Good morning,
I just ran through a really annoying scenario:
Microsoft sent me a pretty aggressive email that my organization was going to have to enable "security defaults" by the end of the month or it was going to be enabled for me.
So, I followed the instructions, logged into "Entra" (New cloud AD services), and updated the system to use security defaults.
The gist of this was to force everyone to start using MFA. Great, I have no problem with that.
Well, I wake up this morning, and obviously my classic smtp email notification profile was no longer working.
So, the long and the short of it was I had to buy a couple of licenses for Azure AD P1 and apply them to my users in office 365, then in Azure I had to create a custom conditional access policy.
This policy basically applied MFA requirements to everyone, but completely excluded the classic smtp user.
word of caution!
-->Be 100% sure that you have MFA properly configured and enabled otherwise you could lockout your admin account from your azure portal. (This would be bad)
Microsoft support was shockingly quick to respond and incredibly knowledgeable and helpful in getting it resolved.
If you run into this issue and find this information helpful, it would be appreciated if you would "like" it so I get an idea of how many people actually find it helpful. If I get a bunch of likes / requests, I might add some additional details or screenshots.