Are Authenticated SMTP Notifications still broken in Sophos Firewall?

it is listed as a known issue:https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.0

Use Central as a Alert Management system. That should be a better solution. 

I'm not sure about this response -- the customer has non-microsoft devices (scanners etc.) that are using authenticated relay just fine.  I read elsewhere that it may be a problem with the encryption algorithms used (old MD5)...   not sure why if the bottom dollar MFP manufacturers can accomplish this, that Sophos can't?  I mean I understand it being a lower priority issue but it's been broken since day one.

It was not implemented. Basically PLAIN Authentication is fine for most SMTP but not Microsoft. You could ask Microsoft to support Plain Authentication as well. But at this point, SFOS does not support the way, microsoft authenticate and microsoft does not support the way, the firewall works. 

It was not implemented. Basically PLAIN Authentication is fine for most SMTP but not Microsoft. You could ask Microsoft to support Plain Authentication as well. But at this point, SFOS does not support the way, microsoft authenticate and microsoft does not support the way, the firewall works. 

So which ones does Microsoft require?  I see two other possibilities, AUTH-LOGIN and AUTH-CRAM-MD5 ... 

Sophos Firewall support SMTP Plain. https://en.wikipedia.org/wiki/SMTP_Authentication

Yeah I get that... I was asking what Microsoft requires.  I guess we can drop this -- still amazing to me that this hasn't been fixed given it's something supported (apparently) on the most basic IOT type devices, printers, etc. nowadays.

I dont know, what Microsoft Supports. They moved to MFA a while ago. You find the documentation on Microsoft Websites. Essentially it is not broken. It is simply a missmatch between two vendors. 

Most customers moved to Central Alerting and do not use Email Alerting anymore. (Why should you send a Email from the firewall, if you could do this from Central?). 

If you have a device to send a notification, you could send this directly. This would basically mean to enter the credentials on each and every device, if you want to authenticated on a centralized manner, but you could do this by using the MTA itself. Then send the Email via Port25 to Microsoft365. 

One reason is that as a customer you can't configure your own alerts and have to sit and work with a partner to tune them and then always go through someone else to make changes.

Actually you can configure your own alerts in Central... unless you are talking about a scenario where you are using a MSP and want your own alerts (which we configure ourselves for customers as needed -- we also are an MSP) and they don't give you access to Central admin on your account, etc.

Yes, when using an MSP.  I have access to Central Admin but the alerts section is locked and we don't have access and were told we can't get access because that would require them to unlock that section for all customers and would create issues as far as how they manage alerts.