150. How to connect to Office 365 IMAP using OAuth 2.0
Create Azure App Registration
An app registration needs to be created in Azure for granting the EzeScan access to an IMAP mailbox in Microsoft 365 using OAuth 2.0 authentication.
Navigate to the App Registrations in the Azure portal and click the New Registration button.
Enter the following details and then click Register.
Name: EzeScan IMAP
Supported account types: Accounts in this organizational directory only (Outback Imaging Pty Ltd only - Single tenant)
Redirect URI: Web - http://localhost:5000Click on the Certificates and secrets menu link on the left and then click the New Client secrets button.
Enter a description and select an expiry time for the secret and then click the Add button. (We recommend 24 months).
Copy and note down the value of your secret as you will need to enter this into your connection settings in EzeScan.
Click on the API permissions menu option and then click Add a permission.
Click the Microsoft Graph option.
Select the Delegated permissions option.
Search and then Add the IMAP.AccessAsUser.All permission.
Do the same for adding the offline_access permission.
Confirm you have successfully added the required permissions and then click Grant admin consent.
Click the Yes button to grant the consent.
Click on the Overview menu option and then select the Endpoints button. Take note of the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) as you will need them in the EzeScan configuration.
EzeScan Connection Settings
EzeScan Job/Route Import Settings can be seen below:
Setting | Example | Comments |
|---|---|---|
Server | outlook.office365.com | As per Microsoft documentation. |
Port | 993 | As per Microsoft documentation. |
Security Type | Implicit SSL/TLS | |
Authentication Type | OAuth | |
Grant Type | Authorization Code | Only Authorization Code grant type is supported for IMAP in Microsoft 365. |
Authorisation Endpoint | https://login.microsoftonline.com/812[…]68b/oauth2/v2.0/authorize | Refer to “OAuth 2.0 authorization endpoint (v2)” in App registration’s Endpoints page. |
Token Endpoint | https://login.microsoftonline.com/812[…]68b/oauth2/v2.0/token | Refer to “OAuth 2.0 token endpoint (v2)” in App registration’s Endpoints page. |
Scopes | https://outlook.office.com/IMAP.AccessAsUser.All offline_access | IMAP.AccessAsUser.All and offline_access scopes must be added to the App registration and grant approval by an Administrator. |
Desktop Redirect URL | http://localhost:5000 | Redirect URL must be included in App registration. Port 5000 is recommended to allow EzeScan Desktop to start a web listener and show the sign-in page using the default web browser. If the port is blocked EzeScan will instead use an embedded Microsoft Edge WebView2 browser control to perform sign-in. |
Client ID | 44f67570-8769-44b6-a392-d2a95475060a | Refer to “Application (client) ID” in App registration’s Overview page. |
Client Secret | c8d7e2e7-99e5-4fda-9a42-2ae2cdb74aac | The secret value added to App registration’s Certificate & Secrets page. Note the secret cannot be recovered after navigating away from the page. |
Username | correspondence@contoso.com | The email address of the signed-in user's mailbox or a shared mailbox. |
Further reading: