Sticky Tutorial

All you need in order to move to Microsoft 365 Exchange OAuth 2.0 protocol.

  • 13 October 2022
  • 14 replies
  • 4319 views

Two years ago, Microsoft announced that it will no longer support basic authentication protocols (SMTP, IMAP, POP). The time has come when you need to move to a more secure and updated protocol - OAuth 2.0. 

 

Setup of the new email integration is simple: 

  1. In SysAid, go to: Settings > Integration > Email

  2. Click the Create New button, and follow the instructions in this Microsoft 365 Email Integration with OAuth 2.0 Guide. The permissions required on MS side: 

Permissions required on Microsoft
​​​​
  1. Test and verify the new integration: Send manual email, reply from tickets and take actions that trigger automatic notification.

 

To disable the SMTP integration [see screenshot below]:

  1. In SysAid, go to: Settings > Integration [1] > Email [2].

  2. Choose the SMTP integration list item and uncheck:

    1. Select the Outgoing Email tab [3] 

    2. Uncheck  Enable outgoing email 

    3. Click Apply [5].

    4. Select the Incoming Email tab [4]

    5. Uncheck Enable incoming email

    6. Click Apply [5]. 

 

A few important notes: 

  1. This update is relevant for cloud and On-premises accounts. 

  2. For On-premises, Microsoft 365 Exchange OAuth 2.0 is supported from version 20.4.74 and up. 

  3. There is a workaround available to provide you with a short time extension if needed, read more about it here. 

 

If you have any questions please ask away in the comments!

Regards, 

 

CX5iNx5b42lQLX_V4AGEmmRmpxE6ECic0_5tbLIQcKtQWaww7cK4X4OiiuuCNwZYd_rsFACZs1Z-cXV_Ga5PYtRq4FNX0ZqyDdT69iQ8fTiVX4Zb8Dmggb18gpMbY_y92GdJT7m9lWjxp8LPdXFjru6MYTbOul4UEzZNaSlnZD8OGDZE2MSqMcFdiA


14 replies

Userlevel 5
Badge

All downloads links for relevant On-Premises versions can be found here: 

https://helpdesk.sysaid.com/FAQTree.jsp?id=858

*Requires login to our Customer Portal (SSP)

**Login is the same as the one you set up for our community :) 

Userlevel 5
Badge

Important

We recommend that you limit the application's access to specific mailboxes by creating an application access policy. For more information from Microsoft, see here.

Badge +1

When setting this up, I get this error message:

 

Test incoming email failed

getRequest: Failed to call getRequest: response code: 403, HTTP status code: 403, reason: Forbidden {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}

 

Any idea what might be wrong?

Kind Regards,

Rudi

Userlevel 1
Badge +1

When setting this up, I get this error message:

 

Test incoming email failed

getRequest: Failed to call getRequest: response code: 403, HTTP status code: 403, reason: Forbidden {"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}

 

Any idea what might be wrong?

Kind Regards,

Rudi

We are receiving the same error.  Interested in any suggestions.

Userlevel 5
Badge

@Crissmiller @JSR ICT double check you gave all the relevant permissions (see screenshot above) as well as 3rd party apps access.  If still not figured out share some logs for review or reach out to our Customer Care team via live chat or open a ticket on our Customer Portal for further support. 

Let us know how it goes!

 

Userlevel 1
Badge +1

@Crissmiller @JSR ICT double check you gave all the relevant permissions (see screenshot above) as well as 3rd party apps access.  If still not figured out share some logs for review or reach out to our Customer Care team via live chat or open a ticket on our Customer Portal for further support. 

Let us know how it goes!

 

Thank you.  I submitted a ticket and the issue has been resolved.  It was a permissions issue.

Userlevel 5
Badge

@Crissmiller amazing! what permissions were you missing? 

 

Userlevel 1
Badge +1

@Maayan Karstaedt, when our API permissions were set it looks like user.read was omitted.  They also had everything set as Delegated rather than Application, instead of just the user.read permission.

Thanks for the follow up. 

When will sysaid remove support for SMTP in the on premise version?

Userlevel 5
Badge

Hi @steven.brooks ,

As the deprecation was on Microsoft side it is applicable to on-prem and cloud now. We higly reccomend you move to OAuth 2.0 protocol now, Microsoft 365 Exchange OAuth 2.0 is supported from version 20.4.74 and up. 

 

 

Hi @steven.brooks ,

As the deprecation was on Microsoft side it is applicable to on-prem and cloud now. We higly reccomend you move to OAuth 2.0 protocol now, Microsoft 365 Exchange OAuth 2.0 is supported from version 20.4.74 and up. 

 

 

Hi @Maayan Karstaedt , i understand however when will the smtp option be removed? Will this be in the next release of sysaid?

Userlevel 5
Badge

Something important to point out »

Once transferred to the OAuth 2.0 protocol the sent items (that are automatically deleted) will be waiting for you for 30 days in the Recoverable Items folder instead of your Deleted items folder.

To locate your sent (deleted) emails, simply click the Recoverable Items link (at the top of the Deleted folder) and find all the relevant emails. To read more about this Microsoft 365 functionality.

If you want to keep a record of all sent emails for an unlimited time, it's available for enterprise editions only. Define a dedicated folder for copies of all sent emails, go to:

Settings > Integration > Email > Incoming Email tab, and fill in the Send a copy of the incoming emails to field.

Badge +2

We are running an on-premise Exchange Server not using Office 365.  Currently it is an Exchange 2010 server but we are in the midst of moving to an Exchange 2016 server.  Should I wait until we are completed with the move before upgrading our on Premise SysAid system?

Userlevel 5
Badge

Hi @Steve_IT_FPST ,

Please don’t hesitate to upgrade versions of your On-Prem, it is key to keeping your SysAid healthy and secure all the time. 

Regarding your question using On-Premise exchange doesn’t impact upgrading your SysAid versions or utilizing the OAuth 2.0, nonetheless it will work without OAuth as well:

If you are encounter any issues reach out to our Customer Care team via live chat or open a ticket on our Customer Portal.

Cheers,

Reply