Skip to main content
Solved

Microsoft 365 / Exchange Online shared mailbox with OAuth in IMAP/SMTP automations

snusmumriken
Contributor
Forum|alt.badge.img+1

Greetings!

I have a question, is it possible to utilize Microsoft 365 / Exchange Online shared mailboxes in IMAP/SMTP automations, in conjunction with OAuth? This question applies to System Email as well.

All our research points towards no at the moment, so this might be an Idea post rather than a Question. At least within FME Flow 2024.1.3 (Build 24627) that we are currently running.

 

Background:
Exchange Online shared mailboxes cannot be interacted with directly. Their accounts are technically disabled, they have no valid logon credentials nor any mailbox licenses. Instead, you grant Send as and Full permission to other licensed accounts in Exchange Online, who act on behalf of the shared mailboxes.

Therefore, in addition to the shared mailbox (fme@our-company.com) we intend to use for automations, we created a licensed service account (account@our-microsoft-tenant.com) that will act on behalf of the shared mailbox.

 

The problem:
Now, provided that all we have for Email automations is a single IMAP/SMTP Account field, how do we authenticate the licensed service account and specify the shared mailbox at the same time? Back in the days of Basic Authentication, there was an obscure yet simple way to accomplish this:

IMAP/SMTP Account: account@our-microsoft-tenant.com\[shared mailbox GUID]
Password: [the password for account@our-microsoft-tenant.com]

This account syntax (we tried different combinations of single/double forward and backward slash) however no longer works in conjunction with OAuth. We have successfully authenticated the licensed service account in our tests, but cannot act on behalf of the shared mailbox.

Microsoft does support IMAP/SMTP access to shared mailboxes with OAuth (https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth), but this might require client-side implementation, which may or may not be present in FME Flow:

In case of shared mailbox access using OAuth, an application needs to obtain the access token on behalf of a user but replace the userName field in the SASL XOAUTH2 encoded string with the email address of the shared mailbox.

 

In conclusion:
Is there anything obvious I might have missed here, that supports our use case? Or do we have to utilize a user mailbox instead, if shared mailboxes with OAuth are unsupported by FME Flow?

Best answer by mattmatsafe

Hi ​@snusmumriken, thanks for bringing this up! At the moment, shared O365 mailboxes are not supported on FME Flow. It will require a Flow enhancement (system email, trigger, send action) to support them. I recommend submitting an idea, so that other users who want this can vote on it.

https://community.safe.com/ideas

I’m sure others could benefit from this as well, but there is only one other request I’m aware of. Hopefully, and Idea with votes from other customers can give us a better picture of the demand for this. 

In the meantime, you will need to use a user mailbox.

View original

mattmatsafe
Safer
Forum|alt.badge.img+10

Hi ​@snusmumriken, thanks for bringing this up! At the moment, shared O365 mailboxes are not supported on FME Flow. It will require a Flow enhancement (system email, trigger, send action) to support them. I recommend submitting an idea, so that other users who want this can vote on it.

https://community.safe.com/ideas

I’m sure others could benefit from this as well, but there is only one other request I’m aware of. Hopefully, and Idea with votes from other customers can give us a better picture of the demand for this. 

In the meantime, you will need to use a user mailbox.

snusmumriken
Contributor
Forum|alt.badge.img+1

Hi ​@mattmatsafe, thank you for the swift answer!

We’ll go with a user mailbox for now.

Licensed service accounts + shared mailboxes are more flexible, at least in huge Microsoft 365 environments like ours, but a user mailbox will suffice in this case. I’ll look into submitting an idea!

Reply


Most helpful members this week

Community Stats

30,872
Posts
117,034
Replies
38,692
Members
Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.