailbox (Outlook desktop, multifunction printers, scanners, monitoring tools) is affected the same way.

Why does Microsoft disable SMTP AUTH by default?

Microsoft's stated reason is account security: SMTP AUTH is the most common credential-stuffing target on Microsoft 365 tenants. Disabling it by default forces tenants to opt in only for the specific users who need it. WarmySender uses SMTP AUTH because that is how outbound email is sent. There is no provider-side workaround that bypasses this requirement on Microsoft 365.

Can my admin enable SMTP for just my account, not the whole tenant?

Yes. The recommended path is per-user: M365 Admin Center → Active Users → select the specific user → Mail → Manage Email Apps → check 'Authenticated SMTP' → Save. This keeps the tenant-wide default disabled for security and only opens SMTP on the mailbox that needs it.

How fast does the change take effect?

Microsoft typically propagates the change within 60 seconds, but in rare cases it can take up to 30 minutes. After your admin saves, wait at least one minute, then click Reconnect on the mailbox in WarmySender. If the next test send still fails, wait another 5–10 minutes and try again before assuming the change did not save.

What if my admin refuses to enable SMTP AUTH?

If your organization's policy disallows SMTP AUTH, the cleanest path is to use a separate sending domain that you control (we recommend a dedicated send-only domain — see our cold-email setup guide). Alternatively, you can move the affected mailbox to a provider that does not gate SMTP AUTH (Gmail Workspace, Zoho, Fastmail). WarmySender supports all major providers.

Still stuck? Email hello@warmysender.com with the mailbox address and a screenshot of the M365 admin Email Apps panel — we'll help confirm whether the change saved correctly.