Hi @Naveen B,

Hope you’re well. I compared your configuration with the one used by one of our customers, who has been using inbound mail processing with Office 365 for many years. Your configuration is correct but Office 365 is denying IMAP access.

There are two possible problems:

1. IMAP access has been disabled for this account. I’m not an expert on Office 365 but can’t see a way to configure this from the admin center -- looks like it has to be done through PowerShell: Set-CASMailboxPlan
2. Two-step authentication is enabled. You will need to create an app-specific password by following the instructions here: Manage app passwords for two-step verification

I resolved this issue on Monday.  I changed the authentication method from Basic Authentication to Azure Modern Authentication.  Microsoft is dropping support for basic authentication for IMAP and POP.  I believe this is why this stopped working for us.

I followed these instructions and it worked immediately.  Good luck!

By using the System Email Accounts (SM204002) form, you can create an email account for MS Office 365 account.

Step 1: To Specify the General Settings of the Account

To specify the general settings of the account, do the following:

1. Open the System Email Accounts (SM204002) form.
2. On the form toolbar, click Add New Record.
3. In the Summary area of the form, do the following:
   1. In the Account Name box, type the name of the system email account.
   2. In the Email Address box, type the email address of the account that will be used as the system email account.
   3. Optional: In the Reply Address box, type the email address that will be used for automatic replies.

Step 2: To Specify the Servers

To specify the settings of the servers, do the following:

1. While you are still on the System Email Accounts (SM204002) form with the account you have created, be sure the Servers tab of the form is opened.
2. In the Incoming Mail Protocol box (Server Information section), select the protocol to be used to connect to the incoming server.

2. 1. you have selected the IMAP protocol, in the Root Folder (on server) box, you need to type the path to the folder that will be used as the root folder for storing emails.
3. In the Incoming Mail Server box, type <tt>outlook.office365.com</tt>.
4. In the Outgoing Mail Server box, type <tt>outlook.office365.com</tt>.
5. On the form toolbar, click Save.

Step 3: To Configure Authentication Through Azure AD

Now you will set up authentication through Azure AD as follows:

1. While you are still working with the account on the System Email Accounts (SM204002) form, in the Authentication Method box, select the Azure Modern Authentication option.
2. Click the pencil icon next to the External Application box. The system opens the External Applications (SM301000) form in a new window.
3. In the External Applications form, click Add New Record.
4. In the Type box, select the Exchange Online SMTP/IMAP/POP3 option.
5. In the Application Name box, type the name of the application, for example, Office365 Connector.
6. Switch to the browser tab with Microsoft Azure Portal and complete the steps in Register an application with the Microsoft identity platformn.
7. On the Overview page of the registered application in the portal, copy the Application (client) ID value, and paste it into the Client ID box on the External Applications form.
8. On the Overview page of the registered application in the portal, copy the Directory (tenant) ID value, and paste it into the Azure Tenant ID box on the System Email Accounts form.
9. Switch to the browser tab with Microsoft Azure Portal, and complete the steps from Add a client secret for an application.
10. On the Certificates and secrets page of the registered application in the portal, copy the client secret value, and paste it into theClient Secret box on the External Applications form.
11. On the External Applications form, copy the value in the Return URL box.
12. Switch to the browser tab with Microsoft Azure Portal, and complete the steps from Add a redirect URI.
13. On the External Applications form, click Save and Close on the form toolbar. The system closes the window with the form and specifies the configured application in the External Application box on the System Email Accounts form.
14. Switch to the browser tab with the Microsoft Azure Portal, and complete the steps from Application permission to Microsoft Graph to grant the following delegated permissions:
    • offline_access
    •  IMAP.AccessAsUser.All
    •  SMTP.Send
    •  POP.AccessAsUser.All if needed (however, using POP3 is not recommended in Acumatica ERP)

Step 4: To Configure Advanced Settings

Finally, you need to specify the advanced settings email account. Do the following:

1. While you are still working with the account on the System Email Accounts (SM204002) form, switch to the Advanced Settings tab.
2. In the Incoming server port (POP3/IMAP) box of the Server Port Numbers section, type the number of the port to be used for incoming mail.
3. Select the Incoming server requires encrypted connection (SSL) check box.
4. In the Outgoing server port (SMTP) box, type the number of the port to be used for outgoing mail.
5. In the Outgoing server encrypted connection box, select the TLS option.
6. On the form toolbar, click Save, and then click Sign In to test the settings of the email account.

You are correct that you need a separate external application record in Acumatica for each email however you only need one registered application in Azure for your organization.  Each External Application record in Acumatica can use the same client/tenant IDs from Azure as well as secret value,  Not sure that is the total problem but I know you don’t need multiple applications in Azure.  

As far as better documentation, I’ve used that same document you attached multiple times at multiple clients and was successful with setup.

Good luck!

@Marco Villasenor I found the diagnostic tool I was referring to.  It is https://testconnectivity.microsoft.com/tests/o365

This will allow you to verify if it is an Office 365 configuration or account issues versus an Acumatica issue.

