Access shared/delegate mailbox of Office 365

Enable IMAP/POP3

First make sure IMAP / POP3 are turned on properly: Enable IMAP / POP3 in Office 365

Shared mailbox permissions

Make sure you have access to the shared mailbox. Log in to Microsoft 365 admin portal at https://admin.microsoft.com/ as an administrator, go to Users/Active users tab and select shared mailbox:

On the Mail tab, in Mailbox permissions click Read and manage permissions:

Make sure your user is on the list:

Enable IMAP/POP3 for shared mailbox

On the same screen go to Manage email apps:

and select IMAP and POP3:

Now, there are 2 ways of accessing a shared mailbox in Office 365:

Using regular IMAP basic authentication and a using OAuth 2.0.

Shared mailbox – basic authentication [deprecated]

It is no longer possible to re-enable Basic Auth or use App passwords.

You’ll need to use OAuth described below.

To use basic authentication you’ll need to  re-enable Basic Auth for your tenant:
https://www.limilabs.com/blog/office-365-prevent-basic-auth-disabled

Make sure IMAP/POP3 access is configured and basic authentication is turned on:
Enable IMAP / POP3 in Office 365

Consider using Application passwords for your account instead of your primary password:
Application passwords in Office 365

Try authenticating to users’ regular mailbox with his credentials (or App password) to check if basic authentication works and the user/password is correct:

client.UseBestLogin("AlexW@example.com", "AlexWPass-or-AlexWAppPass");

Access the shared mailbox

Use the following user format:

Username@DomainName\Shared@DomainName

You must use Login method:

client.Login(@"AlexW@example.com\invoices@example.com", "AlexWPass-or-AlexWAppPass"); 

-or-

alternatively you may use LoginPlain method:

client.LoginPlain("invoices@example.com", "AlexW@example.com", "AlexWPass-or-AlexWAppPass");

Don’t use UseBestLogin for Office365 shared mailboxes and basic authentication.

The reason is Office  365 advertises LOGIN PLAIN as a preferred login method and UseBestLogin chooses to use it. However Office 365 does not recognize Username@DomainName\Shared@DomainName user pattern when using LOGIN PLAIN. For Office 365 to accept a LOGIN PLAIN to a shared mailbox, you need to provide all 3 parameters separately: shared mailbox, user and user password – use LoginPlain to do that.

Shared mailbox – OAuth 2.0

It is much simpler with OAuth. Use any of the available OAuth 2.0 flows:

Daemons/Services: Password grant (MFA/2FA must be turned off for this account):
https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

Daemons/Services: Client credential flow:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp

Web apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-web-flow-office365-exchange-imap-pop3-smtp

Standalone devices (requires very little interaction):
https://www.limilabs.com/blog/oauth2-device-flow-office365-exchange-imap-pop3-smtp

Desktop apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

When you’ve obtained an access token you simply use it to access shared mailbox:

string accessToken = result.AccessToken;

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2("invoices@example.com", accessToken);

    client.SelectInbox();

    List<long> uids = imap.Search(Flag.Unseen);
    foreach (long uid in uids)
    {
        var eml = imap.GetMessageByUID(uid)
        IMail email = new MailBuilder().CreateFromEml();
        string subject = email.Subject);
    }
    client.Close();
}

Tags:   

Questions?

Consider using our Q&A forum for asking questions.