This will be available in Axon Ivy 13.1.0, 12.0.5, 10.0.27
Microsoft will disable basic authentication via SMTP on office365.com. They provide many alternatives, but we will provide support to send mails via SMTP using OAuth2.
The mail server for Axon Ivy needs to be configured in ivy.yaml the following way:
EMail:
Server:
Host: smtp.office365.com
Port: 587
MailAddress: user@domain.com
User: user@domain.com
PasswordProvider:
Name: office365-oauth2
Config:
TenantId: XX
ClientId: YYY
ClientSecret: ZZZ
EncryptionMethod: START_TLS
But maybe the most challenging part will be to correctly setup everything on Azure side, which is basically not our business, but because we've struggled and waisted multiple hours, here are the instructions:
- Go to https://entra.microsoft.com and login
- Make a new app registration
- Create a client secret
- Assign permission
- Create a service principal
For this we need a PowerShell and a few IDs from the Entra Admin Center. We need your Tenant ID and the Application ID and the Object ID of the Enterprise Application (NOT Application Registrations!)
Open the PowerShell
# connect to your tenant
Install-Module -Name ExchangeOnlineManagement
Import-module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <tenantId>
# create a new service principal
New-ServicePrincipal -AppId [appID] -ObjectId [objectID]
# check it
Get-ServicePrincipal | fl
# add the mail box permission
Add-MailboxPermission -Identity "user@domain.com" -User [objectID] -AccessRights FullAccess
Troubleshooting
- If it's not working you need to ensure, that the given user has an office365 license.
- You need to enable smtp authentication on the mailbox or on the tenant in general:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
Set-CASMailbox -Identity "user@domain.com" -SmtpClientAuthenticationDisabled $false
- Probably you need to add a recipient permission:
Add-RecipientPermission -Identity user@domain.com -Trustee [objectId] -AccessRights SendAs
See also
