Just a couple of weeks or so after our announcement of OAuth support for IMAP and SMTP Auth in Exchange Online, today we’re happy to be able to confirm OAuth support for POP is also now available in ...
Updated May 28, 2020
Version 1.0
Blog Post
https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow that enables access without a user account is not supported. If your application needs persistent access to all mailboxes in a Microsoft 365 organization, we recommend that you use the Microsoft Graph API’s which allow https://docs.microsoft.com/en-us/graph/auth-v2-service in addition to access on behalf of a user, enable granular permissions and let administrators https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access.
But why? We have background services sending and reading emails using SMTP, POP and IMAP, without user interaction. Adding OAuth2 for authentication will make those protocols just as safe as all other places where OAuth2 is implemented.
We were waiting for this, and now we are still forced to implement Graph API, because the grant flow we need will not be supported...
OAuth2 and SMTP works perfectly for Gmail. Why is Microsoft still forcing us to implement another protocol specifically for handling Exchange Email ???