There are 2 ways of accessing a shared mailbox in Office 365: first -using regular IMAP authentication and a second one – using OAuth 2.0.

Shared mailbox – basic authentication

Make sure basic authentication is turned on:

Try authenticating to users’ regular mailbox with his credentials to check if basic authentication works and the user/password is correct:

client.UseBestLogin("AlexW@example.com", "AlexWPassword");

Access the shared mailbox

Use the following user format:

Username@DomainName\Shared@DomainName

You must use Login method:

client.Login(@"AlexW@example.com\invoices@example.com", "AlexWPassword"); 

-or-

alternatively you may use LoginPlain method:

client.LoginPlain("invoices@example.com", "AlexW@example.com", "AlexWPassword");

Don’t use UseBestLogin for Office365 shared mailboxes and basic authentication.

The reason is Office  365 advertises LOGIN PLAIN as a preferred login method and UseBestLogin chooses to use it. However Office 365 does not recognize Username@DomainName\Shared@DomainName user pattern when using LOGIN PLAIN. For Office 365 to accept a LOGIN PLAIN to a shared mailbox, you need to provide all 3 parameters separately: shared mailbox, user and user password – use LoginPlain to do that.

Shared mailbox – OAuth 2.0

It is much simpler with OAuth. Use any of the available OAuth 2.0 flows:

https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp

https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp

When you’ve obtained an access token you simply use it to access shared mailbox:

string accessToken = result.AccessToken;

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2("invoices@example.com", accessToken);

    client.SelectInbox();

    List<long> uids = imap.Search(Flag.Unseen);
    foreach (long uid in uids)
    {
        var eml = imap.GetMessageByUID(uid)
        IMail email = new MailBuilder().CreateFromEml();
        string subject = email.Subject);
    }
    client.Close();
}

When using SMTP with Office365 and OAUTH 2.0 you may receive this error:

Temporary server error. Please try again later. PRX4

SMTP logs look like this:

Connecting to ‘outlook.office365.com:587’, SSL/TLS: False.

S: 220 AS8PR04CA0136.outlook.office365.com Microsoft ESMTP MAIL Service ready at Thu, 28 Jan 2021 15:43:35 + 0000
C: EHLO[IPv6:2a02:]
S: 250-AS8PR04CA0136.outlook.office365.com Hello[2a02:]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-STARTTLS
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: STARTTLS
S: 220 2.0.0 SMTP server ready
C: EHLO[IPv6:2a02:]
S: 250-AS8PR04CA0136.outlook.office365.com Hello [2a02:]
S: 250-SIZE 157286400
S: 250-PIPELINING
S: 250-DSN
S: 250-ENHANCEDSTATUSCODES
S: 250-AUTH LOGIN XOAUTH2
S: 250-8BITMIME
S: 250-BINARYMIME
S: 250-CHUNKING
S: 250 SMTPUTF8
C: AUTH XOAUTH2 dXNlcj1B...EEBAQ==
S: 451 4.7.0 Temporary server error. Please try again later. PRX4[AS8PR04CA0136.eurprd04.prod.outlook.com]

 It is a bug when setting up an office365 business account with Microsoft. 

After creating the e-mail account, you have to edit the account (go to https://admin.microsoft.com/)

Then go to “Mail” tab then click “Manage email apps”

There is an option called “Authenticated SMTP”.  It is ticked by default, however to actually make it work you have to uncheck it and save the changes, then go back in and re-check it and save the changes.

You may need to leave it unchecked for some time and wait for some time when it is rechecked before it starts working:

C: AUTH XOAUTH2 dXNlcj1B...BAQ==
S: 235 2.7.0 Authentication successful
C: QUIT

First you need to register your application in Azure Portal.

Here’s a detailed guide how to do that:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Enable additional flows:

Then you need to apply correct API permissions and grant the admin consent for your domain.

In the API permissions / Add a permission wizard, select Microsoft Graph and then Delegated permissions to find the following permission scopes listed:

• offline_access
• email
• IMAP.AccessAsUser.All
• POP.AccessAsUser.All
• SMTP.Send

Remember to grant admin consent.

