We have a self-developed, non-interactive service application for many different customers on premise. Untill now, this application retrieves emails from a customer's mailbox via o365 IMAP (basic authentication) and also sends emails via o365 SMTP (basic authentication).

In October 2022, Basic Authentication for IMAP, EWS, POP3 etc. is to be deactivated. For non-interactive applications, it is recommended to switch to MS Graph. (https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-...).

The prerequisite for this, as far as I have been able to reproduce so far, is that the customer creates an app registration in the Azure portal that assigns the Mail.Read and Mail.Send permissions, create client-secret and redirect-URL., etc. A policy must then be created, which only authorizes this app ID to a specific mailbox security group (which must also be created in o365), so that the app cannot access all mailboxes (https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access).

Unfortunately, this are many steps in total, which are also relatively complex, which we can not expect of our customers. Some of these customers manage their IT environment themselves, although they are not very comfortable with it. These customers will hardly be able to execute these steps.

Now my question is whether there isn't another, simpler solution to the problem, or whether the steps mentioned can perhaps be shortened or automated?

Thanks and greetings

Boris