Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(O365Modern quit working) question #306

Open
boldcompany opened this issue Aug 28, 2023 · 2 comments
Open

(O365Modern quit working) question #306

boldcompany opened this issue Aug 28, 2023 · 2 comments
Labels
answered question answered

Comments

@boldcompany
Copy link

We had an instance of DavMail working perfectly on a server, connecting to https://outlook.office365.com/EWS/Exchange.asmx using davmail.mode=O365Modern. This worked with no issues for many months.

Recently it seems O365 is enforcing phone checks, etc. during logins. Since this happened, we get the following error trying to use DavMail:
Authentication failed: invalid user or password

Obviously this seems tied to the O365 changes.

We tried the suggested workaround:
davmail.oauth.clientId=d3590ed6-52b3-4102-aeff-aad2292ab01c
davmail.oauth.redirectUri=urn:ietf:wg:oauth:2.0:oob
...but this achieved the same result.

Is there any current workaround in this situation, where we need DavMail to run on a server with no manual interaction?
@boldcompany boldcompany changed the title (O365Modern quit working) questions (O365Modern quit working) question Aug 28, 2023
@mguessan
Copy link
Owner

Phone checks means you have MFA enabled, I would strongly suggest you add Microsoft Authenticator as an authentication factor on your account, SMS by phone is not secure enough.

Then switch to O365Interactive or O365Manual to validate you can authenticate with MFA

I also need to simplify the authentication modes:

  • EWS: for on prem Exchange
  • O365: EWS on O365, may have to deprecate this one, basic authentication is now disabled on (almost ?) all tenants
  • O365Modern: fully automated OIDC authentication, working when MFA is not enabled and used to work with MS Authenticator... however now that number matching is enforced fully transparent auth with MFA is no longer an option. You may be able to grab the number matching number in logs but this in not practical
  • O365Interactive: O365 authentication with embedded browser, will work with most MFAs but not when workplace join is enforced
  • O365Manual: Fallback for interactive authentication, use your own browser to authenticate

@mguessan mguessan added the answered question answered label Sep 29, 2023
@logological
Copy link

Phone checks means you have MFA enabled, I would strongly suggest you add Microsoft Authenticator as an authentication factor on your account, SMS by phone is not secure enough.

Isn't Microsoft Authenticator a proprietary application? I think many users are using DavMail precisely to limit their use of proprietary software.

O365Modern: fully automated OIDC authentication, working when MFA is not enabled

Do you mean that O365Modern doesn't work with MFA? Because this is contradicted by the "Is Office 365 modern authentication / MFA supported ?" section of the FAQ, which says, "O365Modern: same logic as O365Interactive, but use client provided credentials for Oauth negotiation, trigger PhoneApp MFA check transparently".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
answered question answered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@logological @boldcompany @mguessan