Don’t use UseBestLogin for Office365 shared mailboxes and basic authentication.
The reason is Office 365 advertises LOGIN PLAIN as a preferred login method and UseBestLogin chooses to use it. However Office 365 does not recognize Username@DomainName\Shared@DomainName user pattern when using LOGIN PLAIN. For Office 365 to accept a LOGIN PLAIN to a shared mailbox, you need to provide all 3 parameters separately: shared mailbox, user and user password – use LoginPlain to do that.
Shared mailbox – OAuth 2.0
It is much simpler with OAuth. Use any of the available OAuth 2.0 flows:
It is a bug when setting up an office365 business account with Microsoft.
After creating the e-mail account, you have to edit the account (go to https://admin.microsoft.com/)
Then go to “Mail” tab then click “Manage email apps”
There is an option called “Authenticated SMTP”. It is ticked by default, however to actually make it work you have to uncheck it and save the changes, then go back in and re-check it and save the changes.
You may need to leave it unchecked for some time and wait for some time when it is rechecked before it starts working:
var pcaOptions = new PublicClientApplicationOptions
ClientId = "Application (client) ID",
TenantId = "Directory (tenant) ID",
// for @outlook.com/@hotmail accounts instead of setting TenantId use:
// AadAuthorityAudience = AadAuthorityAudience.PersonalMicrosoftAccount,
RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
// RedirectUri = "http://localhost" // for .net core
var pca = PublicClientApplicationBuilder
var scopes = new string
In addition, you can request for offline_access scope. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.
Now acquire the access token and user email address:
var authResult = pca.AcquireTokenInteractive(scopes).ExecuteAsync().Result;
string user = authResult.Account.Username;
string accessToken = authResult.AccessToken;
Finally you can connect to IMAP/POP3/SMTP server and authenticate:
using (Imap client = new Imap())
As this is fairly new feature for Exchange/Office365, here are some useful links: