We've all been there - the struggle of connecting an office scanner/copier to the internet in such a way that it can scan to email without using TLS.
Setting up an SMTP relay has always been the go-to solution though it can be a miserable experience depending on your cloud provider, firewall configuration and available server resources.
Office365 now has the ability to set up a connector that functions as an SMTP relay. There are actually three options for sending mail from a network device, with varying levels of capabilities and options. SMTP Client submission, Direct Send and a full SMTP Connector Relay are all covered in detail with step by step setup directions in this technet article:
https://technet.microsoft.com/en-us/library/dn554323%28v=exchg.150%29.aspx
I've configured several of the Connector Relays with great success; though it requires some DNS MX record access and the addition of an SPF record. You'll need to specifically call out the static external IPs of your office locations, since the connector will only accept SMTP traffic from explicitly defined IP sources.
It's also worth noting that no matter what your configuration, the traffic will be dropped if the IP address you're slinging mail from is listed on any of the spam blacklists that are out there. I discovered one client who was using a PaaS environment on a shared IP that was listed on SpamHaus. All the other branch offices could use the SMTP connector, but we had to work with the provider to get that IP de-listed before the web applications that needed SMTP would work.
On the whole, it feels like the issue of bringing our big office scanners and copiers into the 21st century is finally getting addressed.