Use Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:
https://www.nuget.org/packages/Microsoft.Identity.Client/

string clientId = "Application (client) ID";
string tenantId = "Directory (tenant) ID";

string userEmail = "Username for mailbox";
string userPassword = "Password for that user";

IPublicClientApplication app = PublicClientApplicationBuilder.Create(clientId)
    .WithAuthority(AzureCloudInstance.AzurePublic, tenantId)
    .Build();

var scopes = new string[] 
{
    "offline_access",
    "email",
    "https://outlook.office.com/IMAP.AccessAsUser.All",
    "https://outlook.office.com/POP.AccessAsUser.All",
    "https://outlook.office.com/SMTP.Send",
};

Now acquire the access token and user email address:

var accounts = await app.GetAccountsAsync();

AuthenticationResult result;
if (accounts.Any())
{
    IAccount account = accounts.FirstOrDefault();
    result = await app.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
else
{
    SecureString securePassword = new SecureString();
    foreach (char c in userPassword)
    {
        securePassword.AppendChar(c);
    }
    result = await app.AcquireTokenByUsernamePassword(
        scopes, 
        userEmail, 
        securePassword).ExecuteAsync();
}

string user = result.Account.Username;
string accessToken = result.AccessToken;

Finally you can connect to IMAP/POP3/SMTP server and authenticate:

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2(user, accessToken);
 
    client.SelectInbox();

    // ...

    client.Close();
} 

First you need to register your application in Azure Portal.

Here’s a detailed guide how to do that:
https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Remember to add authentication entries (localhost is needed for .net core):

Then you need to apply correct API permissions and grant the admin consent for your domain.

In the API permissions / Add a permission wizard, select Microsoft Graph and then Delegated permissions to find the following permission scopes listed:

• offline_access
• email
• IMAP.AccessAsUser.All
• POP.AccessAsUser.All
• SMTP.Send

Remember to grant admin consent.

Use Microsoft Authentication Library for .NET (MSAL.NET) nuget package to obtain an access token:

https://www.nuget.org/packages/Microsoft.Identity.Client/

var pcaOptions = new PublicClientApplicationOptions
{
    ClientId = "Application (client) ID",

    TenantId = "Directory (tenant) ID",
    // -or-
    // for @outlook.com/@hotmail accounts instead of setting TenantId use:
    // AadAuthorityAudience = AadAuthorityAudience.PersonalMicrosoftAccount, 

    RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"
    // RedirectUri = "http://localhost" // for .net core
};

var pca = PublicClientApplicationBuilder
    .CreateWithApplicationOptions(pcaOptions)
    .Build();

var scopes = new string[] 
{
    "offline_access",
    "email",
    "https://outlook.office.com/IMAP.AccessAsUser.All",
    "https://outlook.office.com/POP.AccessAsUser.All",
    "https://outlook.office.com/SMTP.Send",
};

In addition, you can request for offline_access scope. When a user approves the offline_access scope, your app can receive refresh tokens from the Microsoft identity platform token endpoint. Refresh tokens are long-lived. Your app can get new access tokens as older ones expire.

Now acquire the access token and user email address:

var authResult = pca.AcquireTokenInteractive(scopes).ExecuteAsync().Result;

string user = authResult.Account.Username;
string accessToken = authResult.AccessToken;

Finally you can connect to IMAP/POP3/SMTP server and authenticate:

using (Imap client = new Imap())
{
    client.ConnectSSL("outlook.office365.com");
    client.LoginOAUTH2(user, accessToken);
 
    client.SelectInbox();

    // ...

    client.Close();
} 

As this is fairly new feature for Exchange/Office365, here are some useful links:

https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth

https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2

https://stackoverflow.com/questions/43473858/connect-to-outlook-office-365-imap-using-oauth2

https://stackoverflow.com/questions/61597263/office-365-xoauth2-for-imap-and-smtp-authentication-fails