\\
!1. Microsoft SMTP via OAuth 2.0 \\
Traditionally, __SMTP__ authentication with Microsoft services (like Outlook or Microsoft 365) used username and password. However, Microsoft now strongly recommends (and in many cases enforces) the use of __OAuth 2.0__ for authentication, especially for enhanced security and compliance.\\
\\
About OAuth 2.0 ([OAuth Wikipedia Link|https://en.wikipedia.org/wiki/OAuth]) for authentication: [Microsoft OAuth 2.0 : Get access on behalf of a user Link|https://docs.microsoft.com/en-us/graph/auth-v2-user]\\
\\
__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:\\
	•	login.microsoftonline.com\\
This requires a __Microsoft Graph__ application registration. Start by visiting the Microsoft Azure portal: 
 [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\
\\
[attachments|new_registration.png]\\
\\
The Redirect URL must end with __register_microsoft_graph_api/__.\\
\\
{{{

    http://localhost:9090/register_microsoft_graph_api/

}}}\\
or
{{{
    
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    
}}}\\
\\
__Secret key:__  A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. Ensure you copy over the __value__ immediately!\\
\\
[SharePoint Integration/new_secret.png]\\
\\
[attachments|ms_client_secet.png]\\
\\
__API permission:__ You also need to grant the appropriate permissions for Microsoft Graph. Go to __Api permission__. Click on __Add permission__, and select __Microsoft Graph__. Choose __Delegated Permission__, then add either __SMTP. Send__, __IMAP.AccessAsUser.All__ or both, depending on your requirements:\\
\\
[attachments|permission_microsoft_graph.png]\\
[attachments|permission_final.png]\\
\\
__Client id: __ See at App Registration -> Overview -> Application (client) ID\\ 
\\
[attachments|client_id.png]\\
\\
__!!!Warning__: Make sure that the user's __SMTP AUTH__ is enabled, otherwise SMTP authentication will fail. You can view the official documentation here: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online|https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission].\\
__Office 365__: Navigate to the Microsoft 365 Admin Center ([Link|https://admin.microsoft.com/Adminportal/Home?#/homepage]). Select the user and enable SMTP authentication. SMTP authentication will fail if this setting is not enabled.\\
__Note__: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).\\
[attachments|auth_smtp_office_365.png]\\
\\
----
!2. SMTP settings\\
Navigate to __Server Admin__ -> __Preferences__ -> [General Settings] -> __SMTP Settings__:\\
\\ 
__SMTP Server Used for Emailing__: Enter the SMTP server address used for sending emails, such as __smtp.office365.com__, using the default port __587__.\\
{{{
    smtp.office365.com:587
}}}\\
\\
__SMTP Server Username, Password__: If the SMTP server address contains __office365__ or __outlook__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\
__!!! Note__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\
\\
Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. This will automatically configure the __SMTP Server Username__ and __SMTP Server Password__.\\
\\
[attachments|smtp_get_refresh_token.png]\\
\\
Click the __OK__ button, sign in with your Azure credentials, and grant access to CrushFTP.\\
__!!! Note__: Be sure to sign in with the __Microsoft Account__ that has the __necessary permissions__, as configured in the Azure App Registration mentioned above.\\
Once completed, the __SMTP Server Username__ and the __SMTP Server Password__ fields will be automatically populated with the Client ID and Refresh Token, respectively.\\
\\
__From email address__: You must also specify the __From__ email address. __!!! Important__ The __From__ address must exactly match __the signed-in Microsoft user’s email address__ (i.e., the account used to obtain the refresh token). Otherwise, SMTP authentication will fail.\\ 
\\
Make sure to enable the __SSL/TLS__ flag to ensure a secure connection.
\\
[attachments|smtp_from_email.png]\\
\\
----
!3. PopImapTask\\
\\
Select the __IMAPS__ protocol.\\
Ensure that the IMAP protocol is enabled for the user. See the description: [Managing email apps for user mailboxes Link|https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access].\\ __Office 365__:Navigate to the Microsoft 365 Admin Center. [Link|https://admin.microsoft.com/Adminportal/Home?#/homepage]. Select the user and enable the IMAP protocol at __Manage email apps__.\\
\\
__Host:__\\
{{{
    smtp.office365.com
}}}
__Port__: __993__\\
If the __Host__ contains __office365__ or __outlook__, the corresponding __Get Refresh Token__ button will appear.\\
__!!! Note__: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\
\\
Click on __Get Refresh Token__ button. Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. 
\\
__!!! Note__: Be sure to sign in with the __Microsoft Account__ that has the __necessary permissions__, as configured in the Azure App Registration mentioned above.\\
Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted.\\
Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.\\
\\
{{{
Mail Username : <<your email address>>~<<what was before>> 
}}}
\\
[attachments|pop_imap_task.png]\\
\\
More info: [Link| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CrushTask#section-CrushTask-POP3IMAP]\\
\\