

<pre>
About OAUTH2 for authentication: [Microsoft OAuth 2.0 : Get access on behalf of a user Link|https://docs.microsoft.com/en-us/graph/auth-v2-user]\\
\\
__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:\\
	•	login.microsoftonline.com\\
\\
!!!Microsoft Graph Application Registration\\
\\
This requires a __Microsoft Graph__ application registration. Start by visiting the Microsoft Azure portal: 
 [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\
\\
[attachments|new_registration.png]\\
\\
The Redirect URL must end with __&quot;register_microsoft_graph_api/&quot;__.\\
\\
{{{

    http://localhost:9090/register_microsoft_graph_api/

}}}\\
or
{{{
    
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    
}}}\\
\\
__Secret key:__  A new client secret must be created. Go to __Certificates &amp; secrets__, and generate a new client secret by clicking on __New client secret__. Ensure you copy over the __value__ immediately!\\
\\
[SharePoint Integration/new_secret.png]\\
\\
[attachments|ms_client_secet.png]\\
\\
__API permission:__ You also need to provide permission for the Microsoft Graph. Go to the Api permission. Click on Add permission, and select Microsoft Graph. Choose Delegated permission and add the &quot;
SMTP. Send&quot; or/and &quot;IMAP.AccessAsUser.All&quot; permission:\\
\\
[attachments|permission_microsoft_graph.png]\\
[attachments|permission_final.png]\\
\\
__Client id: __ See at App Registration -&gt; Overview -&gt; Application (client) ID\\ 
\\
[attachments|client_id.png]\\
\\
__!!!Warning__: Make sure that the user's __SMTP AUTH__ is enabled, otherwise SMTP authentication will fail. See description: [https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission].\\
__Office 365__:Navigate to the Microsoft 365 Admin Center. [https://admin.microsoft.com/Adminportal/Home?#/homepage]. Select the user and enable authentication for SMTP. SMTP authentication will fail without that permission. XOAUTH authentication requires user-delegated permission. It means the user must be a real user: __users with authentication possibility and with a product license__.\\
[attachments|auth_smtp_office_365.png]\\
\\
!!!SMTP settings\\
\\ 
Provide the SMTP server used for emailing (like smtp.office365.com)\\
Click on the &quot;Get Refresh Token&quot; button.\\
__In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.__\\
Provide the Client Id and Secret (from Azure App Registration) and &quot;common&quot; for the tenant input field.\\
\\
[attachments|smtp_get_refresh_token.png]\\
\\
Click on the OK button, and allow CrushFTP to have access to send email. __Make sure you sign in with the Microsoft Account which has permission to send emails (Configured on Azure's App Registration)!!!__ (SMTP.send is user-specific permission) As the end of the result, the SMTP Username and Password will fill the Client ID and the Refresh Token.\\
It is required to provide the email from the address too. __!!!The Email From address must match the signed-in Microsoft user's email address (the Microsoft Account used to gain the refresh token) otherwise, the SMTP authentication will fail.__\\
\\ 
[attachments|smtp_from_email.png]\\
\\
!!!PopImapTask
\\
Make sure the IMAP protocol is enabled for the user. See the description: [https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access].\\ __Office 365__:Navigate to the Microsoft 365 Admin Center. [https://admin.microsoft.com/Adminportal/Home?#/homepage]. Select the user and enable the IMAP protocol at &quot;Manage email apps&quot;.\\
Provide the host and click on the Get Refresh Token button.\\
__In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.__\\
Because the email address is essential after you got the refresh token, the Mail Username input field needs to be modified.\\
Put your email address ended with a tilde(~) at the beginning of the Mail Username input field.\\
\\
{{{
Mail Username : &lt;&lt;your email address&gt;&gt;~&lt;&lt;what was before&gt;&gt; 
}}}
\\
[attachments|pop_imap_task.png]\\
\\

</pre>