Auth 2.0

You should switch to OAuth 2.0 for authentication purposes:

Daemons/Services: Password grant (MFA/2FA must be turned off for this account):
https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

Daemons/Services: Client credential flow:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

Web apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-web-flow-office365-exchange-imap-pop3-smtp

Standalone devices (requires very little interaction):
https://www.limilabs.com/blog/oauth2-device-flow-office365-exchange-imap-pop3-smtp

Desktop apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

Re-enable Basic Auth

For some time it was possible to re-enable Basic Auth for IMAP and POP3 for your tenant – it is no longer possible to do that.

The post Office 365: Basic Auth is disabled first appeared on Blog | Limilabs.

Test IMAP access:
https://testconnectivity.microsoft.com/tests/O365Imap/input

Test POP3 access:
https://testconnectivity.microsoft.com/tests/O365Pop/input

Those tools test IMAP and POP3 connectivity only – remember that application in your AD must be properly configured.

You need to choose and implement one of the available OAuth 2.0 flows:
https://www.limilabs.com/blog/office-365-basic-auth-is-disabled

The post Office 365: OAuth 2.0 IMAP, POP3 email client connectivity tools first appeared on Blog | Limilabs.

For some time it was possible to re-enable Basic Auth for IMAP and POP3 for your tenant –
– it is no longer possible to do that anymore.

You can find more details here:
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312

Switch to OAuth 2.0

You should switch to OAuth 2.0 for authentication purposes:

Daemons/Services: Password grant (MFA/2FA must be turned off for this account):
https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

Daemons/Services: Client credential flow:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

Web apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-web-flow-office365-exchange-imap-pop3-smtp

Standalone devices (requires very little interaction):
https://www.limilabs.com/blog/oauth2-device-flow-office365-exchange-imap-pop3-smtp

Desktop apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

Below steps are deprecated

If you want to opt-out, read the article below:

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

…or you can go directly to the self-help diagnostic (use your tenant’s Global Admin account):

https://aka.ms/PillarEXOBasicAuth

It’ll bring up the diagnostic in the Microsoft 365 admin center (if you’re a tenant Global Admin).

Hit Run Tests:

….on the next screen you’ll be able to enable Basic Auth for IMAP or POP3:

For accounts that use shared infrastructure you’ll need to run those 2 powershell commands:

Connect-ExchangeOnline
Enable-OrganizationCustomization

The post Office 365: Prevent Basic Auth being disabled first appeared on Blog | Limilabs.

Client credential flow is now supported:

https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

Microsoft is working on bringing OAuth Client Credential Flow support for POP/IMAP for Office365/Exchange. It’s planned to be released in June 2022:

https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=70577

Check out currently supported OAuth 2.0 flows

• OAuth 2.0 with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 password grant with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 device flow with Office365/Exchange IMAP/POP3/SMTP

The post Office365: Client Credential Flow support for POP/IMAP is coming in June 2022 first appeared on Blog | Limilabs.

• OAuth 2.0 with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 web flow with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 password grant with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 device flow with Office365/Exchange IMAP/POP3/SMTP
• OAuth 2.0 client credential flow with Office365/Exchange IMAP/POP3/SMTP

This article shows how to implement OAuth 2.0 device flow to access Office365 via IMAP, POP3 or SMTP using Mail.dll .net email client.

Device flow allows operator/administrator to authenticate your application on a different machine than your application is installed.

Make sure IMAP/POP3/SMTP is enabled for your organization and mailbox:
Enable IMAP/POP3/SMTP in Office 365

Register your application in Azure Portal, here’s a detailed guide how to do that:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Then you need to apply correct API permissions and grant the admin consent for your domain.

