Microsoft advised customers to discontinue BASIC authentication for Office 365 SMTP service. This page documents how to enable OneList to use Microsoft Graph Service for sending and receiving email. OneList authenticates with MS Graph using the OAUTH client credentials grant flow.
Azure AD Configuration
Create a new Application Registration for OneList.
Create a client secret for the application.
Add the following Application Permissions for Microsoft Graph and grant Admin consent to all the permissions.
Mail.ReadWrite
Mail.Send
Send the following information to IQX OneList Team
Tenant Id
Application Id
Client Secret
Mailbox account (e.g. noreply@yourdomain.com)
More information can be found here:
https://learn.microsoft.com/en-us/graph/auth-v2-service
https://learn.microsoft.com/en-us/graph/permissions-reference#application-permissions-39
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access
OneList Configuration
Add the following entries to the Kubernetes config map:
IMAP__Authority: https://login.microsoftonline.com/<Azure Tenant Id>/v2.0
IMAP__ClientId: <the Application Id>
IMAP__ClientSecret: <the Client Secret>
IMAP__UserName: <the mailbox user account>
IMAP__Class: IQX.OneList.EmailApproval.Services.MsGraphHandlerService (only required for Email Approval)
Mailer__Class: IQX.Comms.Services.MSGraphMailer