Exchange 365: IMAP with OAUTH2
Requires UM 7.49.0 or newer.
Go to https://portal.azure.com and select Azure Active Directory:
Copy the Tenant ID which will be your tenant_id
:
Open App registrations, click New registration and enter a meaningful Name:
Click Register to proceed.
Copy the Application (client) ID which will be your client_id
:
Open API permissions and click Add a permission:
Go to APIs my organization uses and select Office 365 Exchange Online:
Click Application permissions and check IMAP / IMAP.AccessAsApp:
Click Add permissions to proceed.
Click Grant admin consent for <Your Tenant>:
Open Certificates & secrets and click New client secret:
Enter a Description and chose an appropriate Expires setting. Finish by clicking Add.
Copy the secret’s Value since it will not be displayed again after this step. This will be your client_secret
:
Switch over to Enterprise applications:
Select your newly created Application from the list.
Copy the Object ID which will be your enterprise_object_id
:
IDs and secrets
By now, you should have collected the following IDs and secrets:
Placeholder | Description / source |
---|---|
| See above |
| See above |
| See above |
| See above |
| The name (= primary email address) of the mailbox in question. |
Windows PowerShell
Now, open Windows PowerShell and install the necessary modules:
Install-Module -Name ExchangeOnlineManagement
Import-module ExchangeOnlineManagement
Connect to Exchange Online using an adminstrative account:
Connect-ExchangeOnline -Organization <tenant_id>
Create a new Service Principal:
New-ServicePrincipal -AppId <client_id> -ServiceId <enterprise_object_id> -Organization <tenant_id>
Grant Mailbox Permission to the newly created Service Principal:
mailbox_name
is the name (= primary email address) of the mailbox you want to read from.
UM configuration
Edit your cmsbs-conf/cmsbs.properties
(or cmsbs-conf/conf.d/*.properties
) and add the following settings. Remember to substitute all contained placeholders.
Please keep in mind that the Client secret you created earlier has an expiration date.
Your will have to create a new one and change your UM configuration accordingly at some point in the feature.
Problem solving
BAD User is authenticated but not connected
You probably forgot to Add-MailboxPermission for the inbox in question.