Office365 Modern Authentication - Email

microsoft has deprecated ‘legacy’ (basic/password) based authentication methods for its office365 service this means applications are now required to authenticate using what microsoft terms ‘modern’ authentication, or oauth2 all applications will be required to migrate to the new authentication methods by october 1st, 2022 i am videoing the screen and typing at fulls peed and it's not causing any weird delays or latency? servicely can easily be configured to authenticate using ‘modern authentication’ (oauth2) azure configuration the microsoft azure configuration is outlined here azure configuration docid\ q17u pogohcb2o5sj88ea servicely configuration servicely re uses the same oauth providers and outbound api tokens that are used for integration with all external systems that support oauth2 to configure oauth2 for email authentication, you will need a ‘ system oauth provider ’ and a ‘ system api outbound token ’ system oauth provider the system oauth provider defines the information required to initiate the oauth2 authorization, token exchange, and token renewal you can find more information on the fields and requirements for the system oauth provider here managed oauth2 docid\ rqx8m7irdylswccq8xm x you can use the supplied templates to fill in the base information you will need to fill in the details for client id, client secret, and tennant id from the azure application system api outbound token the ‘ system api outbound token ’ tracks the actual authorization request this includes the user the request is to be issued as, along with the ‘scope’ of the privileges assigned to the user these tokens are tied to a system oauth provider ; however, you can have many tokens (each with different credentials and scopes) associated with each provider you can find more information on the fields and requirements for the system api outbound tokens here managed oauth2 docid\ rqx8m7irdylswccq8xm x the only email specific field you will need to configure is scopes (value as below) field value scopes offline access https //outlook office com/imap accessasuser all https //outlook office com/smtp send openid email once the record is created, you can select the ‘ get authorization token’ button to begin the authorization process with azure you will be taken to the microsoft login page where you will need to login as the user you want to authenticate to the email account as for example if mailbox is something\@something com , that something\@something com user needs to be licensed and you will need to login using that user account once you login you will be asked to confirm the permissions being granted, and then will be taken back to servicely accept the permissions to read/send email if you connect initially using an account with azure administrative privileges, and the oauth prompt setting as ‘consent’, you will be presented the option (by azure) to authorise the access for the entire organisation this action will populate the azure application registration with the requested permissions (example below) after this is done, you need to change the ‘oauth prompt’ to something else (e g select account) and re authenticate as a non privileged user, i e the email account you want to use using the token for email authentication you will need to return to the messaging account configuration here you will now be able to select the ‘oauth 2’ authentication type and select the system api outbound token configured above save the record, and you should be able to authenticate using ‘modern authentication’ or oauth 2 troubleshooting outbound (smtp) if you get the following error when testing the connection from servicely, you may need to enable smtp authentication for the email account if you are sending an email to an imap messaging account that has successful connection test, but your email never made it to servicely mail table, then you should check the log by going to administration > logging & statistics > system log records if you find an error similar to below, i e “bad user is authenticated but not connected”, you need to make sure your oauth token was generated by the email user that is appropriately licensed inbound (imap) if you are sending an email to an imap messaging account that has successful connection test, but your email never made it to servicely mail table, then you should check the log by going to administration > logging & statistics > system log records if you find an error similar to below, i e “bad user is authenticated but not connected”, you need to make sure your oauth token was generated by the email user that is appropriately licensed