Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Setting outlook.com as SMTP server for Splunk

phamanh1652
Path Finder
‎03-09-2025 08:41 PM

Hello All,

My company is using Outlook (M365 Business Standard). I want to use this Outlook as SMTP server for Splunk. Here is the information for Outlook. POP, IMAP, and SMTP settings for Outlook.com - Microsoft Support

SMTP server name

smtp-mail.outlook.com

SMTP port

587

SMTP encryption

STARTTLS

Authentication Method

OAuth2/Modern Auth

As this link from Microsoft, How to set up a multifunction device or application to send email using Microsoft 365 or Office 365 ...

Client SMTP submission using Basic authentication in Exchange Online is scheduled for deprecation in September 2025. And for replacement, High Volume Email for Microsoft 365 is a suitable option, but it relates app password and token, which is not supported in Server settings > Email settings in Splunk.

phamanh1652_0-1741577564229.png

Does Splunk support SMTP server using outlook.com? Could anyone please provide guide for using outlook.com as SMTP server?
FYI: Splunk Enterprise, Version: 9.1.0.2

And if we use Splunk Cloud, is it easier for using outlook.com as SMTP server?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

livehybrid
SplunkTrust
SplunkTrust
‎03-13-2025 01:46 AM

Hi @phamanh1652 

Splunk Cloud has the same SMTP authentication limitations as Splunk Enterprise. Moving to Splunk Cloud would not solve this particular authentication challenge. Infact, it currently isnt possible to configure your own SMTP server in Splunk Cloud - it cannot be changed.

In terms of the app password / token - Unfortunately this is a change by Microsoft which is a non-standard SMTP implementation. Splunk does not currently support this approach. There are a couple of options here, post-September you may need to use a customised Alert Action to send emails for you using the Office365 API, however this will only work for alerts - it wouldnt work for things like automatic PDF emailing etc.

Another options is to use an external SMTP service or relay service such as SMTP2Go.

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

View solution in original post

Reply
Solved! Jump to solution
Solution

livehybrid
SplunkTrust
SplunkTrust
‎03-13-2025 01:46 AM

Hi @phamanh1652 

Splunk Cloud has the same SMTP authentication limitations as Splunk Enterprise. Moving to Splunk Cloud would not solve this particular authentication challenge. Infact, it currently isnt possible to configure your own SMTP server in Splunk Cloud - it cannot be changed.

In terms of the app password / token - Unfortunately this is a change by Microsoft which is a non-standard SMTP implementation. Splunk does not currently support this approach. There are a couple of options here, post-September you may need to use a customised Alert Action to send emails for you using the Office365 API, however this will only work for alerts - it wouldnt work for things like automatic PDF emailing etc.

Another options is to use an external SMTP service or relay service such as SMTP2Go.

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

 Are you ready to revolutionize your IT operations? As digital transformation accelerates, the demand for ...

Calling All Security Pros: Ready to Race Through Boston?

Hey Splunkers, .conf25 is heading to Boston and we’re kicking things off with something bold, competitive, and ...

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Financial services organizations face an impossible equation: maintain 99.9% uptime for mission-critical ...