View Attach (16) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 auth_smtp_office_365.png 44.1 kB 1 05-Dec-2023 05:32 krivacsz
png
 client_id.png 92.7 kB 1 05-Dec-2023 05:32 krivacsz
png
 enable_access_token.png 50.3 kB 1 05-Dec-2023 05:32 krivacsz
png
 microsoft_app_password.png 39.9 kB 2 06-Jun-2025 09:13 krivacsz
png
 microsoft_enable_app_password.... 150.5 kB 1 06-Jun-2025 09:13 krivacsz
png
 microsoft_security_details.png 164.8 kB 1 13-Jun-2025 03:31 krivacsz
png
 ms_client_secet.png 88.6 kB 2 03-May-2025 02:37 krivacsz
png
 new_registration.png 86.9 kB 1 05-Dec-2023 05:32 krivacsz
png
 new_secret.png 138.7 kB 1 05-Dec-2023 05:32 krivacsz
png
 permission_final.png 209.0 kB 1 05-Dec-2023 05:32 krivacsz
png
 permission_microsoft_graph.png 182.9 kB 1 05-Dec-2023 05:32 krivacsz
png
 pop_imap_task.png 141.8 kB 3 14-May-2025 02:49 krivacsz
png
 register_app.png 230.6 kB 1 05-Dec-2023 05:32 krivacsz
png
 smtp_from_email.png 50.3 kB 1 05-Dec-2023 05:32 krivacsz
png
 smtp_get_refresh_token.png 44.7 kB 2 05-Dec-2023 05:32 krivacsz
png
 tenant_security_defaults.png 74.0 kB 1 06-Jun-2025 09:30 krivacsz

