| Table of Contents | ||
|---|---|---|
|
Multi-Factor Authenticated Emailing for Microsoft
| Panel | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
Utilize App Passwords for Gmail MFA passwords for Gmail utilize Google App Passwords functionality, and are entered in the password field by utilizing the SMTP |
...
Authenticated Emailing steps |
Microsoft Server email relay platform has begun rolling out blocking outbound SMTP connections on TCP port 25. Microsoft claims this is to ensure better security for Microsoft partners and customers, protect Microsoft’s Azure platform, and conform to industry security standards.
...
In order to prepare for this change we have added new "User Specific" Multi-Factor Authentication configuration.
Web App Configuration for Office 365 Multi-Factor Authentication
Log In to Azure Portal
Navigate to http://portal.azure.com and log in. At the landing page, type “app registrations” in the search box on the header bar:
...
...
Register a new App
| Info |
|---|
This App registration needs to be new and separate from any other app registrations, including the Single Sign On Active Directory Account Creation app registration. |
In the “App Registrations” screen, click “New Registrations”:Registrations.” Give the Application a name, set the supported account type, select “Web” from the “Select a Platform” drop down, and set the redirect URI (to: https://xxx***-web.scansoftware.com/cafeweb/tl/tokenResponse ) where XXX where *** is your 3-digit school codeAPI Permissions
...
code.
...
API Permissions
Click on API permissions, and add permissions, All all of which come from Microsoft Graph:.
...
Select each of the permissions listed below , and add them to the API Permissions (the Type will be the next option after selecting Microsoft Graph – Application or Delegated):Microsoft Graph permissions:
...
.
...
Permission | Type | Description | Admin Consent Required |
Directory.Read.All | Application | Read directory data | Yes |
Mail.ReadWrite | Application | Read and write mail in all mailboxes | Yes |
Mail.Send | Application | Send mail as any user | Yes |
Sites.Read.All | Application | Read items in all site collections | Yes |
User.Read.All | Application | Read all users’ full profiles | Yes |
Delegated | View users’ email address | No | |
IMAP.AccessAsUser | Delegated | Read and Write access to mailboxes via IMAP | No |
Mail.ReadWrite | Delegated | Read and write access to user mail | No |
Mail.Send | Delegated | Send mail as a user | No |
Offline_access | Delegated | Maintain access to data you have given it access to | No |
Openid | Delegated | Sign users in | No |
SMTP.Send | Delegated | Send emails from mailboxes using SMTP AUTH. | No |
User.Read | Delegated | Sign in and read user profile | No |
Once the Permissions are added, click the Grant Admin consent button to approve the permissions for the API connection.
Add Logout URI
Click “Authentication” and add a logout URI (https://xxx***-web.scansoftware.com/cafeweb/logout) where xxx *** is your three-digit school code.
Click Click the checkboxes next to Access Tokens and ID Tokens, select Single Tenant, and Click Yes to allowing Public Client Flows:
...
Copy the Secret Value (not the Secret ID):
...
Set up Web App Configurations in Campus Cafe
Navigate to Admin>Web App, and enter "OFC365" into the search bar.
...
IMAP_TLS should be set to Y
Refresh Data Cache
Once the values are updated, run the Refresh Data Cache (Admin Menu>Refresh Data Cache>Reload Data)
User Authentication
Once the MFA Azure App has been created, and the appropriate values linked to Campus Cafe via Web App configurations, users will be able to authenticate their Office 365 email accounts with the MFA Azure authentication button:
...
Complete the following steps to authenticate your email:
Navigate to My Info > Email Address
Enter the email (or select the email to be authenticated)
...
Click "Usage Preferred"
...
Enter the Email account's password (not the user's Campus Cafe password)
...
Click Save in the lower right-hand corner.
Click the "Test" button. A Success message should appear below the Test button, and an email should send to the account being authenticated.
Click Save again.
...
Check the "Uses MFA" checkbox
...
and click the "Authenticate with MFA" button. If the email account successfully authenticates, a green "success" message will appear near the Authenticate with MFA button. If not, a red "failure" message will appear.
Click Save upon a successful authentication.
Be careful that, during the MFA authentication process, you are only logged in to the Microsoft account for which you are authenticating your MFA tokens; the system may automatically authenticate you based on an existing connection to the Azure environment and provide tokens that do not belong to the account you are attempting to authenticate in Campus Cafe. You may want to log out of all Microsoft accounts and authenticate in an private or incognito browsing mode. Once your tokens are active, you may log back in to all other Microsoft accounts.
| Info |
|---|
Generic Department Email Address Under this email relay process for Campus Cafe to send emails from the generic department email address like |
...
...
billing@campuscafe.edu a non-student account must be created for the email address, and the MFA credentials process completed. |
| Warning |
|---|
Common Error Message for SMTP Disabled for Tenant:If you receive the following Error Message upon sending an email from the system: Please Follow the Following Steps to enable SMTP Authentication for your Organization:As the error message indicates, the root cause of the error is due to the SMTP Protocol being disabled in Exchange Online. To resolve the error, |
...
you must enable the SMTP protocol in Microsoft 365 Exchange Online Admin Center. Here is how:
|
...
  Alternatively if that does not work please try this configuration:
|