Exchange Online – New support for OAuth authentication for SMTP, IMAP and POP

If you are working with Exchange Online, chances are you have some components in your environment (applications, network devices…) which need to access mailboxes hosted in Exchange Online.

Well, until now the only way for most of these components was to use POP/IMAP/SMTP connections; which we all know is not the most secure protocols.

Good news, following the previous announcement of the Basic Authentication retirement, support for OAuth authentication for IMAP and SMTP (POP is currently being rolled out) is now available to access Exchange Online mailboxes.

To start enjoying this, you need first to register an application in Azure AD (see, delegate permissions to this Azure AD application for IMAP/POP/SMTP using the Delegated permissions blade using Microsoft Graph

The permissions to be delegated depend of the protocol you are using

Protocol Permission Scope
IMAP IMAP.AccessAsUser.All
POP POP.AccessAsUser.All

image  image  image
Then using the MSAL client libraries, you need to fetch an access token which will be used for authenticating your application.

OAuth integration with your application requires the use of SASL XOAUTH2 format for encoding and transmitting the access token.

base64(“user=” + userName + “^Aauth=Bearer ” + accessToken + “^A^A”)

Details are available here:

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.