Office 365 direct email from Dynamics GP:
issue anticipated for 2022

Important Client Notice: ANTICIPATED 2022, Dynamics GP issue with Office 365 (and resolution) for sending emails

November 2021: Our team at GP Support North / Endeavour Solutions has a forward looking perspective (based on a preliminary change, tested and launched by Microsoft, and since rolled-back).  There are some soon-to-be permanent security changes by Microsoft that will stop emails from being sent via Office 365 in certain situations from Dynamics GP and related components including Microsoft SQL Server, while using Office 365.

These are affecting clients with the following:

  • Clients using Microsoft Dynamics GP (Great Plains) 18.2 and older
    (GP 2010, GP 2013, GP 2015, GP 2016, GP 2018, GP 18.1 and GP 18.2)
    • ONLY those users who are sending email from Dynamics GP – for example, automated or user-driven invoices, workflow approval notifications, EFT remittance notices, sales documents, POs, and other will be affected;
      AND your email is hosted in Microsoft Office 365 and connected via TLS 1.0.

    Those who have upgraded to Dynamics GP 18.3 (GP 2021) or Dynamics GP 18.4 (GP 2022) are not impacted as each support the TLS 1.2 security standards.

Great Plains strategy consulting Dynamics GP modules illustration

What will be causing emails not to send? How to fix GP email?

The main cause of concern is the anticipation of Dynamics GP not being able to send emails via Microsoft Office 365 (Outlook) is an update in the security parameters for Microsoft365 / Office 365 (Cloud email) and Exchange Online is phasing out the encryption protocols SSL 2.0, TLS 1.0 and TLS 1.1, and replacing with the newer and more secure TLS 1.2 . Microsoft Announcement

The TLS 1.2 encryption (similar to computer to computer authentication) will prevent a known security limitation that could allow hackers to gain access to the Office 365 Admin Panel.  This is NOT a Dynamics GP security issue and will not expose GP, but rather is an emerging security requirement of Office 365, for which older versions of GP that use TLS 1.0, do not recognize the newer TLS 1.2 standard.   Microsoft may release a GP update in the future, but at this time, none has been announced beyond providing the Dynamics GP 18.3 and 18.4 updates.

Options to restore the proper functioning of email via Dynamics GP:

1. Upgrade Option: an Upgrade to Dynamics GP 18.3 (GP 2021) or Dynamics GP 18.4 (GP 2022) will resolve the security issue and thus allow Dynamics GP to send emails through Office 365. GP upgrade.

Microsoft GP Blog Post on Nov 8, 2021:  recommended resolution is to upgrade to Dynamics GP 18.3 or 18.4
- https://docs.microsoft.com/en-us/dynamics-gp/installation/email-troubleshooting-guide

2. Security Option: There is an ‘unsupported work-around’ that will allow emails to work, but it requires a downgrade of security settings. This should be considered a temporary fix, both for associated security risks, as well as the risk that TBD future Microsoft Windows updates may force additional security settings, thus stopping the ability for this work-around to allow GP to send emails via Office 365.

3. Change eMail Option: An alternate approach to the above is to review options (via our Support Desk) to implement other means of sending emails. Options include: non-Microsoft email applications, other 3rd party applications, or the introduction of new manual or automated processes for sending emails associated with Dynamics GP.

Microsoft Notices for Office 365 (note that GP is not mentioned as this is a scheduled Office 365 security change)

Microsoft Announcement - https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/opt-in-exchange-online-endpoint-for-legacy-tls-using-smtp-auth

MICROSOFT: Exchange Online no longer supports use of TLS1.0 and TLS1.1 in the service as of October 2020. This change is due to security and compliance requirements for our service. While no longer supported, our servers still allow clients to use those older versions of TLS when connecting to the SMTP AUTH endpoint (smtp.office365.com).

MICROSOFT: In 2022, we plan to completely disable those older TLS versions to secure our customers and meet those security and compliance requirements. However, due to significant usage, we've created an opt in endpoint that legacy clients can use with TLS1.0 and TLS1.1.

MICROSOFT: Note that this endpoint is not available in GCC (USA Government Community Cloud), GCC-High, or DoD (USA Dept. of Defense) environments that "already" have legacy TLS 1.1 permanently turned off.

Received via email by your Microsoft 365 / Office 365 administrators 

MICROSOFT: Reminder: Disabling TLS 1.0 and TLS 1.1 in Microsoft 365  

MICROSOFT: MC240160 This message post is a reminder of the ongoing progress of retiring TLS 1.0 and TLS 1.1 protocols in Microsoft 365. 
As previously communicated (MC126199 in Dec 2017, MC128929 in Feb 2018, MC186827 in July 2019, and MC218794 in July 2020), we are moving all our online services to Transport Layer Security (TLS) 1.2+ to provide best in class encryption, and to ensure our services is more secure by default. The changes to enforce TLS1.2+ in our service started on October 15, 2020 and will continue to propagate through all Microsoft 365 environments for the next few months.
If you have not taken steps to prepare for this change, your connectivity to Microsoft 365 might be impacted.

Microsoft Blog Post Tech Community - https://techcommunity.microsoft.com/t5/exchange-team-blog/new-opt-in-endpoint-available-for-smtp-auth-clients-still/ba-p/2659652

MICROSOFT: We are fully aware that many customers will not have noticed the multiple Message Center posts and blog posts, and are not aware of clients or devices that are still using TLS1.0 to submit messages. With this in mind, starting in September 2021, we will reject a small percentage of connections that use TLS1.0 for SMTP AUTH. Clients should retry as with any other temporary errors that can occur during submission. Over time we will increase the percentage of rejected connections, causing delays in sending that more and more customers should notice.

The error will be:  
421 4.7.66 TLS 1.0 and 1.1 are not supported. Please upgrade/update your client to support TLS 1.2. Visit https://aka.ms/smtp_auth_tls.

or

Action required: Review your Azure Services Certificate Authorities
We are updating Azure services in a phased manner to use Transport Layer Security (TLS) certificates from a different set of Root Certificate Authorities (CAs). This began 13 August 2020.

MICROSOFT: We intend to make a final announcement when we are ready to make the change to disable TLS1.0 and TLS1.1 for SMTP AUTH for the regular endpoint.



Image

Need a new Microsoft Partner?

Maybe it's time to hit reset.
Let's get started