It looks like Office 365 only supports unattended (app-only) authentication for EWS protocol and for Microsoft Graph API, while interactive (delegated) authentication is supported for classic mail protocols as well). There might be a way to make it work for SMTP, IMAP and POP3 as well, but we are not currently aware of it. Please contact Microsoft for clarification regarding protocol and authentication support in their cloud services.
To make it simple to get started with using EWS instead of SMTP for sending e-mail, we published a sample app that uses app-only authentication to access an Office365 mailbox using the EWS protocol. It is suitable for unattended (deamon/service) applications because no user interaction is required for app-only authentication mode. Instead, an application uses a 'client secret' (basically an application password) to access mailboxes for a specific organization and send email on their behalf.
- An application has to be registered in Azure Active Directory with
full_access_as_app permission (= Use Exchange Web Services with full access to all mailboxes) configured by editing the manifest in Azure AD app registration.
- Admin consent granted for an organization.
- A client secret generated.
Once this is configured, it's possible to use
Microsoft.Identity.Client library to obtain an access token, and use that with Rebex
Ews class to access organization's mailboxes, as shown in the sample app.
However, this notably does not grant
SMTP.Send permission (which does not seem to be available for app-only mode), although it does make it possible to send emails using Ews.SendMessage API.
There might be a way to make this work for the SMTP protocol as well, but I have not been able to find any relevant Microsoft document describing how to achieve that. Unfortunately,
SMTP.Send is among "delegated permissions", which only apply to application that access Microsoft APIs as a signed-in user (= not for unattended/deamon mode). The other mode (unattended/daemon apps) does not seem to offer
SMTP.Send. It offers
Mail.Send permission instead, which supposedly allows the app to send mail as any user. Unfortunately, it looks like this can only be utilized via MS Graph API (not via SMTP). Perhaps a relevant permission exits that can be added by manually editing the manifest (just like for EWS), but we are not aware of it.
The following screenshot shows different relevant permissions, both for "delegated" (= attended apps) and "application" (= unattended deamons) access: