SOFTLINK Allow an application to access Office 365 email Microsoft has stopped basic authentication mechanism for accessing Office 365 email accounts. In its place a more secure XOAUTH2 authentication has been provided. To access a mailbox using XOAUTH2 authentication method, the application needs to generate a token using Tenant ID, Client ID and Client Secret. This token has to be used to authenticate with the mail server via IMAP using XOAUTH2 mechanism. The login ID and password is not used. To get the required inputs for token generation the following steps need to be followed. 1. Connect to Azure portal at httos://portal.azure.com 2. Go to Azure Active Directory BEA © emerSOFTLINK 3. Goto “App Registrations” 4, Add a new application by clicking on “Add” Register an application ———— Enter name of the application e.g, Logi-Sys / Live IMPEX as applicable and register itSOFTLINK 5. After adding the application you will get a screen as below. it contains Client ID and Tenant ID which you ‘must copy for entering into your application 6. For the third piece of information i.e. Client Secret, click “Certificates & Secrets” from the left side pane. You will get a screen as below SE Aan « seerSOFTLINK 7. Click on “New client secret” link and create a secret after adding description in following screen glee | Cotifiates& secrets The new secret will be displayed on screen only once as shown below. So you need to copy it and keep it asideSOFTLINK ‘The above steps will give you TenantID, ClientiD and ClientSecret information. You now need to give permission to access the API as indicated below. 1. Click on “API Permission” option from left side panel = SEE « — + es o* @ loasys [API permisions Click on “Add a permission” and choose “Office 365 Exchange Online” option | eminenetss tine tomtom @ \o0Sis [API permissionsSOFTLINK 2. Choose “Application Permissions” @-tessys | APL permissions Select IMAP.AccessAsApp option and click on “Add permissions” ay .—-— - E oe oe ~ Request API permissions (08515 | API permissionsSOFTLINK 3, The permissions have now been added but now need admin consent for activation, AE ate + e- ox -@ Loiys | APL permissionsSOFTLINK With the above steps the API permission is granted to application indicated. The next step will create an internal user to allow access to the specified mailbox from this application. 1 2, Open Windows PowerShell in administrator mode Run following commands after replacing StenantiD with the TenantiD value received in Step#1 $YourApplame with the name of Application Registered in Step#1 $mailBoxID with the email address of mailbox to which you want to allow the application to access. Install odute -Kane Exchangeonlinedanagenent nstall-todule Merosoft. raph nstall-togule kane Arure%0 Inpors-Nodule Exchangeontnetanagenent Connect tzureAd Tenant. $tenant10 Conect-ExchangeOnline -Orgonization $tenant20 SyApp = Get-AzuresOServicePrincipal -Searchstring $YourAoplane Neu-ServicePrinetpal -Applé $RyApp.Appla -Servicel4 $Mytop.ObjeceT4 -DisplayAane Service Principal for INAP/SHTP App” AusnallbosPeraission “Ieentity "SnaiiboxD” -User $hydpp-ObjectTd ~kccessRights Fulltceess