0 votes
by (140 points)

Is there a Rebex blog post that explains how to register an unattended "daemon" app that sends emails using Rebex Secure Mail with Outlook SMTP, authenticating with OAuth on the Microsoft Outlook server?

The only permission this app should require is SMTP.Send -- it doesn't read any mail or fetch anything from the server.

We've been using Rebex mail for this purpose with email-address + password authentication which is soon to be eliminated.

1 Answer

0 votes
by (145k points)
edited by

Office 365 only supports unattended (app-only) authentication (suitable for services and daemons) for EWS, for IMAP and POP3, and for Graph API. It's not supported for SMTP.

For sending email via Office 365 in app-only mode, consider using the EWS protocol.

Another alternative to wait and keep using basic authentication with SMTP for now. Office 365 will deprecate basic authentication for IMAP and POP3 on 2022-10-01, but they have no plans to completely disable basic for SMTP at this time (however, they will disable SMTP basic auth for tenants where it's not being used.

Microsoft might also add support for app-only authentication for SMTP as well in the future.

If you would rather switch to using EWS for sending email via Office 365, check out our sample app that uses app-only authentication with the EWS protocol, and follow the steps in the following article:

Once connected and authenticated, use Ews.SendMessage method to send e-mail.

The following screenshot shows different permissions relevant for Office 365 mailbox access, both for "delegated" (= attended apps) and "application" (= unattended deamons and services):
Azure AD mail permissions

Note the presence of SMTP.Send among "delegated permissions", but lack of something like SMTP.Send.All in "application permissions". The Mail.Send permission applies to Graph API and is not suitable for SMTP.