Microsoft Office365 IMAP\POP3

[Osman]

Afternoon All,

In relation to the recent notification from Microsoft highlighted at:

Could you please confirm that our Instance is not affected by this change, Email Service screenshot below:

Thanks

Osman

[Victor]

@Osman live.hornbill.com is not using Microsoft email service (it is in fact not Microsoft) so no, it is not affected.

[lee mcdermott]

@Victor

we are using O365 can you clarify exactly what is required step by step which may make it easier and quicker than following various links to different guides and trying to work out exactly what I need to do.

My understanding is as follows

1. create a keysafe and then click connect. As below do I just use my own O365 account to accept permissions? Will this cause an issue at some point down the line? Or do I need to get a System admin for O365 account to do this permissions step or do I use the email account configured on the shared mailbox? I see there a few links on the wiki to various options for O365 and the accounts required. I was just unsure (couldn't remember how this was done when we first setup O365)

 

 

2. Go into Shared Mailboxes area and change the Authentication Method to use OAUTH rather than classic? It then appears I need to provide a username and password of the account used to grant permissions from earlier, so will that mean if I use mine and I change my password would this then stop working unless I update the password again here?

3. Change our 2nd mailbox (also using O365) from classic to OAUTH - I assume using the same credentials as above?

4. The email domain is already setup and working and doesn't mention authentication methods so I am assuming this doesn't need changed?

Would that be all that is required?

Do our O365 admin team need to do anything in Azure for this?

 

thanks

lee

[Victor]

@lee mcdermott

19 hours ago, lee mcdermott said:

1. create a keysafe and then click connect. As below do I just use my own O365 account to accept permissions? Will this cause an issue at some point down the line? Or do I need to get a System admin for O365 account to do this permissions step or do I use the email account configured on the shared mailbox?

Ok, so when using oAuth we need to connect via the keysafe. So one needs to be created. When using "Connect" on the keysafe, we are in fact creating a token, which will be used going forward for this particular connection. This token needs to be created in an MS user context with sufficient rights to the O365 email account (sufficient here means reading, sending, and such, basically the operations that need to be performed by that email account/mailbox). You can use your MS account for creating this context as long as your MS account has the relevant rights for the O365 email account. While an option, usually the MS account for this token is perhaps a different MS account (such as your Sys Admin one). So when using Connect on keysafe you are prompted to use an MS account. You need to consider here what MS account will be used for this keysafe to allow the necessary email operations on the O365 email account. Be mindful that if your user is already logged in your MS account the token can be generated in this user context (which might not be the user you need) so an idea would be to log off from your MS account prior to using the Connect option on keysafe. This way you can ensure you will be prompted for an MS account.

20 hours ago, lee mcdermott said:

Go into Shared Mailboxes area and change the Authentication Method to use OAUTH rather than classic? It then appears I need to provide a username and password of the account used to grant permissions from earlier

Yes, you would switch to an oAuth connection, for O365 email there are specific options in this list that should be used rather than a generic oAuth connection type. You would then specify which keysafe is used here, you should not be prompted to type in a username and password, this is only for classic connections.

20 hours ago, lee mcdermott said:

Change our 2nd mailbox (also using O365) from classic to OAUTH - I assume using the same credentials as above?

Not quite. The second mailbox can use the same keysafe, which means in turn will use the same token, if the MS user context (for which this token was created) has sufficient rights to this other O365 email account. If a different MS user context is needed for this other mailbox, a new keysafe needs to be created, using same steps as above.

20 hours ago, lee mcdermott said:

The email domain is already setup and working and doesn't mention authentication methods so I am assuming this doesn't need changed?

Not sure what you mean by "email domain is already set up", can you detail on this please?

[lee mcdermott]

@Victor

 

thanks for that victor going to give this a try latter this afternoon hopefully, yeah it was the bit around what account to use I was struggling with, as I was logged into my o365 account it only prompted for my account and my authorisation.

 

So would it make sense to try and use the email account that is actually being used for our inbound email as that will definitley have the necessary permissions? The only issue i see how ever we do it, if I am logged out of my o365 account I will need to know the password for what ever account we want to use? is that right?

 

 

 

for the domain part it was based on this in the guide - so as it was talking about email domains etc I wasn't sure if there was something needed here? 

As as I say as I was reading various pages with links to other pages I was getting confused as to exactly what i needed to change, so maybe this bit isn't needed as it is already setup for us using o365.

Configuring Mail Service Components

Once an Office365 email account is integrated to Hornbill, the email account can be used to send email out or receive email from other entities, that can be processed by Hornbill.

To make this configuration,

1. The first requirement is to create an Email Domains.
   • The critical information is the Domain Name. This entry should be the same Office365 domain that Microsoft has assigned, (ie testdomain.onmicrosoft.com). The rest of the options can be set as indicated by the wiki-page Email Domains. If one desires to utilise Use SMTP SmartHost as the Outbound Routing Mode, please see the section #Outbound Mail Services via Smart Host for proper configuration of options.
2. Once the route has been created, the next step to be created is the Shared Mailboxes.
3. Then link an outbound mail route.
   • A key point to remember when defining the link email address, use the email address linked to the Office365 account as the default address.
   • After defining the linked address, proceed to create the desired #Inbound Mail Services to allow Hornbill to retrieve emails from the Office365 account.

 

 

 

[Victor]

22 hours ago, lee mcdermott said:

The only issue i see how ever we do it, if I am logged out of my o365 account I will need to know the password for what ever account we want to use? is that right?

Basically, yes.. so on Connect (on keysafe), if no MS account is logged in on that machine, then MS will prompt to sign in as a user... and whoever that user will be (like the account that is actually being used for the inbound email) will have to type in the password for the account.

22 hours ago, lee mcdermott said:

As as I say as I was reading various pages with links to other pages I was getting confused as to exactly what i needed to change, so maybe this bit isn't needed as it is already setup for us using o365

Depends if the domain is set to use classic authentication or oAuth ... if oAuth, the set up steps are same as for inbound.