This is version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 . It is not the current version, and thus it cannot be edited.
[Back to current version]   [Restore this version]

About OAUTH2 for authentication: Microsoft OAuth 2.0 : Get access on behalf of a user Link

!!! Proxy Configuration: If your server accesses the internet through a proxy, make sure to whitelist the following domains to allow authentication:
• login.microsoftonline.com

Microsoft Graph Application Registration
#

This requires a Microsoft Graph application registration. Start by visiting the Microsoft Azure portal: Link

Application registration: Navigate to App registrations in the Azure Portal. Click on New registration to create a new application.



The Redirect URL must end with "register_microsoft_graph_api/".

    http://localhost:9090/register_microsoft_graph_api/

or

    
    https://your.crushftp.domain.com/register_microsoft_graph_api/
    

Secret key: A new client secret must be created. Go to Certificates & secrets, and generate a new client secret by clicking on New client secret. Ensure you copy over the value immediately!





API permission: You also need to grant the appropriate permissions for Microsoft Graph. Go to Api permission. Click on Add permission, and select Microsoft Graph. Choose Delegated Permission, then add either SMTP. Send, IMAP.AccessAsUser.All or both, depending on your requirements:




Client id: See at App Registration -> Overview -> Application (client) ID



!!!Warning: Make sure that the user's SMTP AUTH is enabled, otherwise SMTP authentication will fail. You can view the official documentation here: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.
Office 365: Navigate to the Microsoft 365 Admin Center (Link). Select the user and enable SMTP authentication. SMTP authentication will fail if this setting is not enabled.
Note: XOAUTH authentication requires user-delegated permissions, meaning the user must be a real, licensed user with authentication capabilities (i.e., they must have a valid product license and be able to sign in).

SMTP settings
#

SMTP Server Used for Emailing: Enter the SMTP server address used for sending emails, such as smtp.office365.com, using the default port 587.

    smtp.office365.com:587

SMTP Server Username, Password: If the SMTP server address contains office365 or outlook, the corresponding Get Refresh Token button will appear. Click that button to proceed.
!!! Note: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/

Enter the Client ID (See at App Registration -> Overview -> Application (client) ID), Client Secret (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID, and Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process. This will automatically configure the SMTP Server Username and SMTP Server Password.



Click the OK button, sign in with your Azure credentials, and grant access to CrushFTP.
!!! Note: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.
Once completed, the SMTP Server Username and the SMTP Server Password fields will be automatically populated with the Client ID and Refresh Token, respectively.

From email address: You must also specify the From email address. !!! Imnportant The From address must exactly match the signed-in Microsoft user’s email address (i.e., the account used to obtain the refresh token). Otherwise, SMTP authentication will fail.

Make sure to enable the SSL/TLS flag to ensure a secure connection.

PopImapTask#

Select the IMAPS protocol.

If the Host contains office365 or outlook, the corresponding Get Refresh Token button will appear.

Ensure that the IMAP protocol is enabled for the user. See the description: Managing email apps for user mailboxes Link.
Office 365:Navigate to the Microsoft 365 Admin Center. Link. Select the user and enable the IMAP protocol at "Manage email apps".
Provide the host and click on the Get Refresh Token button.

!!! Note: To obtain the Refresh Token, the CrushFTP WebInterface’s host and port must match the Redirect URL specified in the Azure App Registration. In our example, it was: http://localhost:9090 or https://your.crushftp.domain.com/

Click on Get Refresh Token button. Enter the Client ID (See at App Registration -> Overview -> Application (client) ID), Client Secret (See at App Registration -> Manage -> Certificates & secrets) make sure to copy the value field, not the ID, and Tenant ID (See at App Registration -> Overview -> Directory (tenant) ID). Proceed with the authentication and authorization process.
!!! Note: Be sure to sign in with the Microsoft Account that has the necessary permissions, as configured in the Azure App Registration mentioned above.
Since the email address is required after obtaining the refresh token, the Mail Username field must be adjusted. Enter your email address followed by a tilde (~) at the beginning of the Mail Username field.

Mail Username : <<your email address>>~<<what was before>>