Office 365 Cloud App Registration in Azure
Modern Authentication for Email
Login to https://portal.azure.com/ and go to Azure Active Directory (AAD) (you can use any account with admin privileges to login), then choose “App Registration” and create a “New registration”
Any Name can be used. We recommend including Cindercone or Magma for future reference.
Keep the default selection for Supported account type (Single tenant).
Leave Redirect URI blank.
Go to “API permissions” to add permissions. For this OAuth2 authorization flow, we’ll add “Delegated permissions”.
Add SMTP.Send, IMAP.AccessAsUser.All, POP.AccessAsUser.All , offline_access, User.Read, openid, profile permissions.
And make sure to allow “Grant admin consent for …”
Go to “Certificates & secrets” and add a new client secret.
NOTE: Make sure to copy and store the SECRET VALUE in your notes before you refresh or close the page as you will not be able to see it again.
In “App registrations”, go to “Endpoints” (located to the right of the “+ New registration” link.)
Note your endpoints for “OAuth 2.0 authorization endpoint (v2)”, “OAuth 2.0 token endpoint (v2)”, Client ID and Tenant ID
The Client Secret will expire within maximum of 2 years, make sure to revisit step 5 above to renew it when it expires
Also, just in case, go to your Microsoft 365 admin center (this is not Azure).
Go to your Active users. Click on the user account that is going to be used in Magma. Find the “Manage email apps” link.
Click on “Manage email apps”. Then make sure the “Authenticated SMTP” checkbox is checked.
Required Information After the Setup
After completing the setup, please make sure to send Cindercone support team the following details, these details should be clearly marked with the correct title given below in bold:
- Modern Auth Client Secret: The “Value”you copied from step 4
- Modern Auth Client ID: The “Application (client) ID” from step 5
- Modern Auth Tenant ID: The “Directory (tenant) ID” from step 5
- Modern Auth Authorization Endpoint: The “OAuth 2.0authorization endpoint (v2)” from step 5
- Modern Auth Token Endpoint: The “OAuth 2.0token endpoint (v2)” from step 5
- From Account: The sending email address you are planning to use in Magma
- User: The user account login name for the email address
- Password: The password for the user account
- Please also send a screen shot of the page from Step 3 to show the permissions have been applied correctly:
Note: Modern Auth only works for accounts not included in MFA access policy.
- We only support Modern Authentication for SMTP & IMAP in office365.com in the same tenant.