@KevinTheJedi
When I run Integration assistant, everything shows fine

I get it now:
array ( 'code' => 'ErrorAccessDenied', 'message' => 'Access is denied. Check credentials and try again.', )

    KevinTheJedi
    Are you sure EmailAddresses is the correct attribute?
    Answer: I am not sure, but I was trying email, and mail, and added a custom attribute

    still no go

    Which Graph URLs and scopes, I should be using?
    I tried this:
    offline_access https://graph.microsoft.com/IMAP.AccessAsUser.All https://graph.microsoft.com/POP.AccessAsUser.All https://graph.microsoft.com/SMTP.Send

    and got errors: array ( 'code' => 'InvalidAudienceForResource', 'message' => 'The audience claim value is invalid for current resource. Audience claim is \'https://graph.microsoft.com/\', request url is \'https://outlook.office365.com/api/v2.0/me\' and resource type is \'Exchange\'.', 'innerError' => array ( 'oAuthEventOperationId' => '5c2f112a-237b-1cf0-9fa3-18b854eacf28', 'oAuthEventcV' => 'mG0x7T+u84eyGvKdW3h6Ig.1.1', 'errorUrl' => 'https://aka.ms/autherrors#error-InvalidResource', 'requestId' => 'cs313d50-8f2f-d2f8-b12e-f11s5b239a17', 'date' => '2022-08-16T14:04:51', ), )

        ramrajone

        Because when you use Graph Scopes you also have to use the Graph Resource Details Endpoint https://graph.microsoft.com/v1.0/me.

        Cheers.

            KevinTheJedi
            Yes, I just changed it to Graph Resources and got a new error:
            array ( 'code' => 'Authorization_RequestDenied', 'message' => 'Insufficient privileges to complete the operation.', 'innerError' => array ( 'date' => '2022-08-16T14:20:00', 'request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', 'client-request-id' => 'a2f24820-a560-1nb1-ad50-a9n651351640', ), )

                ramrajone

                Did you add all the API permissions to the app? You need to make sure User.Read.All and such are enabled for the application.

                Cheers.

                    ramrajone

                    You may also need to Admin Consent to those permissions and scopes as well to allow it.

                    Cheers.

                      KevinTheJedi
                      ok, I got a little far this time, with little success, but not functioning yet

                      When I add an email address: get Authenticate failed, which is normal, because I have to go into config

                      Then, it blanks out all the settings, like Hostname, Port Number, Protocol
                      I just have to re-enter it and save it.

                      After that, I get Authentication failed, when enabling Email Fetching

                          ramrajone

                          Yea we are working on stashing and recovering that data when you get directed away from that page. That change will be part of RC4.

                          Now you are where I am. I get AUTHENTICATE Failed with Graph scopes but cannot even get a token with outlook scopes. Their official docs say to use the outlook scopes but their other docs say not to use them as they are deprecated and you should use graph instead. So I contacted MS support and after 3 weeks still nowhere with this issue.

                          Are you using a personal outlook/exchange email by chance? Everyone else on the forum seems to have O365/Exchange/Outlook setup and working but us with personal accounts cannot proceed.

                          Cheers.

                              KevinTheJedi
                              Yes, I am using Exchange Online (Plan 1)
                              I can test with my personal and see if I get success up to this point

                              Where do you get an option on your Microsoft Personal account to generate a following?
                              Client Id: *
                              IdP Client / Application Identifier

                              Client Secret: *
                              IdP Client Secret

                                  ramrajone

                                  What do you mean? You have to create an app and then create the client secret in the app. This is what you did for the other test right?

                                  Cheers.

                                      KevinTheJedi
                                      For my other test, I am using Exchange online plan1 license, which I am able to do via Azure
                                      Created App:
                                      Enterprise applications | All applications
                                      Then I registered under: App registrations
                                      Then gave permission to API

                                      That's where I generated Client secrets and was able to add Redirect URIs, etc...

                                      I was trying to test with a personal account like outlook.com, but I am not sure where to go

                                          KevinTheJedi
                                          I am working with MS365 support, they are asking which version of TLS are you using.

                                            ramrajone Try un-ticking user.read and see if it will then allow you to select user.read.all. It might be one of those that only one can be selected. Just a shot in the dark.