Windows Server

Configure WSUS Email Notification for Office365

WSUS email setup

Configuring WSUS Email Notifications ensures effective communication. It’s a powerful way to inform subscribers about changes or updates to a website or service alongside push notifications. For related content, see these guides, Windows Server Update Services Commands, WAUACLT, PowerShell, and USOClient. How to Start, Stop, and Restart Windows Server Update Services (WSUS) via PowerShell and CMD, Windows 2016 Servers does not show up on WSUS console, and WSUS clients appear and disappear from the WSUS Update Services console.

To effectively configure WSUS Email Notification, as WSUS lacks SSL/TLS support, an SMTP relay setup is essential for connecting to the Mail Server (Office365).

For more articles I have written, see the following hyperlinks below; configuring WSUS Email Notification to Work With Office365, how to set up and configure Windows server update services (WSUS), important Areas to Master on WSUS (Installed and not applicable, Install 1/4, and Installed / Not applicable 100), how to configure WSUS Clients to get Updates from the WSUS server using Registry settings, how to apply Windows Updates from WSUS to the server using AWS RunCommand, how to Configure SSL between WSUS servers (Upstream and Downstream Servers).

Solution: To Solve this problem, you will have to setup an SMTP-relay serve: Setting up smtp relay on windows server 2012:
Install SMTP on Windows Server
– Open Server Manager and
– Select Add Roles and Features.
– Select Server Selection and make sure that the server that will be running the SMTP server is selected and then select Features.

On the Select Features screen,
– Choose SMTP Server. You may be prompted to install additional components. If that’s the case,
– Select Add Required Features and
– Click Next.
– Select Install. After the installation is finished, you may have to start the SMTP service by using the Services snap-in for the Microsoft Management Console (MMC).

Set up SMTP
– Open Server Manager,
– Select Tools, and then
– Select Internet Information Services (IIS) 6.0.

WSUS notification

Adjust Server Settings: SMTP Virtual Server Properties

Expand the current server, right-click the SMTP Virtual Server, and then select Properties.
– On the General tab,
– Select Advanced
– Click on Add.
– Enter the Public IP of the WSUS/SMTP server if they are installed on the same server but if not enter the IP of the SMTP server followed by port 25

Office 365 WSUS integration

In the IP Address box, specify the address of the server that’s hosting the SMTP server. In the Port box, enter 25 and select OK.

WSUS email configuration

Step 3: On the Access tab, do the following: Select Authentication

WSUS email setup

and make sure that Anonymous Access is selected.

WSUS notification

Select Connection as shown below

Office 365 WSUS integration

Select “Only the List” below, and then specify the IP addresses of the devices that will be connecting to the SMTP server, such as the WSUS server itself or a printer

WSUS email configuration

Upon click ok, this will be granted to the Private IP address

WSUS email setup

Select Relay > Only the List Below, and then specify the IP address of the devices relaying through this SMTP server

WSUS notification

While we’re here, click on “Relay” and check that the box labeled “Allow all computers which successfully authenticate to relay…” is ticked and also enter the Private IP Address here.

Office 365 WSUS integration

On the Delivery tab, select Outbound Security, and then do the following:
Select Basic Authentication.

And select Anonymous access as shown below

Select Outbound Connections, and in the TCP Port box, enter 25 and select OK.

Finally, Select Advanced and specify the SMTP server as smart host as the Smart Host.

Configure WSUS Email Notification: Admin Center Connection

Note: This is not You can find this when you connect to the Office365 admin center
– Go to settings on Office365 and
– Select domain as shown below

Note: Create a connector on Office365 using the EIP (Public IP Address of the SMTP server). This process is very simple. Now go back to the SMTP-Relay server,

Select Advanced and enter the FQDN and the MX record for your office365

Now restart the IIS service and the SMTP service. Now go to the WSUS server (Enter your email here in order to get status report)

Test the configuration

However, Now, you should get an email notification showing your smtp server-relay setup is working

Subsequently, you should get emails from time t time showing updates status and windows updates available as shown below

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Notify of

Newest Most Voted
Inline Feedbacks
View all comments
Adam Marshall
1 year ago

Why not just use direct send? MX Endpoint, port 25, no authentication, no SSL. Sending to a mailbox or distribution group or alias.

1 year ago
Reply to  Adam Marshall

Thank you, Adam! I haven’t used O365 Direct Send. I will check this out…

Would love your thoughts, please comment.x