This page (revision-202) was last changed on 13-Jun-2025 03:33 by krivacsz

This page was created on 05-Dec-2023 05:32 by krivacsz

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 2 changed one line
\\
----
At line 5 added 2 lines
__⚠️ Constraints__: __It is only supported for accounts with 2-Step Verification enabled.__\\
\\
At line 7 removed 2 lines
__⚠️ Note__: It requires __2 Factor__ to be enabled on the Microsoft Account.\\
\\
At line 13 added one line
----
At line 15 added 2 lines
__1.1 Microsoft Personal Accounts__ (@outlook.com, @hotmail.com, etc.):\\
🔴 App Passwords do not work with SMTP/IMAP/POP for these accounts anymore. __⚠️ Microsoft has deprecated basic auth for personal accounts__.\\
At line 18 added 50 lines
----
__1.2 Microsoft 365 (work or school) accounts__:\\
\\
For Microsoft 365 (work or school) accounts, __App Passwords__ and __Multi-Factor Authentication (MFA)__ are managed centrally by your organization through __Microsoft Entra ID (formerly Azure Active Directory)__ — not through the personal Microsoft account portal.\\
\\
__How to enable App Passwords:__:\\
• Go to the legacy __MFA portal__: [MultifactorVerification Link|https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx] (Admin user)\\
• Click on the __Service settings__ tab.\\
• Enable the flag: __Allow users to create app passwords to sign in to non-browser apps__\\
[SMTP Microsoft Graph XOAUTH 2 Integration/microsoft_enable_app_password.png]\\
\\
__Check App Password Availability:__\\
a. Go to: [Security info Link| https://mysignins.microsoft.com/security-info]\\
b. Sign in with your work or school email\\
c. Follow the prompts to configure MFA using:\\
• Microsoft Authenticator app (recommended)\\
• Phone call or SMS (if permitted by your organization’s policy)\\
d. If enabled by your admin, click on __+Add sign-in method__ button and you will see an __App passwords__ link in the menu to generate one:\\
[SMTP Microsoft Graph XOAUTH 2 Integration|microsoft_app_password.png]\\
e. If you don’t see the __App passwords__ option:
Check and enforce MFA:\\
• Go to [MultifactorVerification Link|https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx] (Admin user)\\
• Find the target user.\\
• In the __MFA Status__ column, confirm it says: __Enforced__. Otherwise, enable __MFA__.\\
\\
__Check if Security Defaults are enabled:__\\
__App Passwords__ will not work if __Microsoft Entra ID Security Defaults__ are __enabled__ for your __tenant__.\\
To disable them:\\
• Go to the Microsoft Entra admin portal [Microsoft EntraLink|https://entra.microsoft.com] (Admin user)\\
• Navigate to: __Identity > Overview > Properties__ Scroll down to Security Defaults and click __Manage security defaults__\\
•Select Disable, then click Save. __Changes may take 5–10 minutes to take effect.__\\
[SMTP Microsoft Graph XOAUTH 2 Integration|microsoft_security_details.png]\\
[SMTP Microsoft Graph XOAUTH 2 Integration|tenant_security_defaults.png]\\
\\
🔴 __Error message__ like:\\
{{{Authentication unsuccessful, user is locked by your organization's security defaults policy. Contact your administrator.}}}
This indicates that your Microsoft 365 tenant has __Security Defaults__ enabled, which blocks __App Passwords__ completely, even if they were created successfully. Disable Security Defaults (if you’re the admin) [Microsoft Entra Link|https://entra.microsoft.com]. __Identity -> Overview -> Properties -> Manage security defaults__ \\
\\
----
\\
Usage:\\
{{{
Username: your_email@outlook.com
Password: [your generated app password]
}}}\\
\\
----
__⚠️ Note__: Microsoft strongly recommends modern authentication (__OAuth 2.0__) instead of app passwords. Some tenants block app passwords entirely for security reasons.\\
----
\\
At line 21 changed 2 lines
This requires a __Microsoft Graph__ application registration. Start by visiting the Microsoft Azure portal:
[Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
This requires a __Microsoft Graph__ application registration.\\
At line 76 added 2 lines
Start by visiting the __Microsoft Azure Portal__: [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
At line 28 changed one line
The Redirect URL must end with __register_microsoft_graph_api/__.\\
In the Redirect URI section, for Platform configuration, select __Web__. The Redirect URL must end with __register_microsoft_graph_api/__.\\
At line 53 changed one line
__Note__: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).\\
__Note__: OAuth 2.0 authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).\\
At line 65 changed one line
__SMTP Server Username, Password__: If the SMTP server address contains __office365__ or __outlook__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\
__SMTP Server Username, Password__:\\
----
__a.)__ __App passwords__: [Microsoft App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Microsoft%20Graph%20XOAUTH%202%20Integration#section-SMTP+Microsoft+Graph+XOAUTH+2+Integration-1.MicrosoftAppPasswords]\\
{{{
SMTP Server Username: your_email@outlook.com
SMTP Server Password: [your generated app password]
}}}\\
----
__b.)__ __OAuth 2.0__: [Microsoft Mail via OAuth 2.0 Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Microsoft%20Graph%20XOAUTH%202%20Integration#section-SMTP+Microsoft+Graph+XOAUTH+2+Integration-2.MicrosoftMailViaOAuth2.0]\\
If the SMTP server address contains __office365__ or __outlook__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\
At line 76 changed one line
__From email address__: You must also specify the __From__ email address. __!!! Important__ The __From__ address must exactly match __the signed-in Microsoft user’s email address__ (i.e., the account used to obtain the refresh token). Otherwise, SMTP authentication will fail.\\
__From email address__: You must also specify the __From__ email address. __⚠️ Important__ The __From__ address must exactly match __the signed-in Microsoft user’s email address__ (i.e., the account used to obtain the refresh token) or the account associated with the App Password. Otherwise, SMTP authentication will fail.\\
At line 94 changed one line
Configure the __App registration__. See at [Microsoft Mail via OAuth 2.0|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Microsoft%20Graph%20XOAUTH%202%20Integration#section-SMTP+Microsoft+Graph+XOAUTH+2+Integration-1.MicrosoftMailViaOAuth2.0]\\
__Mail Username, Password__:\\
----
__a.)__ __App passwords__: __⚠️ Constraints__: __It is only supported for accounts with 2-Step Verification enabled.__\\ [Microsoft App Passwords Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Microsoft%20Graph%20XOAUTH%202%20Integration#section-SMTP+Microsoft+Graph+XOAUTH+2+Integration-1.MicrosoftAppPasswords]\\
{{{
Mail Username: your_email@outlook.com
Mail Password: [your generated app password]
}}}\\
----
__b.)__ __OAuth 2.0__: Configure the __App registration__. See at [Microsoft Mail via OAuth 2.0|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=SMTP%20Microsoft%20Graph%20XOAUTH%202%20Integration#section-SMTP+Microsoft+Graph+XOAUTH+2+Integration-1.MicrosoftMailViaOAuth2.0]\\
\\
At line 181 added one line
----
At line 183 added one line
----
Version Date Modified Size Author Changes ... Change note
202 13-Jun-2025 03:33 12.794 kB krivacsz to previous
201 13-Jun-2025 03:33 12.793 kB krivacsz to previous | to last
« This page (revision-202) was last changed on 13-Jun-2025 03:33 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
...nobody

JSPWiki