Work flow emails use the system SMTP setting, but other areas (such as emailing POs and report) do not.
This is a big issue for us as the workarounds are not acceptable.
Option 1 - whitelist the ensure Azure region on our own SMTP server to allow sending of unauthenticated emails - no way!
Option 2 - give the service account access to "send as" to all users - not good as if this account is ever compromised, emails could be sent on behalf of these other users. This could be exploited and used for phishing attacks or for other malicious purposes (e.g. I could use this account to send an email to senior staff from someone else to get them into trouble)..

A better long-term fix would be for all emails from D365 to go from the mail account that has been configured for sending emails. A "reply to" address would need to be specified or set to the emai lof the user performing the action.
Needs Votes