Skip to main content
Skip table of contents

150. How to connect to Office 365 IMAP using OAuth 2.0

Create Azure App Registration

An app registration needs to be created in Azure for granting the EzeScan access to an IMAP mailbox in Microsoft 365 using OAuth 2.0 authentication.

  1. Navigate to the App Registrations in the Azure portal and click the New Registration button.

  2. Enter the following details and then click Register.

    Name: EzeScan IMAP
    Supported account types: Accounts in this organizational directory only (Outback Imaging Pty Ltd only - Single tenant)
    Redirect URI: Web - http://localhost:5000

  3. Click on the Certificates and secrets menu link on the left and then click the New Client secrets button.

  4. Enter a description and select an expiry time for the secret and then click the Add button. (We recommend 24 months).

  5. Copy and note down the value of your secret as you will need to enter this into your connection settings in EzeScan.

  6. Click on the API permissions menu option and then click Add a permission.

  7. Click the Microsoft Graph option.

  8. Select the Delegated permissions option.

  9. Search and then Add the IMAP.AccessAsUser.All permission.

  10. Do the same for adding the offline_access permission.

  11. Confirm you have successfully added the required permissions and then click Grant admin consent.

  12. Click the Yes button to grant the consent.

  13. Click on the Overview menu option and then select the Endpoints button. Take note of the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) as you will need them in the EzeScan configuration.

EzeScan Connection Settings

EzeScan Job/Route Import Settings can be seen below:





As per Microsoft documentation.



As per Microsoft documentation.

Security Type

Implicit SSL/TLS

Authentication Type


Grant Type

Authorization Code

Only Authorization Code grant type is supported for IMAP in Microsoft 365.

Authorisation Endpoint[…]68b/oauth2/v2.0/authorize

Refer to “OAuth 2.0 authorization endpoint (v2)” in App registration’s Endpoints page.

Token Endpoint[…]68b/oauth2/v2.0/token

Refer to “OAuth 2.0 token endpoint (v2)” in App registration’s Endpoints page.

Scopes offline_access

IMAP.AccessAsUser.All and offline_access scopes must be added to the App registration and grant approval by an Administrator.

Desktop Redirect URL


Redirect URL must be included in App registration. Port 5000 is recommended to allow EzeScan Desktop to start a web listener and show the sign-in page using the default web browser. If the port is blocked EzeScan will instead use an embedded Microsoft Edge WebView2 browser control to perform sign-in.

Client ID


Refer to “Application (client) ID” in App registration’s Overview page.

Client Secret


The secret value added to App registration’s Certificate & Secrets page. Note the secret cannot be recovered after navigating away from the page.


The email address of the signed-in user's mailbox or a shared mailbox.

Further reading:

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.