Blog Post

Exchange Team Blog
1 MIN READ

Announcing OAuth 2.0 support for IMAP and SMTP AUTH protocols in Exchange Online

The_Exchange_Team's avatar
The_Exchange_Team
Platinum Contributor
Apr 30, 2020
Ever since we announced our intention to disable Basic Authentication in Exchange Online we said that we would add Modern Auth (OAuth 2.0) support for the IMAP, POP and SMTP AUTH protocols. Today,...
Updated Jun 30, 2022
Version 6.0
All Posts
announcements
Documentation
exchange
exchange online
office 365
Decomplexity's avatar
Decomplexity
Brass Contributor
May 29, 2020

With this (April 30th ’20) release of OAuth2 support for IMAP and SMTP, Sivaprakash-MSFT commented on Stackoverflow: “IMAP, SMTP scopes are targeted for Exchange resource and not Graph” and “... we will only allow Exchange resource URLs to work and don’t have plans to enable Graph resource URLs”. But under AAD API permissions, SMTP.Send only appears as selectable when the Microsoft Graph API is selected. If I select the Exchange API (under Supported legacy APIs or via Enterprise apps), there is no selectable SMTP.Send or IMAP.AccessAsUser.All. So if my app uses a scope of outlook.office365.com/SMTP.Send, or outlook.com/SMTP.Send there isn't a matching permission in AD except under graph.microsoft.com/ (apparently the wrong API…).

 

I gather from Stackoverflow posts that there is confusion over:

- the URL prefix (e.g. https://outlook.office.com/) of a requested scope such as https://outlook.office.com/SMTP.Send as specified in an app

- the API selected in AAD to allow that scope (e.g. Microsoft Graph or Exchange)

 

Perhaps someone in the Exchange Team could clarify.

Tnx