Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Today, we’re excited to announce the availability of OAuth 2.0 authentication via client credentials grant flow for the POP and IMAP protocols for accessing Exchange Online mailboxes.

Applications that need to access Exchange Online mailboxes without user interaction and using the identity of the application as opposed to user identity are now supported. This is enabled by using service principals in Exchange and mailbox permissions. While no user interaction is needed, Exchange Online admins will need to provide specific mailbox access (using Exchange Online PowerShell) for applications’ service principals to access the mailboxes.

How it works

Once an admin has granted consent to an Azure Active Directory application, they must register the application’s service principal in Exchange Online. This is done using the new Exchange Online PowerShell cmdlet, New-ServicePrincipal (this cmdlet is currently rolling out).

Once the application’s service principal is registered in Exchange Online, the admin can give the application access to specific mailboxes using the Add-MailboxPermission cmdlet. The application can then authenticate POP and IMAP connections to the Exchange Online mailboxes.

The OAuth 2.0 client credentials grant flow can be used to generate access tokens, which can be used as the authentication token in SASL XOAUTH2 format for POP and IMAP connections to Exchange Online mailboxes.

You can follow these step-by-step instructions on how to implement client credentials flow support for POP and IMAP in your application.

Exchange Online Team

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.