Enabling Modern Auth (OAuth 2.0) for service mailbox

Anders Larsson 5 Aug 2022

Hi! 
I am about to test out Modern auth (OAuth 2.0) for a customer in their test-environment.

System upgraded to 10.1.2

 

I did see this post talking about issues if same serial was activated 2 times ?

OAuth 2.0 Service mailbox - invalid client_id (superoffice.com)

https://community.superoffice.com/en/forums/pilot-program/previous-pilot-programs/oauth-2.0-for-superoffice/oauth-2.0-service-mailbox---invalid-client_id/

 

How are we suposed to handle test/prod environements using the same serialnumber after activating Modern Auth (OAuth2)

Some of our customers have a separate test-environment that is production dump with separate mailbox(es) for testing of service , forms, and mailing, inbox etc. I mean If i test out modern auth in the test-environment that will, if I understand correctly, block the activation in the Production Environment?

 

If Possible, you should allow 2 registrations per serial , so that a test-environment can co-exist with a production envrionment. It would also be nice with some sort of partner-self-service for checking/unblocking a serialnumber. (Maybe that would possible in the new devloper portal somehow)

 

Since there will be a lot of preasure on upgrades for on prem customers until october, when MS starts the deactivation of Basic Auth for MAPI,POP,EWS protocols.

 

How do I switch a mailbox from MAPI(S) to modern auth?

Just "change auth" button?

Or do I need to recreate the mailbox from scratch?

 

It would help with a conversion-guide for MAPIS => Modern Auth?
Does one exist?

What must be prepared on the M365 side for a certain dedicated service email-box?

 

Best regards

Anders


D

RE: Enabling Modern Auth (OAuth 2.0) for service mailbox

David Hollegien 5 Aug 2022

Anders Larsson
9 Aug 2022
Thanks for you answer David.
A separate license for customer test environments might be a solution, but not optimal I think.
And thanks for the tip that it must be a real user, shared mailbox is still not good enough it seems. (that was on my todo list to test, but since I guess you have tested it, that saves me some time)

I would like to have an answer from RND on how we are supposed to handle test/prod environments when we start activating Modern Auth on service-mailboxes. If not 2 instance (1 test and 1 prod ) is possible I think OnPrem customers should get free extra serial key(s) to be used in test-environments. (preferably key-request via some sort of self service)

But now when I reconsider an extra serial for test will effect other 3rd party components and cause them to also issue new licensees for test so it absolutely not a preferred solution..

/Anders

RE: Enabling Modern Auth (OAuth 2.0) for service mailbox

Frode Berntsen 16 Aug 2022

Anders Larsson
29 Aug 2022
Hi Frode!
Thanks for the answer but I am still a bit confused.
Can you eleborate a bit between App Password and OAuth 2.0 ?
By App password do you mean classic basic auth over IMAPS or what am I missing here?
From what I have read it is a but to activate IMAPS over modern Auth and we then use the credentials for the mailbox we want to convert. Are there different options there in the authentication dialog.
I am not so worried about being able to convert an mailbox in customer prod environments. But my consern is when we have a test environment being dumped to test-environment. (Mailbox(s) changed to some test variant also in M365). Before this was quite esay to achive with basic auth. (even possible to change with a SQL-script if recall correct)

When activating moderna Auth (OAUTH 2.0 or App Password?) for a service mailbox, does the customer IT need to prepare something on the M365 end?

Would be great if you could hold short webinar around this for us partners and we could discuss different scenarios in more detail.
Since the servicemailbox for many customers is very important, I want a process that is a smooth as possible with minimal downtime. Thats why I need to have control of the process doing a switch and preferably be able to test it out in their test environments. (So if App Password can solve that I am interested to learn the correct way of first testing it out in test-environment and then in prod active the serial via access gateway)

Sory for my questions..
Anders

RE: Enabling Modern Auth (OAuth 2.0) for service mailbox

Frode Berntsen 30 Aug 2022