In the API permissions / Add a permission wizard, select Microsoft Graph and then Delegated permissions to find the following permission scopes listed:

• offline_access
• email
• IMAP.AccessAsUser.All
• POP.AccessAsUser.All
• SMTP.Send

Remember to Grant admin consent:

Use Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:
https://www.nuget.org/packages/Microsoft.Identity.Client/

string clientId = "Application (client) ID";
string tenantId = "Directory (tenant) ID";

IPublicClientApplication app = PublicClientApplicationBuilder
    .Create(clientId)
    .WithTenantId(tenantId)
    .Build();
// This allows saving access/refresh tokens to some storage
TokenCacheHelper.EnableSerialization(app.UserTokenCache);

var scopes = new string[] 
{
    "offline_access",
    "email",
    "https://outlook.office.com/IMAP.AccessAsUser.All",
    "https://outlook.office.com/POP.AccessAsUser.All",
    "https://outlook.office.com/SMTP.Send",
};

Now acquire an access token and a user name:

string userName;
string accessToken;

var account = (await app.GetAccountsAsync()).FirstOrDefault();
try
{
    AuthenticationResult refresh = await app
        .AcquireTokenSilent(scopes, account)
        .ExecuteAsync();

    userName = refresh.Account.Username;
    accessToken = refresh.AccessToken;
}
catch (MsalUiRequiredException e)
{
    var acquire = await app.AcquireTokenWithDeviceCode(
        scopes, 
        callback=>
    {
        // Write url and code to logs so the operator can react:
        Console.WriteLine(callback.VerificationUrl);
        Console.WriteLine(callback.UserCode);

        // This happens on the first run, manually,
        //  on the operator machine.
        // The code below code is only to illustrate 
        // the operator opening browser on his machine,
        // opening the url and using the code 
        // (extracted from the application logs)
        // to authenticate the app.
        System.Diagnostics.Process.Start(
            new ProcessStartInfo(result.VerificationUrl) 
                        { UseShellExecute = true }
            );

        return Task.CompletedTask;
    }).ExecuteAsync();

    userName = acquire.Account.Username;
    accessToken = acquire.AccessToken;
}

AcquireTokenWithDeviceCode call waits until operator/administrator gives consent by going to VerificationUrl, entering UserCode and authenticating – this usually happens on a different machine than the application is installed.

Finally your app will exit AcquireTokenWithDeviceCode method and connect using IMAP/POP3/SMTP, authenticate and download emails:

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2(userName, accessToken);
 
    client.SelectInbox();

    // ...

    client.Close();
} 

You can find more details on this flow here:

https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code

Token serialization

Below is a simple implementation that saves MSAL token cache to file. Please note that most likely you should store this cache in an encrypted form:

static class TokenCacheHelper
{
    public static void EnableSerialization(ITokenCache tokenCache)
    {
        tokenCache.SetBeforeAccess(BeforeAccessNotification);
        tokenCache.SetAfterAccess(AfterAccessNotification);
    }

    private static readonly string _fileName = "msalcache.bin3";

    private static readonly object _fileLock = new object();


    private static void BeforeAccessNotification(TokenCacheNotificationArgs args)
    {
        lock (_fileLock)
        {
            byte[] data = null;
            if (File.Exists(_fileName))
                data = File.ReadAllBytes(_fileName);
            args.TokenCache.DeserializeMsalV3(data);
        }
    }

    private static void AfterAccessNotification(TokenCacheNotificationArgs args)
    {
        if (args.HasStateChanged)
        {
            lock (_fileLock)
            {
                byte[] data = args.TokenCache.SerializeMsalV3();
                File.WriteAllBytes(_fileName, data);
            }
        }
    }
};

More details on MSAL token serialization are available here:

https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-token-cache-serialization

Extending Sign-in frequency with policies

You can extend how often operator needs to re-authenticate the application up to 1 year:

Side note: Have in mind that similarly a client credential flow requires a client secret which is valid for 2 years maximum.

The post OAuth 2.0 device flow with Office365/Exchange IMAP/POP3/SMTP first appeared on Blog | Limilabs.

Time:

4 AM to 8 AM CST (Minnesota, US)
11 AM to 3 PM CET (Berlin, Germany)
6 PM CST to 10 PM CST (Beijing, China)
7 PM JST to 11 PM JST (Tokyo, Japan)

During the planned maintenance, the system will continue to take orders. However customers may see temporary delays in fulfillment and order confirmation emails.

