添加链接 注册    登录
link管理
链接快照平台
  • 输入网页链接,自动生成快照
  • 标签化管理网页链接
相关文章推荐
坚强的大象  ·  Fat Lines in threejs ...·  8 月前    · 
鼻子大的甘蔗  ·  金砖国家领导人汉堡非正式会晤媒体声明·  1 年前    · 
面冷心慈的水煮鱼  ·  深夜食堂:世界各地的夜间美食文化_Cuisi ...·  1 年前    · 
刚毅的花卷  ·  91成版人抖音 - 百度·  1 年前    · 
打酱油的荒野  ·  3.3亿美国人,各年龄段人口比例有多少?_世代·  1 年前    · 
link管理  ›  Exchange Online POP and IMAP OAuth 2.0 Client Credentials Flow - Icewolf Blog
https://blog.icewolf.ch/archive/2022/12/17/exchange-online-pop-and-imap-oauth-2-0-client-credentials/
捣蛋的路灯
2 年前
OAuth 2 Authentication for POP and IMAP was announced already back in June 2022 at the Exchange Team Blog.
Announcing OAuth 2.0 Client Credentials Flow support for POP and IMAP protocols in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-client-credentials-flow-support-for-pop-and/ba-p/3562963
There is a pretty decent Step-by-step Guide here. But there are some steps missing - that's why i have created a more detailed Guide.
Authenticate an IMAP, POP or SMTP connection using OAuth
https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#use-client-credentials-grant-flow-to-authenticate-imap-and-pop-connections
As a personal Opinion: I don't like this POP/IMAP approach. If you as a developer are able to change your existing Code for the Authentication and Token handling - you have already done 50% of the Job. It's easy to do the rest via Graph Calls - check out mit GitHub Repo for Examples of that https://github.com/BohrenAn/GitHub_PowerShellScripts/blob/main/ExchangeOnline/GraphAPI/ExOGraphAPI.ps1
Create the App Registration in Azure AD
Now you need to create the Service Principal in Exchange Online. And here is another tricky part.
What do they refer to with ServiceId? It is the ObjectID of your Azure AD Application in the Enterprise Application.
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]
###############################################################################
# Get AzureAD Application with Microsoft.Graph PowerShell
###############################################################################
Connect-MgGraph -Scopes 'Application.Read.All'
$ServicePrincipalDetails = Get-MgServicePrincipal -Filter "DisplayName eq 'DemoEXO-POP3-IMAP'"
$ServicePrincipalDetails
###############################################################################
# Create Exchange Service Principal
###############################################################################
Connect-ExchangeOnline
New-ServicePrincipal -AppId $ServicePrincipalDetails.AppId -ServiceId $ServicePrincipalDetails.Id -DisplayName "EXO Serviceprincipal $($ServicePrincipalDetails.Displayname)"
###############################################################################
# CAS Mailbox
###############################################################################
Get-CASMailbox -Identity [email protected] | fl imap*
Set-CASMailbox -Identity [email protected] -PopEnabled $true -ImapEnabled $true
###############################################################################
#Full Access
###############################################################################
$Mailbox = "[email protected]"
$SericePrincipal = "EXO Serviceprincipal DemoEXO-POP3-IMAP"
Add-MailboxPermission -Identity $Mailbox -User $SericePrincipal -AccessRights FullAccess -AutoMapping $false
###############################################################################
# Test Access
###############################################################################
Clear-MsalTokenCache
$AppID = "3bf0cf36-87bf-47a9-927b-0ef9df7cf146"
$TenantID = "icewolfch.onmicrosoft.com"
$ClientSecret = "YourClientSecret"
$Scope = "https://outlook.office.com/IMAP.AccessAsUser.All"
.\Get-IMAPAccessToken.ps1 -tenantID $TenantID  -clientId $AppID -clientsecret $ClientSecret -targetMailbox "[email protected]"
That's how it looks like if your IMAP Protocol in Get-CASMailbox is not enabled (And it takes a while 30-60 Minutes) after the Change to become active.
Works as a Microsoft Cloud Engineer/Architect for midsize to large Enterprises. He has a special focus on M365 including Identity, Messaging, Communication, Security and PowerShell but also Azure Technologies. He is Co-Organisator of the <Microsoft 365 Community Schweiz> Meetup group and was Speaker at several other Meetups.
  • MicrosoftTeams PowerShell Module 5.6.0 released as GA
  • Troubleshoot Azure AD Connect Password Sync
  • Microsoft Loop now supports code component
  • ExchangeOnlineManagement 3.3.0 released as GA
  • Microsoft.Graph PowerShell Modules 2.5.0 released
  • Azure AD Connect cloud sync
  • Azure PowerShell Module Az 10.3.0 released
  • Windows Server Insider Preview Build 25941 reveals new AD Forest and Domain functional Levels
  • M365 Admin Center shows outdated directory sync tool
  • PowerToys v0.73.0 released
    •  
    推荐文章
    坚强的大象  ·  Fat Lines in threejs by making use of additional files | Dustin John Pfister at github pages
    8 月前
    鼻子大的甘蔗  ·  金砖国家领导人汉堡非正式会晤媒体声明
    1 年前
    面冷心慈的水煮鱼  ·  深夜食堂:世界各地的夜间美食文化_Cuisine_Snacks_Night
    1 年前
    刚毅的花卷  ·  91成版人抖音 - 百度
    1 年前
    打酱油的荒野  ·  3.3亿美国人,各年龄段人口比例有多少?_世代
    1 年前
    Link管理   ·   Sov5搜索   ·   小百科
    link管理 - 链接快照平台