Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Microsoft Exchange Online and POP3 Access

ewilson
Staff
Staff

a week ago - last edited a week ago

Hi Folks,

I thought I'd post an update for anyone who makes use of the POP3/SMTP/IMAP VBO along with Exchange Online.

As you may or may not know, Microsoft has been working to remove support of older APIs and protocols from their products/platforms for some time now. Some examples include removal of the COM API from the latest Outlook client and removal of POP3 support for Delegated Access tokens from Exchange Online.

This last one can create an issue if you have digital workers currently leveraging the POP3/SMTP/IMAP VBO to interact with specific user mailboxes via Delegated Access. You can address this in one of two ways:

  1. Switch to an Application Access token (the equivalent of a service account)
  2. Switch to using the Graph API and our Microsoft 365 - Outlook connector (Note: The Outlook client is not actually required to use this connector).

For option #1, there are some specific steps you have to undertake to setup Exchange to permit this access. I've outlined them below:

 
Register Your Application w/ Exchange Online
  1. You first need to obtain the application ID and object ID of the application registration in Entra. Go to your Azure Portal and then App registrations.
     
    ewilson_2-1782225104899.png
  2. Find your specific application definition and click on it. That should bring you to the overview screen where you'll find the Object ID and Application (client) ID​​.
     
    ewilson_3-1782225142916.png
  3. Copy those two IDs and then open a Powershell terminal and connect to your Exchange Online instance. To connect to Exchange Online from a Powershell terminal, reference the attached Microsoft link:
    Connect to Exchange Online PowerShell | Microsoft Learn 

  4. Once you're Powershell terminal is connected to Exchange Online, run the following command to register your application:

    New-ServicePrincipal -AppId <YOUR APP ID> -ObjectId <YOUR OBJECT ID> -DisplayName "NAME OF YOUR APP"

  5. You can then verify the registration took place by executing this command:

    Get-ServicePrincipal | fl DisplayName,AppId,ServiceId​

  6. Now, you must grant the service principal access to the specific mailbox. You do that with the following command:

    Add-MailboxPermission -Identity <SPECIFIC MAILBOX ADDRESS> -User <APP OBJECT ID> -AccessRights FullAccess​
At this point, you should be able to request an Application Access token, via the MSAL.NET VBO, and pass that into the POP3/SMTP/IMAP VBO, along with the mailbox address, and be able to connect to and retrieve email from said mailbox.
 
NOTE: These directions do not include the steps necessary to create your initial application registration in Entra. For that, refer to the user guide included with the MSAL VBO.
 
If you don't want to mess with the Powershell and Exchange registration steps outlined above, the better option is to switch the using the Graph API. It is Microsoft's go-to API for most things these days.
 
Cheers,
Eric
0 REPLIES 0