LogicMonitor seeks to disrupt AI landscape with $800M strategic investment at $2.4B valuation to revolutionize data centers.

Learn More

Microsoft 365 OAuth Email Monitoring

Last updated on 03 October, 2024

Microsoft 365 has announced deprecation of basic authentication in Exchange Online. Due to these changes, basic email monitoring now requires OAuth token validation for IMAP, POP3, and SMTP. To authenticate LogicMonitor with Office 365, you need to update the app registration in Microsoft Azure.

Note: For more information, see Authenticate an IMAP, POP or SMTP connection using OAuth in the Microsoft 365 documentation.

Requirements

  • You must be an administrator of the Microsoft Azure account to make configuration changes.
  • Upon initial setup of the App Registration in Azure:
  • Install the LogicModules for Email Service Monitoring. For more information, see Email Service Monitoring.

Adding Authentication to the App Registration

  1. In Microsoft Azure, navigate to the App registration page.
  2. From the Manage menu, select Authentication.

    MS authetication page

  3. Under Platform configurations, select Add a platform.
  4. On the Configure platforms panel, select Web.
  5. On the Configure web panel, for the Redirect URI, enter: http://localhost/
  6. Select Configure.
  7. Navigate to Certifications & Secrets and select New client secret.

    Microsoft certificates page

  8. On the Add a client secret panel, enter a Description and an Expires time-range and then select Add.
  9. Copy the Value and Secret ID and save them to a secure location.
  10. Navigate to Manage > API permissions.
  11. Select Add permissions to enable the following:
    • Microsoft Graph (Delegated)
      • IMAP.AccessAsUser.All
      • SMTP.Send
    • Office 365 Exchange Online (Application)
      • IMAP.AccessAsApp
      • POP.AccessAsApp
      • ReportingWebService.Read.All
  12. Navigate to Manage > App roles and select Create app role.



  13. On the Create app role panel, enter the following:
    • Display Name: AppAdmin
    • Allowed member types: Applications
    • Value: Enter the role that corresponds with the protocol permission (for example, IMAP.AccessAsUser.All).
    • Description: Enter a description for the new role.
    • Do you want to enable this app role? Enable
    • Select Apply.
  14. Create a service principle. For more information, see Create an Azure service principle with Azure PowerShell

Azure Integration Assistant

You can use the Integration assistant in the Azure portal (App registrations > Integration assistant) for guidance and verification. 

Microsoft integration page

Assigning Properties to the Resource

The following custom properties must be set in LogicMonitor for the device associated with the Microsoft 365 Office OAuth resource. For more information on setting properties, see Resource and Instance Properties .

PropertyValue (Azure App Registration)
office365.clientApplication (client) ID
office365.clientsecret.passValue (Certificates & secrets)
office365.tenantidDirectory (tenant) ID

Next Steps

For troubleshooting, use LogicMonitor’s email monitoring to review any error codes. The expected behavior for Microsoft 365 is to show success on the obtained token and cached token. The obtained token value changes each time the token expires or is refreshed.

Note: Manual troubleshooting of the API endpoint can be managed through CURL commands. Endpoints are located in Azure > App registrations > Overview > Endpoints.

Microsoft New App page
In This Article