Information
This policy setting configures the advertised and accepted authentication mechanisms for the receive connector.
The primary function of receive connectors in the transport service is to accept authenticated and encrypted Simple Mail Transfer Protocol (SMTP) connections from other transport services on the local Mailbox server or remote Mailbox servers in the organization.
Note: Some available values have dependencies and exclusions:
None is not compatible with other values.
BasicAuthRequireTLS requires BasicAuth and Tls.
ExternalAuthoritative can only be combined with Tls.
Tls is required when RequireTLS parameter is $true.
ExternalAuthoritative, requires PermissionGroups parameter to be ExchangeServers.
Rationale:
Configuring this setting enables the encryption of email between servers. This reduces the risk of eavesdropping, interception, and alteration of the email.
Impact:
There should be no impact to mail flow. If TLS connection is not established, BasicAuth will be used.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-ReceiveConnector -Identity <'IdentityName'> -AuthMechanism 'Tls, BasicAuth, BasicAuthRequireTLS'
Note: If more than one receive connector exists on the Edge Transport server, run this command to update all receive connectors.
Get-ReceiveConnector | Set-ReceiveConnector -AuthMechanism 'Tls, BasicAuth, BasicAuthRequireTLS'
Default Value:
N/A