About OAUTH2 for authentication: [Microsoft OAuth 2.0 : Get access on behalf of a user Link|https://docs.microsoft.com/en-us/graph/auth-v2-user]\\
\\
__!!! Proxy Configuration:__ If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:\\
	•	login.microsoftonline.com\\
\\
!!!Microsoft Graph Application Registration\\
\\
This requires a __Microsoft Graph__ application registration. Start by visiting the Microsoft Azure portal: 
 [Link|https://azure.microsoft.com/en-us/features/azure-portal/]\\
\\
__Application registration:__ Navigate to App registrations in the Azure Portal. Click on __New registration__ to create a new application.\\
\\
[attachments|new_registration.png]\\
\\
The Redirect URL must end with __"register_microsoft_graph_api/"__.\\
\\
{{{

    http://localhost:9090/register_microsoft_graph_api/

}}}\\
or
{{{
    
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    
}}}\\
\\
__Secret key:__  A new client secret must be created. Go to __Certificates & secrets__, and generate a new client secret by clicking on __New client secret__. Ensure you copy over the __value__ immediately!\\
\\
[SharePoint Integration/new_secret.png]\\
\\
[attachments|ms_client_secet.png]\\
\\
__API permission:__ You also need to grant the appropriate permissions for Microsoft Graph. Go to __Api permission__. Click on __Add permission__, and select __Microsoft Graph__. Choose __Delegated Permission__, then add either __SMTP. Send__, __IMAP.AccessAsUser.All__ or both, depending on your requirements:\\
\\
[attachments|permission_microsoft_graph.png]\\
[attachments|permission_final.png]\\
\\
__Client id: __ See at App Registration -> Overview -> Application (client) ID\\ 
\\
[attachments|client_id.png]\\
\\
__!!!Warning__: Make sure that the user's __SMTP AUTH__ is enabled, otherwise SMTP authentication will fail. You can view the official documentation here: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online|https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission].\\
__Office 365__: Navigate to the Microsoft 365 Admin Center ([Link|https://admin.microsoft.com/Adminportal/Home?#/homepage]). Select the user and enable SMTP authentication. SMTP authentication will fail if this setting is not enabled.\\
__Note__: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).\\
[attachments|auth_smtp_office_365.png]\\
\\
!!!SMTP settings\\
\\ 
__SMTP Server Used for Emailing__: Enter the SMTP server address used for sending emails, such as __smtp.office365.com__, using the default port __587__.\\
{{{
    smtp.office365.com:587
}}}\\
\\
__SMTP Server Username, Password__: If the SMTP server address contains __office365__ or __outlook__, the corresponding __Get Refresh Token__ button will appear. Click that button to proceed.\\
__!!! Note__: To obtain the __Refresh Token__, the CrushFTP WebInterface’s host and port must match the __Redirect URL__ specified in the __Azure App Registration__. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/\\
\\
Enter the __Client ID__ (See at App Registration -> Overview -> Application (client) ID), __Client Secret__ (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the __value__ field, not the ID, and __Tenant ID__ (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. This will automatically configure the __SMTP Server Username__ and __SMTP Server Password__.\\
\\
[attachments|smtp_get_refresh_token.png]\\
\\
Click the __OK__ button, sign in with your Azure credentials, and grant access to CrushFTP.\\
__!!! Note__: Be sure to sign in with the __Microsoft Account__ that has the __necessary permissions__, as configured in the Azure App Registration mentioned above.\\
Once completed, the __SMTP Server Username__ and the __SMTP Server Password__ fields will be automatically populated with the Client ID and Refresh Token, respectively.\\
\\
__From email address__: You must also specify the __From__ email address. __!!! Imnportant__ The __From__ address must exactly match __the signed-in Microsoft user’s email address__ (i.e., the account used to obtain the refresh token). Otherwise, SMTP authentication will fail.\\ 
\\
Make sure to enable the __SSL/TLS__ flag to ensure a secure connection.
\\
[attachments|smtp_from_email.png]\\
\\
!!!PopImapTask
\\
Ensure that the IMAP protocol is enabled for the user. See the description: [Managing email apps for user mailboxes Link|https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/pop3-and-imap4/enable-or-disable-pop3-or-imap4-access].\\ __Office 365__:Navigate to the Microsoft 365 Admin Center. [Link|https://admin.microsoft.com/Adminportal/Home?#/homepage]. Select the user and enable the IMAP protocol at "Manage email apps".\\
Provide the host and click on the Get Refresh Token button.\\
__In order to get the Refresh token, CrushFTP WebInterface's host and port number must match with the redirect URL specified at Azure Application Registration.__\\
Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted.
Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.\\
\\
{{{
Mail Username : <<your email address>>~<<what was before>> 
}}}
\\
[attachments|pop_imap_task.png]\\
\\