This article applies as of PRTG 25

SMTP Notification Relays with Azure Communication Services 

Microsoft is retiring Basic Authentication for Client Submission, or SMTP AUTH, for Exchange Online as means to increase security. 

This change affects PRTG users who configured the SMTP delivery for notifications with an Exchange Online server. We recommend that you update your settings now to ensure that PRTG continues to deliver your notifications when Microsoft ends support in 2026.

We successfully tested Azure Communication Services (ACS) with PRTG by following the steps outlined in the following independent blog post: How to Configure Azure Communication Services SMTP Relay . This article follows the steps outlined in the aforementioned how-to article with some additional hints that we discovered along the way. We also cover how to configure PRTG to work with the new setup.

Requirements

To use ACS, you must have a Microsoft Azure account with an active subscription and administrative rights. 


We recommend that you create a resource group in your Microsoft Azure subscription before you start to organize your resources.


ℹ For more information on how to set up a resource group, see the Microsoft Community Hub: Step-by-Step Guide: Creating an Azure Resource Group on Azure Portal.

How to configure ACS for an SMTP Relay

Step 1: Create an ACS Communication Services resource in Microsoft Azure

You can follow the Microsoft documentation on how to create a Communication Services resource in Azure Communication Services.

  1. On the Microsoft Azure portal homepage, click Create a Resource.
  2. Search for communication services in the search bar and select Communication Services.
  3. Click Create.
  4. Enter the required information:
    • The Azure subscription information that the resource should be associated with
    • A resource group to put the resource in
    • The location of the resource group
    • The resource name
    • The location of the data that the resource uses
  5. Click Review + Create to create the resource.

Step 2: Create an ACS Email Communication Services resource in Microsoft Azure

For a video tutorial on how to create this resource, see the Microsoft Community Hub: Getting Started with Email in Azure Communication Services

  1. On the Microsoft Azure portal homepage, click Create a Resource.
  2. Search for communication services in the search bar and select Email Communication Services.
  3. Click Create.
  4. Enter the required information:
    • The Azure subscription information that the resource should be associated with
    • A resource group to put the resource in
    • The resource name
  5. Click Review + Create to create the resource.

Step 3: Add your domain to your Azure subscription

Now you need to create an email domain in your Email Communications Service resource.

ℹ You can follow the Microsoft documentation on how to add custom verified email domains.

  1. From the Email Communication Services resource overview, click Setup under Setup a custom domain.
  2. Click Add a custom domain.
  3. Enter your domain name twice and click Confirm.
  4. Review your domain name and click Add.
  5. When Azure finishes deploying your domain, you have the option to verify your domain. Click Verify Domain.
    This might take up to 20 minutes.
  6. Configure SPF and DKIM to prevent your emails from being considered spam.
    For more information about SPF and DKIM, see the Cloudflare documentation: What are DMARC, DKIM, and SPF?.

You now have the option to set up a MailFrom address. For a guide on how to set up additional MailFrom addresses, see the Microsoft documentation: How to add and remove multiple email sender addresses.

Step 4: Connect your email domain to your Communication Service.

  1. In your Communication Service resource, navigate to Email | Domains.
  2. Click Connect domain.
  3. Enter or select the required information:
  • Microsoft Azure subscription
  • The resource group of the Email Communication Services resource
  • The name of the Email Communication Services
  • The verified domain that you want to connect to
  1. Click Connect.

Step 5: Create an app registration in Microsoft Entra ID

This step provides you with the necessary information to configure PRTG.

ℹ You can follow the Microsoft documentation on how to register an app in Microsoft Entra ID.

  1. Log in to Microsoft Entra ID .
  2. Navigate to App Registrations and click New Registration.
  3. Enter a name for your app.
    This is a public name that you can edit after creation.
  4. Select the supported account type that makes sense for your situation and either leave the redirect URI as blank or set it to http://localhost.
  5. Click Register.

From the overview of your new app you need the Application (client) ID and Directory (tenant) ID.

Step 6. Create a client secret in your app

You need a client secret to use as the password in your SMTP relay credentials.

  1. In your new app, navigate to Manage | Certificates & secrets.
  2. Click New client secret.
  3. Enter a description and select an expiration date for the client secret. Click Add.
  4. Copy and save the Client secret.

Step 7: Create a role with permissions in your Microsoft Azure subscription

  1. Navigate to the subscription that you used to create the Communication Services and Email Communication Services resources in Microsoft Azure.
  2. Click Access control (IAM) from the left-side menu.
  3. Click the Roles tab.
  4. Find the Reader role and open the role menu via the ellipses
  5. Click Clone.
  6. Enter a custom role name and description. Click Next
  7. Enable the following permissions:
  • Microsoft.Communication/CommunicationServices/Read
  • Microsoft.Communication/EmailServices/Write
  • Microsoft.Communication/CommunicationServices/Write
  1. Click Review + Create.
  2. Review all your changes and click Create.

Step 8: Assign the role to the application in your Microsoft Azure subscription

ℹ You can follow the Microsoft documentation on how to assign Azure roles using the Azure portal.

  1. In your Azure subscription, navigate to Access control (IAM).
  2. Click Add role assignment from the Check access tab.
  3. Click the Members tab.
  4. Click Select members.
  5. Search for the application name from step 4 and click Select.
  6. Click Review + assign to finish.

Step 9: Put together your SMTP Credentials

Your SMTP user name follows the format <resource name>.<app id>.<tenant id>.

Your SMTP password is the client secret of the app you registered in Entra ID.


ElementDescriptionRelevant step
Resource nameThe name of the ACS Communication Services resourceStep 1
App IDThe application (client) ID from your Entra ID app.Step 5
Tenant IDThe directory (tenant) ID from your Entra ID app.Step 5
Client SecretThe client secret from your Entra ID app.Step 6


Configure an SMTP notification delivery in PRTG

Now you can configure a notification delivery using SMTP with ACS. 

  1. In the PRTG web interface, go to Setup | System Administration | Notification Delivery.
  2. Configure SMTP Delivery following the example below:

SettingValue description
Delivery MechanismUse one SMTP relay server (recommended in LANS/NATs)
Sender Email AddressEnter the MailFrom address defined in the domain from step 3.
Sender NameEnter the name that you want to use as the sender of the emails.
HELO IdentEnter a unique name. We recommend that you use the DNS name of your PRTG core server.
SMTP Relay Serversmtp.azurecomm.net
SMTP Relay Port587
SMTP Relay AuthenticationUse standard SMTP authentication
SMTP Relay User NameThe combination of the ACS Communication Service resource name, the Entra ID application (client) ID, and the Directory (tenant ID) in the format <resource name>.<app id>.<tenant id>.
SMTP Relay PasswordThe Entra ID application client secret
Connection SecurityUse SSL/TLS if the server supports it (default)
SSL/TLS MethodTLS 1.2 or any encryption method supported by Microsoft Azure


You can click Test SMTP Settings to confirm that everything is configured properly. 

  1. Save your changes.