Microsoft Mail and Authentication
In 2022 Microsoft updated their email authentication mechanisms. XCALLY offers the possibility to use Modern Authentication forEmail Accounts using Office365 as provider.
Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client and a server. It includes:
-
- Authentication methods: Multi-factor authentication (MFA); smart card authentication; client certificate-based authentication
- Authorization methods: Microsoft's implementation of Open Authorization (OAuth)
- Conditional access policies: Mobile Application Management (MAM) and Azure Active Directory (Azure AD) Conditional Access
Very simplistic we can say, that with modern authentication, the client is talking to the service and getting redirected to Azure AD for authentication with the username and password or other methods like MFA.
Setting up Modern Authentication
To activate the Modern Authentication for a new Email Account on XCALLY using Office365 as provider, you need to:
A. Register an application in the Azure Portal
B. Configure a new Cloud Provider on XCALLY by choosing Microsoft Azure as a service and Outlook365 as the type
C. Authenticate the Cloud Provider Account
D. Associate the Cloud Provider with the email accounts on XCALLY
Azure AD application registration
Registering an application in the Azure Portal allows Microsoft identity platform to provide authentication and authorization services for your application and its users.
App Registration
Follow these steps to create the app registration:
-
Sign in to Azure portal
-
If you have access to multiple tenants, use Directories + subscriptions filter
in the top menu to switch to the tenant in which you want to register the application -
Search for and select Azure Active Directory (AD)
-
Under Manage, select App registrations>New registration
-
Enter a Display Name for your application. Users of your application might see the display name when they use the app, for example during sign-in. You can change the display name at any time and multiple app registrations can share the same name. The app registration's automatically generated Application (client) ID, not its display name, uniquely identifies your app within the identity platform
-
Specify who can use the application, sometimes called it ssign-in audience
Supported account types Description Accounts in this organizational directory only Select this option if you're building an application for use only by users (or guests) in your tenant.
Often called aline-of-business (LOB) application, this app is asingle-tenant application in the Microsoft identity platform.Accounts in any organizational directory Select this option if you want users in any Azure Active Directory (Azure AD) tenant to be able to use your application. This option is appropriate if, for example, you're building a software-as-a-service (SaaS) application that you intend to provide to multiple organizations.
This type of app is known as a multitenant application in the Microsoft identity platform.Accounts in any organizational directory and personal Microsoft accounts Select this option to target the widest set of customers.
By selecting this option, you're registering a multitenant application that can also support users who have personalMicrosoft accounts. -
Don't enter anything for Redirect URI (optional). You'll configure a redirect URI in the next section
-
Select Register to complete the initial app registration
When registration finishes, the Azure Portal displays the app registration's Overview pane. You see theApplication (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform.
Your application's code, or more typically an authentication library used in your application, also uses the client ID. The ID is used as part of validating the security tokens it receives from the identity platform.
The Application (client) ID and Directory (tenant) ID values will be needed during the Cloud Provider Configuration phase.
Comments
0 comments
Article is closed for comments.