By: @Rekha Puthusseri Veetal
Co-Author: @Lakshmeesh C Hegde
Microsoft plans to end support for Basic authentication to Exchange online in near future. Users are now encouraged to use Modern authentication.
What is Modern Authentication & how different is it from Basic Authentication?
The term “Modern Authentication” in Office365 is a combination of authentication and authorization methods, providing ways to increase the organization's security. It uses OAuth 2.0 token-based authentication provided by an identity provider (Microsoft) unlike password-based Basic Authentication, making it more secure.
What’s new?
MaaS360 Cloud Extender now supports Modern authentication (OAuth2.0) for Office 365 Email Notification module along with Basic authentication.
If you have a Cloud Extender with an Email Notification module already configured for Basic Authentication, it takes less than a few mins to set up Modern authentication. Isn’t it that simple?
Setting it up
Permissions required on Exchange Admin:
For Office 365, you must assign application impersonation rights to the listener accounts. To set these permissions, follow these steps on the Office 365 Exchange admin center:
Permissions > Admin roles > Discovery Management
-
-
From the Roles section, edit the group, and then click the plus sign (+) and choose Application Impersonation.
- Add every listener account that is used by the Cloud Extender under this role group.
- A Global Administrator account with access to Azure Active directory.
- Modern Authentication setting enabled on Microsoft Office 365.
- Administrator consent for Registered application.
Registering an application On the Azure AD admin portal
Redirect URI for registering an application: urn:ietf:wg:oauth:2.0:oob
Granting permission for registered application
Select the app that you registered on the Azure portal & grant API permissions. Update the Authentication for registered application to “Public Client’.
Email Notification configuration on MaaS360 portal
Enable the Email notification module from the MaaS360 portal.
From Setup > Services, expand and then select the message icon next to the Secure Mail section to enable email notifications for iOS devices in the MaaS360 portal.
Cloud Extender Configuration
How to test Office 365 Email Notifications with Modern Authentication on the MaaS360 Cloud Extender Configuration tool?
For testing, you need
- Client ID & Tenant ID
- Listener account with impersonation rights
- Test Mailbox account
Still having trouble setting up notifications?
Please ensure the below settings are also in place
1. MFA( Multi-factor authentication) is turned OFF for the Listener accounts configured on the CE Config tool
2. Security defaults for the listener account to be turned OFF on the Azure portal.
3. Persona policy settings are in place as mentioned in the following article.
https://community.ibm.com/community/user/security/blogs/margaret-radford/2021/12/17/s[…]s360-part1?CommunityKey=9d8b7835-e47a-4850-b400-d8c77708af84
And this is it! Hope this blog has helped you to set up Email Notifications using Modern authentication with ease.
Please reach out to us in the comments section in case of any queries/feedback.
Stay tuned for more blogs to know your Cloud Extender powers.
#Highlights-home#Highlights