TeamConnect IMAP Config with Modern Auth for Exchange Online
Configure TeamConnect Mail Server Settings
To configure the Incoming mail sever settings on TeamConnect, navigate to Admin > Admin Settings > Email
-
The value for Incoming Mail Server will be: outlook.office365.com
-
Use SSL and Enable Exchange Oauth must both be checked
-
Client ID and Exchange Authority will vary from client to client and can be found within Azure. To get these values, refer to the How to get Client ID from Azure? and Exchange Authority
How to get Client ID from Azure?
Within Azure, navigate to the TeamConnect registered app as show below to find the Client ID and can be found in Overview tab.
Exchange Authority
Exchange Authority will likely be one of the following:
There are a number of different ways of determining which authority URL a particular client needs to use but the quickest way is by clicking on Endpoints within Azure TeamConnect App and reviewing the given URLs.
Note: Omit the oauth2/v2.0/* portion of the URL. i.e. in this example, we just want https://login.microsoftonline.com/organizations/
For more information, see here.
Azure App Configurations
Single-Factor Authentication
For IMAP, authentication needs to be done with Single-Factor Authentication. If MFA is enabled by default, there are various ways your Azure admin can configure the app to bypass MFA, including user-specific or application-specific exceptions.
API Permission
In API Permissions, search for Office 365 Exchange Online, click on the Applications permissions button, and under IMAP, enable IMAP.AccessAsApp
Notice that the permission requires admin consent by default. However, consent can be customized per permission, user, or app. So this will vary from organization to organization. Please work with your Azure admin to determine what requirements are needed.
For more information, see here.