Resources »

Guides »

Integrations »

Azure »

Authenticate an Office365 mailbox using XOAUTH2


Microsoft is in the process of retiring legacy passwords when connecting to Office365 using SMTP, POP3, and IMAP.

To authenticate in the near future you will need to use OAuth2 access tokens instead.

Cerb supports XOAUTH2 authentication for IMAP mailboxes since version 9.6.

This guide explains how to configure the new feature.

Configure an Azure app

If you haven’t already configured an Office365 connected account in Cerb, follow these instructions.

Once your connected account is created you can continue to configuring the mailbox.

Configure your mail transport

In Cerb, navigate to Search » Email Transports.

Create or edit a transport with the following details:

Name: Office365 SMTP
Type: SMTP
Port: 587
Encryption: TLS
Authentication: Enabled
Username: (your email address;
Password: (blank)
XOAuth2: (your O365 connected account from above)

Click the Save Changes button.

Is SMTP authentication not enabled?

If SMTP authentication is not enabled for this tenant, you can enable it with these instructions:

Configure your mailbox in Cerb

In Cerb, navigate to Search » Email Mailboxes.

Create or edit a mailbox with the following details:

Name: Office365
Protocol: IMAP (TLS/SSL)
User: (your O365 address)
Password: (blank)
XOAuth2: (your O365 connected account from above)
Port: 993

Click the Test button at the bottom of the popup.

If connected successfully, click the Save Changes button.

Test your mailbox

You can verify your mailbox is working properly by running the scheduler manually.

Navigate to Setup » Configure » Scheduler.

In the section for Mailbox Checker and Email Downloader, click the run now link.

This will show you a detailed log of your mailbox connection. You should see ‘Connected to mailbox’ and ‘Closed mailbox’ without any authentication errors.

If any new messages were downloaded, Cerb will automatically process them. You can manually process new messages by clicking the run now link in the Inbound Email Message Processor section.

You do not need to manually run the scheduler in the future.