On Feb 12, 2020, at 11:48, Gerry O'Brien <gerry.obr...@scss.tcd.ie> wrote: > I don't think Microsoft have implemented OAUTH for IMAP on Exchange Online > yet so we file this and get back to ye when they do.
In Sep2013 Microsoft announced IMAP/OAuth2 support for personal Microsoft accounts (Hotmail.com, Outlook.com, et cetera): https://www.microsoft.com/en-us/microsoft-365/blog/2013/09/12/outlook-com-now-has-imap/ https://msdn.microsoft.com/en-us/windows/desktop/dn440163 The first post includes some technical details on the XOAUTH2 conversation with the server and the scopes to request. Alas, that approach doesn't work with Azure AD accounts (so-called "Office365" accounts). In my experimenting, the OAuth2 endpoints for Azure AD didn't recognize the scopes "wl.offline_access wl.imap", also the app registration page in portal.azure.com did not show any IMAP scopes. Fortunately that situation appears to be changing. The following post is slightly informative: https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2?noredirect=1&lq=1 Therein, Microsoft states in mid-2015 that they have no intention of adding Azure support for IMAP OAuth2, but an update from Microsoft in mid-2019 states they are actively working on it! The post https://stackoverflow.com/questions/58914816/oauth2-imap-how-to-request-consent-for-imap-accessasuser-all-permission-for-a/58926034#58926034 indicates the relevant scope might be named "imap.accessasuser.all", but when I myself go to portal.azure.com / Azure AD / App Registration, and look under the Exchange permissions as per the screenshot in the above post, I don't have an IMAP entry sitting between Group and MailboxSettings. So perhaps only certain developers (registered MS beta testers?) get to see that at this time. In summary, there's hope (for those being forced to use Office365 but wanting to use a mail client of their choice), but unclear when it will become reality.
