My IT department disabled POP/IMAP/SMTP because at the time we went live Exchange Online didn't support X/OAUTH2 (a.k.a "modern auth"), so one could bypass 2FA by using POP/IMAP/SMTP.
However, Microsoft announced X/OAUTH2 support for Exchange Online in April 2020. From what I've seen, one can disable the other auth methods and only allow XOAUTH2. https://developer.microsoft.com/en-us/graph/blogs/announcing-oauth-2-0-support-for-imap-smtp-client-protocols-in-exchange-online/ <https://developer.microsoft.com/en-us/graph/blogs/announcing-oauth-2-0-support-for-imap-smtp-client-protocols-in-exchange-online/> It also appears that this functionality can be enabled on a per-mailbox basis. https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/bc-p/1544725/highlight/true#M28589 <https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-oauth-2-0-support-for-imap-and-smtp-auth-protocols-in/bc-p/1544725/highlight/true#M28589> I've successfully used XOAUTH2 auth via IMAP with Gmail with mutt, so it's definitely possible provided that your IT department enables XOAUTH2. -Jason > On Jun 11, 2021, at 7:46 AM, Ofer Inbar <c...@aaaaa.org> wrote: > > At past jobs I've always used mutt for internal email, but currently > I'm at a company that uses Office 365 and will not enable IMAP on that > service. Reading between the lines (the IT department is not very open), > and based on some searches for information on the web, I strongly suspect > this is because Office 365 + Okta, which we use for SSO, doesn't work > well with IMAP. I'd still like to find some way to use mutt rather > than rely on the horrible Outlook clients. > > Has anyone here found a workaround for this? > Maybe you know of a way to actually enable IMAP and still require some > short-lived token that can only be obtained from Okta? Something I > could suggest to our IT department? > Or maybe there's some way to wire up some proxy that can fetch using > Exchange protocol, and is Okta-aware, and can leave the mail it > fetches in local maildir or mbox? > Or anything else, I'm just vaguely brainstorming. > > (<y local machine is a MacBook, if that affects things) > -- Cos -- Jason White jdwh...@menelos.com "The single biggest problem in communication is the illusion that it has taken place." - George Bernard Shaw
