Microsoft/Office 365 servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol. Using OAUTH protocol, user can do authentication by Microsoft Web OAuth instead of inputting user and password directly in application. This way is more secure, but a little bit complex.
Create your application in Azure Portal
To use Microsoft/Office365 in Alert, you must create an application in
- Sign in to the Azure portal using either a work account or a personal Microsoft account.
- If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.
In the left-hand navigation panel, select the Azure Active Directory service, and then select App registrations > New registration.
- Enter a application name (ex: "ALERT_VA") and select tenant corresponding to your requirement (here accounts in this organisation directory only[...] single tenant):
For point 4 put this adress: https://login.microsoftonline.com/common/oauth2/nativeclient
EWS API permission
Now we need to add permission to the application:
Click API Permission -> Add a permission:
Select APIs in my organization uses -> Office 365 Exchange Online -> Application Permission -> Check full_access_as_app :
Here is permissions list:
|If it turns out that you have the mention "not granted for XXXX" (2) you will have to ask the office 365 administrator to click on "Grant admin consent...." (1) by giving him the name you gave during 'application registration (ALERT_VA for this example)|
Client Id and client secrets
Now we need to create a client secret for the application, click Certificates and secrets -> client secrets and add a new client secret.
Enter a client secret description and a expiration time:
|As the due date of the client secret code is a maximum of 2 years, it is strongly recommended to put a reminder on an agenda to generate a new code before it expires.|
|Once the secret client Value has been generated, you will have to keep it yourself in a safe place. This is indeed the only time it is accessible through this interface.|
Client id and tenant
Now you can click Overview to find your client id and tenant id. This 2 informations will be used in the configuration of Exchange driver in ALERT.
If your application is single tenant, use the tenant value in tokenUri and authUri instead of "common". If your application is multitenant, use "common" as tenant.
Above client_id and secret support both "Office365" and "Live (hotmail, outlook personal account)".
Configuration in ALERT
In the Exchange driver configuration you must select "Office 365" in Exchange version (1) specify only your email address (2) (the password box is grey, it's normal) and click on "..." (3) to configure specific parameters for the connection:
In the new window, enter parameters which have been created earlier:
- Directory (tenant) ID (1) *
- Application (client) ID (2)*
- Client Secret password (Value) (3)
* You can find this IDs here:
Now the configuration of Exchange Driver is finish, and you can send/receive emails.