Page tree
Skip to end of metadata
Go to start of metadata

Microsoft Exchange and Office 365 Email Setup

Beginning in the second half of 2021, Microsoft requires email accounts to use an OAuth 2.0 authentication method. To configure a Microsoft email account with OAuth 2.0, complete the steps in this article to connect the account to Azure for appropriate authentication.

Prior to the second half of 2021, Microsoft email accounts can be configured with only an email account and password.

Prerequisites

This authentication method requires an Azure account and an Azure AD tenant. The account must be a tenant administrator.

Configure Agiloft in Azure AD

Configuring  Agiloft as an application in Azure AD requires registering your system with Azure, identifying the application as an authentication tool in Azure, and adding access permissions. 

First, you need to register your   Agiloft system with Azure. As you follow the steps, you can also refer to Microsoft's setup instructions if any of the options you see differ from those described here.

  1. Sign in to the Azure portal with the appropriate organization account.
  2. If your account has access to multiple tenants, select your account in the upper right corner and set your session to the appropriate AD tenant. For more information about tenants, see Microsoft's tenant documentation.
  3. Search for and select Azure Active Directory.
  4. Go to Manage > App registrations and select New registration.
  5. Enter a name for the registration. For example, you might name your registration " Agiloft Application for OAuth2."
  6. Select an option for who can use the application. This choice depends on how you use Azure. If you created an Azure account and tenant only for this purpose, select "Accounts in this organizational directory only."
  7. Leave the default Redirect URI settings.
  8. Click Register. The portal automatically directs you to the overview page for the  Agiloft application.

With the application registered, you can gather the necessary identifying information to use the application with Azure as an authentication tool.

  1. In the sidebar, click Certificates & secrets.
  2. Click New client secret.
  3. Give the Client Secret a descriptive name, such as " Agiloft EWS Integration."
  4. Set it to never expire.
  5. Click Add. The secret now appears in the list.
  6. Copy the secret's value into a note or document.
  7. In the portal sidebar, click Overview to return to the overview page for the application.
  8. Copy the Application ID value into your note. This is the Client ID you need in Agiloft.
  9. Copy the Directory ID value into your note. This is the Tenant ID you need in  Agiloft.

Before you leave the portal, add access permission for the application:

  1. Inside your Agiloft app registration, click Manifest on the sidebar.
  2. Locate the requiredResourceAccess property in the manifest, and add the following inside the square [] brackets:

    {
        "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
        "resourceAccess": [
            {
                "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40",
                "type": "Role"
            }
        ]
    }


  3. Click Save.
  4. Click API permissions in the sidebar.
  5. Confirm the full_access_as_app permission is listed.
  6. Click Grant admin consent, located next to the Add a permission button. 

Configure Inbound Email in Agiloft

With the application registered and configured in Azure, you can use it to authenticate inbound email addresses in  Agiloft. You must complete this setup for each inbound account that uses an Office 365 or Microsoft Exchange email address.

Refer to Inbound Email Accounts as you work. This article focuses on the settings that are unique to Azure authentication.

  1. Navigate to Setup > Email and SMS > Configure Inbound Email
  2. Edit an inbound account from the list, or create a new one.
  3. On the Server tab:
    1. Select IMAP.
    2. Enter EWS:outlook.office365.com/ews/Exchange.asmx for the address.
    3. Enable SSL/TLS connection.
    4. Set the custom port option to 443.
  4. On the Account tab:
    1. Enter the full email address.
    2. Leave the password field empty.
    3. Enter the Tenant ID, Client ID, and Client Secret you copied from your Azure application page.
  5. If you need to access multiple mailboxes with this configuration, you can do so on the Account tab with the Additional Users field. In the field, enter each additional email address, separating addresses with semicolons. For example: email1@email.com; email2@email.com; email3@email.com