Exchange 365: IMAP with OAUTH2

Go to https://portal.azure.com and select Azure Active Directory:

Open

Copy the Tenant ID which will be your tenant_id:

Open

Open App registrations, click New registration and enter a meaningful Name:

Click Register to proceed.

Copy the Application (client) ID which will be your client_id:

Open API permissions and click Add a permission:

Go to APIs my organization uses and select Office 365 Exchange Online:

Click Application permissions and check IMAP / IMAP.AccessAsApp:

Click Add permissions to proceed.

Click Grant admin consent for <Your Tenant>:

Open Certificates & secrets and click New client secret:

Enter a Description and chose an appropriate Expires setting. Finish by clicking Add.

Copy the secret’s Value since it will not be displayed again after this step. This will be your client_secret:

Switch over to Enterprise applications:

Select your newly created Application from the list.

Copy the Object ID which will be your enterprise_object_id:

IDs and secrets

By now, you should have collected the following IDs and secrets:

Windows PowerShell

Now, open Windows PowerShell and install the necessary modules:

Connect to Exchange Online using an adminstrative account:

Create a new Service Principal:

Grant Mailbox Permission to the newly created Service Principal:

mailbox_name is the name (= primary email address) of the mailbox you want to read from.

UM configuration

Edit your cmsbs-conf/cmsbs.properties (or cmsbs-conf/conf.d/*.properties) and add the following settings. Remember to substitute all contained placeholders.

(See also https://downloads.universal-messenger.de/knowledge-base/documentation/universal-messenger/html/UM_EN/Developer/Bounce_management_configuration.html)

Problem solving

BAD User is authenticated but not connected

You probably forgot to Add-MailboxPermission for the inbox in question.