This article includes descriptions of third-party software and is based on the status at the time this page was created. Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation. All information without warranty.
In order to use the Mail Connector with Microsoft 365, the following information is required:
Application ID
Client ID
Secret client key
This guide shows an example of the preparations and setting required in Microsoft Azure
Launch Azure Active Directory admin center
Note down/Copy Tenant ID from the Azure Active Directory menu
Register new app under theApp registration menu under the New registration button
Assign a unique name and click the register button
In the API permissions menu, click the Add a permission button.
Select permission for Office 365 Exchange Online in the APIs my organization uses tab
Add IMAP.AccessAsApp permission for Office 365 Exchange Online
In the menu API permissions activate the entry Grant admin consent for [...].
Create a Client secret in the Certificates & secrets menu
Note down Value, will be entered as Secret Client Key when adding an OAuth 2 connection
Open menu Enterprise Applications and select app
Note down from the app properties Application ID and Object ID.
Open Powershell on Windows Client Administrator, import ExchangeOnlineManagement and connect to tenant
Select the recipient mailbox in the Exchange admin center and choose Read and manage (Full Access) as delegation.
Add member for Mailbox Delegation
This completes the configuration in Microsoft Azure. The further configuration is done in the UTM in the menu Applications Mail Connector Area Services with button Add Mail Connector Service
anf in the tab OAuth2 with the Add OAuth2 connection button.
notempty
The Microsoft servers may take up to 30 minutes before access works
1.
2.
3.
Abb.1
Abb.2
Abb.3
Abbildungen
Fig.1
Select Azure Active Directory menu
Note down or copy Tenant ID, is entered when adding an OAuth 2 connection
Fig.2
Register new app:
Menu App registration
Button New registration
Fig.3
Assign a unique name
Click Register button
Fig.4
A summary of the newly registered app is displayed
The Object ID displayed here does not belong to the app and is not needed!
Select API permissions menu
Fig.5
Click Add a permission button
Fig.6
Select the tab APIs my organization uses
Select permission for Office 365 Exchange Online
Fig.7
Click Application permissions button
Search for imap
Checkmark IMAP.AccessAsApp
Click the Add permissions button
Fig.8
Select menu API permissions again.
Select entry Grant admin consent for [...]
Click the Yes button
Fig.9
Grant admin consent for... successfully granted
Fig.10
Menu Certificates & secrets
Tab Client secrets
Entry New Client secret
Enter unique description
Select desired duration (max. 24 months)
Click Add button
Fig.11
Note down Value, will be entered as Secret Client Key when adding an OAuth 2 connection
Fig.12
Back to the dashboard, menu Azure Active Directory
Menu Enterprise applications
Fig.13
All applications menu
Select Securepoint app
Fig.14
Note down from the app properties:
Application ID, is entered as Application ID when adding an OAuth 2 connection
Object ID, is required for the granting of the authorisation via Powershell
Fig.15
Open Powershell on a Windows client administrator
Install ExchangeOnlineManagement module
If there are problems installing the module or connecting, you may need to configure Powershell to TLS 1.2: >[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
This article includes descriptions of third-party software and is based on the status at the time this page was created. Changes to the user interface on the part of the manufacturer are possible at any time and must be taken into account accordingly in the implementation. All information without warranty.
Um mit dem UTM Smarthost E-Mails an Exchange online (M365) versenden zu können (z.B. für das Mailrelay)
ist eine Entra ID App mit der Berechtigung SMTP.SendAsApp erforderlich.
Dieser App muss der Zugriff auf das Exchange Online E-Mail-Konto gewährt werden
Api-Berechtigung hinzufügen: Reiter Von meiner Organisation verwendete APIs wählen
Berechtigung für Office 365 Exchange Online wählen Administratorzustimmung erteilen
Clientgeheimnis hinzufügen und Wert notieren (Wird beim Hinzufügen einer OAuth 2 Verbindung als Geheimer Clientschlüssel benötigt)
Der Wert des Clientschlüssels kann nur unmittelbar nach Erstellung angezeigt werden
Aus der App-Übersicht die Anwendungs-ID (Client) und die Verzeichnis-ID (Mandant) kopieren (Wird in der UTM beim Hinzufügen einer OAuth 2 Verbindung als Anwendungs-ID bzw. Mandanten-ID benötigt)
Aus dem Menü Unternehmens Apps Untermenü Alle Anwendungen die angelegte App wählen und die Objekt ID kopieren (Wird für die Vergabe der Berechtigung per Powershell benötigt)
In der Powershell muss zunächst das Modul für Exchange Online heruntergeladen und aktiviert werden Install-Module ExchangeOnlineManagement Import-Module ExchangeOnlineManagement
ExchangeOnlineManagement mit dem Tenant (Verzeichnis-ID (Mandant) Abb.9 Nr. 23) verbinden Connect-ExchangeOnline -Organization "<Verzeichnis-ID (Mandant)>"
SMTP-Authentication für das Postfach aktivieren, das Smarthost verwendet werden soll Set-CASMailbox -Identity "<MAILBOX>" -SmtpClientAuthenticationDisabled $false
Es wird ein Dienst benötigt, dem die Berechtigung für den Mailbox-Zugriff erteilt werden kann.
APPLICATION_ID aus Abb.9 Nr.22
OBJECT_ID aus Abb.10 Nr. 27
Der Parameter 'DisplayName' ist hierbei optional, hilft aber im Nachhinein nachzuvollziehen, wer Zugriff auf die Mailbox hat.
OAuth 2 Verbindungen für Mailconnector und Mailrelay
