A customer is using Office365 for his mails and has various applications which need an SMTP relay. Office 365 provides that: The user e-mail settings in the Admin Center showed that SMTP Authentication is enabled. Interestingly, MFA was shown to be disabled, but enforced. So STMP wasn't usable with standard clients using basic auth. I finally found that a global organization setting overruled the user settings: https://docs.microsoft.com/de-de/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Under portal.azure.com > Properties > Manage Security defaults > Enable Security defaults must be set to No to disable the enforcement of MFA for SMTP.