@jvaliente51 You could certainly try to see if OAuth works in Acumatica without setting up these API permissions.  I included them because that was in the documentation I followed.  I didn’t have to worry about IT approval since I am a global Admin in our Office 365 tenant so I have full permissions.  I can’t say what permissions are required to be able to configure Microsoft Graph within Azure.

Best of luck!

@jvaliente51 The instructions say to choose Microsoft Graph and then select application permissions.  In reality, all of these are delegated permissions.  So the instructions should read

1. Select Azure Active Directory > App registrations, and then select your client application.

2. Select API permissions > Add a permission > Microsoft Graph > Delegated permissions.

If you then use the search box, you should see each of these.  The final result of my permissions settings is below:

I hope this helps!

@rkerby04 We had 2 tenants also and 2 completely different hosted environments, one on AWS and one hosted by Acumatica. Our IT provider enabled 2 factor authentication. It took several days to actually affect our email accounts. By turning that on, we had to update the email settings to use multi-factor and change them to Azure Modern Authentication.  Once we did that and signed into each email account again and tested the email account in the email accounts window, we were able to get it working.  There was one account not working and we had to go back into system email accounts and make sure the test button worked and resave the settings/password and test again.  Once we did that, all emails were working. 

We did get this login error again today.  We did use the same  information published above by Kfarren29 and got our email back up and working.  Had to change from Basic to Azure Modern Authentication.  

@rkerby04 Also I believe the basic is ending in October so we thought it was best to change them all now since we were having issues anyway.  

Thanks for the clarification, that makes a lot more sense to me.  After updating my configuration, everything appears to be working.  

We are running Acumatica version 21.119.0030.  I never found an error log in Acumatica providing more detail on the issue.

At one point, I had a link to an diagnostic tool within Office 365 that would verify your connection.  Unfortunately, I haven’t been able to find that link to share it.  When I ran that with basic auth, I got the same error as I got with Acumatica.  I also got the same error when I tried to connect using basic auth via Windows Mail program.  That is the point at which I knew this wasn’t specific to Acumatica.  It was a general error related to basic auth and our Office 365 tenant.  So I never spent a lot of time trying to find more detailed error logs in Acumatica.

When I moved Acumatica to modern auth, it worked right away.  But again, I was using the 2021 R2.

https://support.microsoft.com/en-us/office/pop-imap-and-smtp-settings-8361e398-8af4-4e97-b147-6c6c4ac95353

Incoming server: outlook.office365.com

Everything else looks correct.

To enable IMAP in O365 refer to this Microsoft doc.   

https://docs.microsoft.com/en-us/exchange/clients/pop3-and-imap4/configure-mailbox-access

I think you will need to use power shell to do this.  The app passwords can be problematic to use sometimes.  If you use an extremely strong password for this account, you can disable MFA for that ne account.

Hi @Chris Hackett  I have not solved this issue, at that time we went for GMail instead Outlook and it was working for us. 

In my issue, we resolved this.  The IT person said:  

The USERNAME did not match PRIMARY EMAIL ADDRESS in Office 365. 

Once they got it changed, then it worked fine.

@Kfarren29

Thank you! Ill give it a few more tries!

Hi @Gabriel Michaud  Hope you are doing well :)
 

Yeah, I’m good, and thank you :)  Thanks a lot for providing the possible options. I will look into it and keep you posted on the update.

 

Were you able to fix this problem? I am getting it and cannot seem to fix it even following the above instructions

I am running into problems setting up three email inboxes in our Acumatica tenant.  It appears as though I need to add an external application record for each email address?  I have also created an application for each email address in the Azure portal.  The instructions that I have been provided from my VAR seem outdated and incomplete (see attached). When I try and authenticate (ie: sign in), it appears as though the subsequent accounts that I have added appear to be trying to use the first account credentials some how.  Is there an updated documentation resource that better outlines the procedure of setting up Office 365 IMAP access with OAuth (modern authentication)?  Something isn’t right here and I feel like I have thoroughly reviewed everything that I can think of.  Admittedly I have less than one business days worth of experience setting up Acumatica.

We are getting this issue now but the emails are still being sent and no incoming processing has been configured… other than moving to modern auth was there ever a resolution on this?

We have a dedicated, licensed user in Office 365 for our Acumatica email address.  I would definitely try to see if authorizing via a licensed user account resolves the issue (versus a shared mailbox).  That should be a fairly simple test to run.

Good luck!

Thank you Kfarren29

Were you using a specific account or a shared inbox?
We are using a shared inbox and I suspect that is what causes the error. Because we sign in with a user account that has delegate permissions over that inbox but has a different email address.

Hi @Naveen B,

Are you able to share if you managed to resolve the email setup error? I had the same error now and trying to figure out what went wrong. The email account to be used by Acumatica has been disabled for MFA and IMAP enabled.

Thank you in advance

Hello, in v 20R2 we followed these steps and everything looks correct but we still get an authentication error. Has anyone managed to set this configuration in that release?

Are there any troubleshooting logs we can check to find out what is failing?

Hi @Naveen B were you ever able to resolve this issue? Thanks!