Hello all,
running in some problems with the configuration of osTicket and M365. As described below I use Exchange Online. Focusing on IMAP I try to fetch Email. I tried different approaches for the Test:

1:
I disabled all security related settings on the M365 Tenant like Security defaults and MFA and enabled Basic Auth for IMAP and SMTP as described here Enable Basic authentication in Exchange Online | Microsoft Docs and configured the client settings as described in POP3 and IMAP4 in Exchange Online | Microsoft Docs. Also enabled Trusted IPs in MFA to lower security. Ending up with Can not authenticate to IMAP server: AUTHENTICATE failed. Reversed all security related settings.

2:
Configured App Password as described here Configure app passwords for Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs, made the necessary changes on osTicket «Password». Ending up with Can not authenticate to IMAP server: AUTHENTICATE failed.

osTicket Version v1.16.1 (b42ddc7) — Up to date
Web Server Software LiteSpeed
MySQL Version 5.7.26
PHP Version 7.4.27

Runs in a shared environment at my Hosting Provider, dedicated Plesk access.

Azure Active Directory security defaults | Microsoft Docs

Configure app passwords for Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

Configure app passwords for Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

Thank you for any hint or help.

  • KevinTheJedi replied to this.

  • All the above settings are correct, except MFA enforcing should be disabled for the specific user. and last Point will be to run Diag: Enable Basic Auth in EXO. After that I ways able to save the configuration for IMAP in osTicket without any error.

    cocoon

    Please read the requirements before installing/upgrading. v1.16.1 requires PHP 8.0.

    Also, if you still can't get it to authenticate you'll need to reach out to your mail provider to see why.

    Cheers.

        KevinTheJedi

        Updated to the version you mentioned.

        osTicket Version v1.16.1 (b42ddc7) — Up to date
        Web Server Software LiteSpeed
        MySQL Version 5.7.26
        PHP Version 8.0.15

        Hopefully I can follow up on this once i get response from my mail provider.

        thx

          cocoon

          One thing to check is to see if MS is forcing you to use Modern Auth (OAuth). If so, then you will need to disable this.

          Cheers.

              5 days later
              6 days later

              Basic Auth will be disabled this year by default. and cant be turned off what i read in MS docs.

              @WeConnectIT

              Basic Auth will be disabled this year by default.

              Currently this is only for new accounts. Basic Authentication will be completely disabled by May 22, 2022 for all existing accounts. We aim to have Modern Auth (OAuth2.0) support by that time.

              Cheers.

              New user here stopping in to say thanks for the solution. Several hours wasted until I stumbled across this.

              You can also create an "App Password" for the account. Then use the account name and app password to authenticate. I did this with the latest 1.5 and it worked without making changes to O365.

              3 months later

              Well... having been asked to move the company from Google to 365, I am now facing the same issue as many others.

              OST 1.15.4 (I do need to update, but this should work, right?)
              App password correctly set up, IMAP enabled, POP enabled etc.. but nothing allows authentication to work.

              If I disable authentication for SMTP, then of course it sends, but as expected the result is in the receiver's spam/junk so that's no good.

              I've gone through the options recommended here, and still not working as it should. Just about at my wits end - any further ideas or suggestions before I jump off the ledge?

                KevinTheJedi - Thanks for that... checking it now!

                I assume, however, that if we enable that, we would be deemed a 'short term' user and have it disabled pretty soon (as per the techcommunity article). Enabling it will help to get us running for now, but do you know if OST will include alternative authentication protocols to help us connect it to O365 in the future?

                    Write a Reply...