Exchange Online – New support for OAuth authentication for SMTP, IMAP and POP

If you are working with Exchange Online, chances are you have some components in your environment (applications, network devices…) which need to access mailboxes hosted in Exchange Online.

Well, until now the only way for most of these components was to use POP/IMAP/SMTP connections; which we all know is not the most secure protocols.

Good news, following the previous announcement of the Basic Authentication retirement, support for OAuth authentication for IMAP and SMTP (POP is currently being rolled out) is now available to access Exchange Online mailboxes.

To start enjoying this, you need first to register an application in Azure AD (see, delegate permissions to this Azure AD application for IMAP/POP/SMTP using the Delegated permissions blade using Microsoft Graph

The permissions to be delegated depend of the protocol you are using

Protocol Permission Scope
IMAP IMAP.AccessAsUser.All
POP POP.AccessAsUser.All

image_thumb  image_thumb[1]  image_thumb[2]
Then using the MSAL client libraries, you need to fetch an access token which will be used for authenticating your application.

OAuth integration with your application requires the use of SASL XOAUTH2 format for encoding and transmitting the access token.

base64(“user=” + userName + “^Aauth=Bearer ” + accessToken + “^A^A”)

Details are available here:

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies