davmail icon indicating copy to clipboard operation
davmail copied to clipboard

Published 20 hours ago verified publisher icon mguessan

Detailed Documentation for O365 Modern with MFA in Server-Mode

Open joker32 opened this issue 5 years ago • 6 comments

Hello.

I would like to implement Davmail for a mailbox hosted in Exchange Online (Office 365). Conditional Access in Azure AD requires MFA to access the mailbox with a browser from a non-compliant device. Davmail 5.4.0 runs as a service on Ubuntu 18.04 Server without a desktop environment.

I have created an application in Azure AD with the required permissions

Can someone share a davmail configuration and an Azure AD configuration for this scenario?

Thanks! Max

joker32 avatar Feb 21 '20 16:02 joker32

If you created a new application in Azure AD you will probably have to go through the consent screen first. If you are an admin you can do this directly from Azure console.

Note that the only MFA mode that will work in server mode is application push, the only one that does not require user interaction.

I would also suggest trying in desktop mode to validate configuration.

mguessan avatar Mar 04 '20 22:03 mguessan

The Azure AD part is fine.

Can you give me an example for the configuration (Davmail) with application push?

Davmail runs on an Ubuntu server without a desktop.

joker32 avatar Mar 05 '20 18:03 joker32

Application is on Azure side, not DavMail: connect to portal.azure.com and enrole your phone with Microsoft Authenticator. Then you should be able to authenticate in DavMail with O365Modern authenticator.

Note that this will not work if your admins require device authentication.

mguessan avatar Mar 06 '20 00:03 mguessan

The Azure AD part is okay. Can you please send me an example of the Davmail configuration? I would like to check if I have done everything right here.

joker32 avatar Mar 21 '20 07:03 joker32

Well, the sample configuration is at: https://github.com/mguessan/davmail/blob/master/src/etc/davmail.properties

However I strongly suggest you try DavMail in workstation mode first to validate your settings.

mguessan avatar Mar 29 '20 10:03 mguessan

I cannot find any worked configuration for O365 and server mode. With any davmail.mode I get:

2021-11-16 07:16:03,810 DEBUG [ImapConnection-53186] httpclient.wire.header  - >> "GET /EWS/Exchange.asmx HTTP/1.1[\r][\n]"
2021-11-16 07:16:03,814 DEBUG [ImapConnection-53186] httpclient.wire.header  - >> "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/6.0; Microsoft Outlook 15.0.4420)[\r][\n]"
2021-11-16 07:16:03,814 DEBUG [ImapConnection-53186] httpclient.wire.header  - >> "Host: outlook.office365.com[\r][\n]"
2021-11-16 07:16:03,814 DEBUG [ImapConnection-53186] httpclient.wire.header  - >> "[\r][\n]"
2021-11-16 07:16:04,294 DEBUG [ImapConnection-53186] httpclient.wire.header  - << "HTTP/1.1 401 Unauthorized[\r][\n]"

2021-11-16 07:19:44,524 DEBUG [ImapConnection-53188] davmail.exchange.ExchangeSession  - Test configuration status: 401

NO unsupported authentication method

in IMAP

hartois avatar Nov 16 '21 05:11 hartois