Add mail settings on the FortiManager or FortiAnalyzer in the GUI:
For Microsoft Office 365, this usually needs to be configured with port 587 with STARTTLS.
For Microsoft 365 / Office 365 Client SMTP submission, the FortiAnalyzer or FortiManager must be able to resolve smtp.office365.com and reach TCP/587. The Microsoft 365 mailbox used for authentication must be licensed, SMTP AUTH must be enabled for the mailbox, and TLS 1.2 or later must be supported.
Note: Ensure SMTP AUTH is enabled on the Microsoft 365 mailbox used for authentication. If SMTP AUTH is disabled at the tenant or mailbox level, or if the Microsoft 365 security policy blocks authenticated SMTP submission, the connection may fail even when the FortiAnalyzer or FortiManager mail server configuration is correct.
To set STARTTLS in FortiAnalyzer or FortiManager, configuration is possible from the CLI. A sample configuration is shown below:
config system mail
edit "TestMailServer"
set auth enable
set auth-type psk
set server "smtp.office365.com"
set port 587
set secure-option starttls
set ssl-protocol tlsv1.2
set user "sender@example.com"
set passwd
set from "sender@example.com"
next
end
Note: If the from address is different from the authenticated Microsoft 365 mailbox, the authenticated mailbox must have permission to send as that address.
To verify the mail server configuration, use the command:
show system mail
Sample output:
config system mail
edit "TestMailServer"
set auth enable
set port 587
set secure-option starttls
set server "smtp.office365.com"
set user "fortinettestemail@fortinet.com"
next
end
To verify the connection, try sending a test email using the following command:
diagnose test connection mailserver Office365 sender@example.com recipient@example.com
Related article:
Troubleshooting Tip: How to understand the email SMTP issues and its causes | 
