Skip to main content
Mitratech Success Center
Client Support Center

Need help? Click a product group below to select your application and get access to knowledge articles, webinars, training content, and release notes or to contact our support team.

Authorized users - log in to create a ticket, view tickets status and check your success plan details.

 

TeamConnect IMAP Config with Modern Auth for Exchange Online

  1. Last updated
  2. Save as PDF
Disclaimer: This page applies to TeamConnect version 7.2 and earlier. If you're using version 8.0 or later, see the updated guidance here .

Prerequisites

Before using the Mailbox (email) as an Incoming/Outgoing Mail Server, please ensure the following:

  • Disable Multi-Factor Authentication (MFA) in both:
  • Remove Microsoft Push/Microsoft Authenticator from the Mailbox. (This is only required for Resource Owner Password Credential Flow.)

Configuring TeamConnect with M365 Exchange Services

Steps to Follow Screenshot for Reference

1. Go to https://portal.azure.com/ and sign in with your admin account. In the left hand menu, select Azure Active Directory. Under Manage, select App registrations. 

(or) You can also select App registrations under Azure services. 

 Step1.png
2. Click on the + New registration button at the top of the page. Step2.png
3. Fill in the following fields:
  • Name: Enter a name for your application.
  • Supported account types:
    • Choose the account type as Accounts in this organizational directory only (single tenant)

Click on Register once the fields are filled.

 Step3.png

4. After registering of application, navigate to Authentication tab > Advanced Settings

Under the Public client (mobile & desktop) section, toggle Yes to enable public client flows.

This allows your application to request tokens from Azure AD in a secure way without needing a client secret, which is typical for public clients like mobile or desktop apps.

Click Save after making the changes.

 Step4.png

5. Go to the API permissions tab in your app registration.Click on + Add a permission.

Choose Microsoft APIs and select Microsoft Graph. Then, choose the appropriate permissions:

  • Delegated Permissions → IMAP.Access.AsUser.All
  • Application Permissions → Mail.Read

Click + Add a permission again, then choose:

  • APIs my organization uses → Office 365 Exchange Online → Application Permissions → IMAP.AccessAsApp.

Once all permissions are added, click Grant admin consent to grant the required permissions for your app.

Step5.png

6. Configure Incoming Email Server Settings

  • Log in to your TeamConnect Instance as Admin.
  • Go to Admin → Admin Settings → Email → Incoming Email Server Settings.
  • In the left column:
    • Use SSL: Check the "Use SSL" box to enable a secure connection.
    • Incoming Mail Server: Enter "outlook.office365.com" in the "Incoming Mail Server" field.
    • Username: Input your M365 mailbox email in the "Username" field.
    • Password: Provide your M365 password in the "Password" field.
  • In the right column:
    • Enable OAuth: Enable the "Enable Exchange Oauth" checkbox.
    • Application Client ID: Enter the Application Client ID exactly as shown in Step 7.
    • Application Client Secret: Enter the Application Client Secret exactly as shown in Step 8.
    • Exchange Authority: Enter the Exchange Authority exactly as shown in Step 9.

Incoming Mail Server Settings.png

7. Get the Application Client ID Value from the Microsoft Azure Portal

Navigate to App Registration  Overview  Essentials, then copy the Application (client) ID and paste it into the "Exchange Application Client ID" field.

 Step6a.png

8. Get the Application Client Secret Value from the Microsoft Azure Portal

Navigate to Certificates & secrets, then click on + New client secret. Provide the description and click save. Now copy the Value and paste it into the "Application Client Secret" field.

Note: When adding a Client Secret, make sure to copy it immediately and save it. The secret will not be displayed again once the user navigates away from the page and returns to the Client secrets section.
 Step6b.png

9. Get the Exchange Authority Value from the Microsoft Azure Portal

Go to App Registration → Overview → Endpoints, copy the Authority URL (Accounts in this organizational directory only), and add it to the "Exchange Authority" field.

 Step6c.png
Your TeamConnect is now configured with M365 Exchange Services. Please start an email approval workflow to test the connection.

 

Creating Service Principals in Azure Directory for M365 Exchange

Important Links:

Connecting to Exchange Online

1. Run the latest version of PowerShell as Administrator on Windows.

2. Install the ExchangeOnlineManagement module by running the following command:

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.4.0 (select Y for all questions)

3. Import the ExchangeOnlineManagement module by running the following command:

Import-Module ExchangeOnlineManagement

4. Establish a connection to Exchange Online using the following command (replace the email with your own):

Connect-ExchangeOnline -UserPrincipalName [USEREMAIL]

Creating a Service Principal

1. To create a new service principal, run the following command (replace [APPID] with your application ID and [OBJECTID] with your service principal object ID): 

New-ServicePrincipal -AppId [APPID] -ServiceId [OBJECTID]

2. To retrieve the Service Principal ID (SID), use the following command: 

Get-ServicePrincipal | fl

3. Add mailbox permissions so that the mailbox can act autonomously. Use the following command, replacing [USEREMAIL] with the user email and [SERVICE PRINCIPAL ID] with the Service Principal ID obtained in the previous step: 

Add-MailboxPermission -Identity [USEREMAIL] -User [SERVICE PRINCIPAL ID] -AccessRights FullAccess
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.