Skip to main content

Connect Microsoft 365 emailbox

When you connect to Microsoft 365 mail boxes, it is mandatory to use the OAuth v2.0 authentication scheme via IMAP.  LogicalDOC uses the client credential flow to obtain the OAuth Token.

Register LogicalDOC as application in the Azure Portal

Open your Azure Portal, here in the Services section, open the App registrations. Click on New registration and enter LogicalDOC as the new application name.

LogicalDOC app

Now that the application has been registered, please enter the API permissions to provide the following permissions:

Microsoft Graph
-----------------------------
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
Mail.ReadWrite
Mail.Send
User.Read

Office 365 Exchange Online
----------------------------------
full_access_as_App
IMAP.AccessAsApp
Mail.Read
Mail.Send

LogicalDOC grants

Grant admin consent

Make sure to grant admin consent for all the application permissions.

Create the service principal in Exchange Online

Once consent has been provided, the admin must register your application's service principal in Exchange using Power Shell.

Open the Power Shell and install the module ExchangeOnlineManagement with these commands:

Install-Module -Name AzureAD -SkipPublisherCheck
Import-Module AzureAD
Install-Module -Name ExchangeOnlineManagement -SkipPublisherCheck
Import-Module ExchangeOnlineManagement

 

Exchange Online - InstallModule

Now register the Service Principal in Exchange with these other commands:

Connect-AzureAD
Connect-ExchangeOnline
New-ServicePrincipal -AppId {Application ID} -ObjectId {Object ID}

Make sure to replace the {Application ID} and {Object ID} with those codes from Enterprise applications rather than object id of App registration.
For the same application you registered in App registration, a corresponding application has been created in Enterprise applications as well. You need to pass object id from there while registering service principal in Exchange: 

 

LogicalDOC Enterprise App

Obtain the principal ID with this command:

Get-ServicePrincipal | fl

 

Exchange Service Principal

Add full permissions to the mailbox with this command:

Add-MailboxPermission -Identity {your email} -User {principal id} -AccessRights FullAccess

 

Exchange Service Principal

Generate a client secret

In order to allow LogicalDOC to connect to your Microsoft 365 a secret must be generated, to do so open the details of your newly registered app.

 

App Details

Here, click the Client credentials link and generate your secret.

Save the secret

Make sure to save the secret in a secure place because it is visible only now, and you will not be able to get it anymore in the future from the Azure portal.

Configure LogicalDOC

  1. Create the new email account to monitor in Administration > Import and Export > Email Accounts
  2. In the Protocol field put: IMAP Microsoft 365
  3. Enable the SSL
  4. In the Server field, put: outlook.office365.com
  5. In the Port field put: 993
  6. In the Username field, put the same mailbox
  7. In Client ID and Tenant ID put the values from the App details as you see in the Azure portal

    App Details

  8. In the Client Secret field, put the secret you previously saved

Email Settings

Save and test the mailbox connection.