IMAP - Microsoft 365 - Setup Account

Zuar Runner uses OAuth 2.0 to gain access to the contents of your Microsoft 365 or Outlook.com mail. This requires the creation of an “app” in Microsoft Entra ID (formerly known as Active Directory) that can act on your behalf. Once the app has been created, the credentials associated with the app are used to authenticate Zuar Runner to Microsoft when your IMAP job(s) run.

Microsoft documentation describing how to do this can be found here and also here.

Note

  • You only need to create one “app” within Azure AD, regardless of the number of IMAP jobs you wish to create.

  • Once created, the “app” can be used by anyone with an email address in your organization.

Prerequisites

  1. An Azure account that has an active subscription.

  2. The account must have an administrator, or developer role assigned to it.

Register an Application in Azure AD

  1. Signin to the Azure Portal.

  2. If you have multiple tennants, ensure that you are in the correct tennant.

  3. Search for and select “Microsoft Entra ID”.

  4. Navigate: Manage --> App registrations --> New registration

    1. Name your applications

    2. Select the correct account type. register

    3. Click Register

  5. The app’s Overview page will be displayed. overview

  6. Make a copy the Application (client) ID (client_id) and Directory (tenant) ID (tenant_id). You’ll use these later when creating a job using the wizard.

Create Application Credentials

  1. On the app’s Overview page, click Certificates & secrets.

  2. Click + New client secret. client secret

  3. Make a copy of the Secret ID (client_secret) for later use. client secret

Grant Permissions to Application

API Permissions

  1. On the app’s Overview page, click API Permissions.

  2. Use + Add a permission.

  3. Under Select an API, click APIs my organizaiton uses.

  4. In the search box, type “Office 365 Exchange Online”.

  5. From the list that is displayed, click on Office 365 Exchange Online.

  6. Under What type of permissions..., click Application Permissions.

  7. Under IMAP click IMAP.AccessAsApp. permissions

  8. Click Add permissions.

  9. Click Grant admin consent for ... to grant admin permissions to IMAP.AccessAsApp. permissions

Authentication

  1. On the app’s Overview page, click Authentication.

    1. Under Advanced Settings, click Yes for Enable the following mobile and desktop flows:

    2. Click Save

permissions

Microsoft Graph Permissions

  1. On the app’s Overview page, click API Permissions.

  2. Under API permissions, click Microsoft Graph.

  3. Select the following permissions:

    • email

    • offline_access

    • openid

    • profile

    • IMAP.Access.AsUser.All

    • User.Read

  4. Click Update Permissions.

Confirm Permissions

When you are done, you should have the following permissions: permissions

Credentials

You have successfully configured an app within Azure that can be used with Zuar Runner’s IMAP job.

You should have collected credentials similar to the following (the format is unimportant):

client_id = 9aef02cb-6efb-485f-91b8-ea57fda29d68
client_secret = utM8Q~xHAJt4PSCZzDKlL5P~WPgSlautR-VMrdsR
tenant_id=abdfa575-4bf4-4e51-878b-14e280eab912

You’ll need these credentials when you run the IMAP wizard to create an IMAP job. Instructions for doing that can be found here.