Once the maintenance is finished, we expect all functionality to resume; orders will be processed, and order confirmation emails will be sent to customers.

The post Order process maintenance scheduled for Feb 8th, 2022 first appeared on Blog | Limilabs.

• GoToTest macro for VisualStudio 2008
• NavigateToTest VS2010 extension
• NavigateToTest VS2012 extension
• NavigateToTest VS2013 extension
• NavigateToTest VS2015 extension
• NavigateToTest VS2017 extension
• NavigateToTest VS2019 extension
• NavigateToTest VS2022 extension

You can download the extension here:
NavigateToTest Visual Studio 2022 extension

Here’s the latest version that supports Visual Studio 2022.

Extension is convention based. It matches ClassName file with ClassNameTest or ClassNameTests and vice-versa, so you can easily navigate to the test file and back.

Here are some screenshots:

Here’s the toolbar name, in case it is not added automatically:

You can download the extension here:
NavigateToTest Visual Studio 2022 extension

The post NavigateToTest VS2022 extension first appeared on Blog | Limilabs.

During the planned maintenance, the system will continue to take orders. However customers may see temporary delays in fulfillment and order confirmation emails.

Once the maintenance is finished, we expect all functionality to resume; orders will be processed, and order confirmation emails will be sent to customers.

The post Order process maintenance scheduled for Feb 24, 2021 first appeared on Blog | Limilabs.

Temporary server error. Please try again later. PRX4

SMTP log looks more or less like this:

Connecting to ‘outlook.office365.com:587’, SSL/TLS: False.

S: 220 AS8PR04CA0136.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 28 Jan 2021 15:43:35 + 0000
C: EHLO[IPv6:2a02:]
S: 250-AS8PR04CA0136.outlook.office365.com Hello[2a02:]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO[IPv6:2a02:]
S: 250-AS8PR04CA0136.outlook.office365.com Hello [2a02:]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH LOGIN XOAUTH2
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH XOAUTH2 dXNlcj1B...EEBAQ==
S: 451 4.7.0 Temporary server error. Please try again later. PRX4[AS8PR04CA0136.eurprd04.prod.outlook.com]

It is a bug on the Office365 side when new business account is created with Microsoft. 

Although SMTP is enabled by default, it is not working. The workaround for this issue is to turn Authenticated SMTP off and turn it on again.

After creating the e-mail account, you have to edit the account.

Go to https://admin.microsoft.com/ and click Setup.

On the “Active users” list find the account you are using:

Then go to “Mail” tab then click “Manage email apps”

There is an option called “Authenticated SMTP”.  It is ticked by default, however to actually make it work you have to uncheck it and save the changes, then go back in and check it again it and save the changes.

You may need to leave it unchecked for some time and wait for some time when it is rechecked, before it starts working.

After this change Mail.dll client can authenticate successfully using OAuth 2.0:

C: AUTH XOAUTH2 dXNlcj1B...BAQ==
S: 235 2.7.0 Authentication successful
C: QUIT

The post Office365: Temporary server error. Please try again later. PRX4 first appeared on Blog | Limilabs.

• GoToTest macro for VisualStudio 2008
• NavigateToTest VS2010 extension
• NavigateToTest VS2012 extension
• NavigateToTest VS2013 extension
• NavigateToTest VS2015 extension
• NavigateToTest VS2017 extension
• NavigateToTest VS2019 extension
• NavigateToTest VS2022 extension

You can download the extension here:
NavigateToTest Visual Studio 2019 extension

Here’s the latest version that supports Visual Studio 2019.

Extension is convention based. It matches ClassName file with ClassNameTest or ClassNameTests and vice-versa, so you can easily navigate to the test file and back.

Here are some screenshots:

Here’s the toolbar name, in case it is not added automatically:

You can download the extension here:
NavigateToTest Visual Studio 2019 extension

The post NavigateToTest VS2019 extension first appeared on Blog | Limilabs.