...

• Tenant (Realm / Directory Id)

• Client Id (Application Id)

• Client secrets

• Username(username can be any email address that you want the system to listen to new incoming emails).

Step-by-step guide to configure Azure account

Register Application

1. Login to your organizations Azure account.

2. Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.

3. Select New registration. On the Register an application page, set the values as follows.

   • Set Name to a friendly name for your app.

   • Set Supported account types to the choice that makes sense for your scenario.

   • For Redirect URI, set the value that is shown in the MXTS Communication Channel page.

     • Redirect URI - https://<concern-code>.maxxton.net/customercare/en-us/azure-oauth-callback.html

4. Choose Register. On the next page, copy the values of the Application (client) ID and Directory (tenant) ID and save them, you will need them later.

...

Copy the values of the Application (client) ID and Directory (tenant) ID and save them,

...

API Permission

Once the app is registered, then provide the API permissions that are required: -

1. Select API Permissions in the left-hand navigations under Mange.

2. Click on ➕ Add a permission , and then click on tab APIs my organization uses.

3. Search for API name Office 365 Exchange Online.

4. On the screen you will see two buttons on the screen Delegated Permissions and Application Permissions for the above API.

5. Select Application Permissions.

6. Under the Application Permissions search for the IMAP permission and select IMAP.AccessAsApp permission.

7. At last click on Add permissions.

8. Also grant the Microsoft Graph → User.read permission (this is the default permission added everytime).

...

1. Open the Microsoft API’s Tab and click on MicrosoftGraph

2. Select Delegated Permissions

3. Search for Mail.ReadWrite.Shared permission and click on Add Permission

   • Mail.ReadWrite.Shared - This permission allow us to read and write emails from main/shared account. using write permission we only mark/update email as read once our service successfully process the email.

4. Once permission is added click on Grant admin consent for MST (Note: Only admins have rights to grant the permission once added)

5. After permission is granted the status of the permission should be like this Granted for MSFT

That’s it all the necessary permissions are configured.

Old permissions that were configured:-

• https://graph.microsoft.com/User.Read (To read the user basic detail like email)

• https://ps.outlook.com/IMAP.AccessAsApp (To read the user emails from outlook)

...

...

(Note: Don’t remove the above two already configured permission because it might require again if new implementation doesn’t work as expected)

New permission that need to be configured:-

• https://graph.microsoft.com/Mail.ReadWrite.Shared

...

Image AddedImage Added

Generate client secrets

Once the API permissions are added to the registered application, it's time to generate the client secrets.

...

Once Register Application, API Permission and Generate client secrets all three of this steps are completed you can start setting up outlook account in the communication channel.

...

Setup communication channel (Video)

Below is the step-by-step video guide to setup Email (Outlook / Azure) communication channel type.

...

Some of the common errors that you can get during communication channel registration

Useful links

• https://testconnectivity.microsoft.com/tests/O365Imap/input : This will help you to test the IMAP server, please select authentication type as Modern authentication(OAuth).

References

https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

...