Hi @Asher Fiyaz
Since app password uses basic authentication, if you have security defaults enabled (tenant-level), the authentication attempt would fail.
First, if I use/follow option-3 method https://video2.skills-academy.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365#option-3-configure-a-connector-to-send-mail-using-microsoft-365-or-office-365-smtp-relay. Will it work with default security setting= on? if yes, then great. otherwise, what is the best option for postfix server to given office365 account credential?
It may work for you and you don't need to offer credentials.
With SMTP relay, you can send from any email address in one of your Microsoft 365 or Office 365 verified domains.
And this email address does not need an existing or licensed mailbox.
Secondly, it is possible for adding some policy to resolve this issue? if yes, How can I create policy on office365 admin center for resolve this issue?
How can I create such an Conditional Access Policy for enabling SMTP again?
It is not possible if you have security defaults enabled, which already blocks basic authentication at organization level.
Moreover, you need to allow basic authentication on per-user level for the mailbox you are using in Conditional Access Policy (in other words make sure there are no policy that blocks basic authentication when security defaults is disabled)
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.