Office 365 with Multi Factor Authentication and unfriendly Active Directory Admins
One of the companies I've been using Evolution-EWS on for years without an issue has decided to move to MFA (Multi Factor Authentication) in order to make things more secure. They've also stated that the only supported environment is to use Outlook for mail.
I've found that changing to the standard URL (https://outlook.office365.com/EWS/Exchange.asmx) allows one to set the authentication type to OAuth2 (Office365). This has a great Help link, but the AD admins were not open to anything other than Outlook and weren't even willing to discuss it.
The question is how can I get the settings I need to make this work?
- I can find the Tenant ID in various places. (e.g. sign in to portal.azure.com, click on ? for Help and choose Show Diagnostics - the json file it opens shows the Tenant ID.)
- How can I get the APP ID that I must enter? I do not have access to Azure Active Directory or to App Registrations.
Any advice on how to make this work would be greatly appreciated. I would hate to have to use Web Browser Access just for this one account.
Re: Office 365 with Multi Factor Authentication and unfriendly Active Directory Admins
On Tue, 2020-05-26 at 16:11 +0200, Louis van Dyk wrote:
> The question is how can I get the settings I need to make this work?
> - I can find the Tenant ID in various places. (e.g. sign in to
> portal.azure.com, click on ? for Help and choose Show Diagnostics -
> the json file it opens shows the Tenant ID.)
> - How can I get the APP ID that I must enter? I do not have access to
> Azure Active Directory or to App Registrations.
if I recall correctly, you cannot. It's the company administrators whom
have privileges to create an application in the Azure web interface and
set it up with the tenant. Regular users cannot do it.
It doesn't matter much, because EWS is dead for the Office365 server .
Do not worry, the Microsoft Graph API looks promising. It doesn't seem
to know everything what the EWS does, but it is also simpler, thus
maybe it'll work. I've just begun to explore what it can do. Some
preliminar testing will be appreciated, as always. I think that the
Graph API is less strict with respect of the OAuth2, it seemed to me
that one can use any application (as registered on the Microsoft
server) to use it, including for the free accounts, which makes life
significantly simpler. I will need help to test it first, because these
are just my initial understandings, which can be false, because I only
begun to explore the API.
If you do not mind, I'll contact you off list with some simple code to
test, once I have any (that would be for the authentication part, to
check my guesses).