Setting Up Exchange Email with finPOWER Connect

Thursday, 23 May 2024 by Mike Jensen

Currently emails within finPOWER Connect are sent using SMTP with basic authentication, i.e. a User Name and Password.

Microsoft has recently announced that Basic authentication for Exchange will be disabled in September 2025. For more information see https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online.

finPOWER Connect version 4.01.01 introduces support for using Microsoft 365 Exchange Online with OAuth (Modern) authentication for email services.

This article describes how to integrate Microsoft 365 Exchange Online email services with finPOWER Connect.

The required tasks are:

  • Set up an App Registration to enable finPOWER Connect to identify itself to Microsoft 365.
  • Configure finPOWER Connect to work with Exchange Online.
  • Verify the required Microsoft 365 user permissions are granted.

Set up an Entra ID App Registration with Exchange Online

The Microsoft identity platform performs identity and access management (IAM) only for registered applications. Whether it's a client application like a web or mobile app, or it's a web API that backs a client app, registering it establishes a trust relationship between your application and the identity provider, the Microsoft identity platform.

This section describes how to create an App Registration to use with finPOWER Connect.

Prerequisites

This article assumes that you already have a Microsoft 365 Exchange Online tenant set up and working.

Get Tenant ID

We need to find out your Tenant ID, as that informaton will be required when configuring finPOWER Connect. Follow these steps:

Go to the Azure administration portal https://portal.azure.com.

Choose Microsoft Entra ID

Click Overview (1)

Take note of the Tenant ID displayed in the Overview page (2). That information is required to configure finPOWER Connect.

Create App Registration

Go to App registrations (1) Click on New registration (2)

NOTE: The image shows an application that was already created. You probably won't see anything in your applications list.

On the Register an application page: Give the application a name, e.g. finPOWER Connect Email

For Supported account types, choose the Single Tenant option, i.e. Accounts in this organizational directory only (your-tenant-name - Single tenant).

For Redirect URI, choose Public client/native (mobile & desktop) for the platform, and use the URI: https://localhostfinPOWER/Temporary_Listen_Addresses/.

Click the Register button.

Get the Client ID

Back in the list of App registrations (1) - which you might have to refresh first - you should see your new app registration and its Application (Client) ID.

Click on All applications (2) and locate the Application (Client) ID for your App Registration (3).

Take note of the Client ID. It is required for configuring finPOWER Connect later.

Assign Permissions

Click on the App registration you just created to open it.

Click on API Permissions (1), then click the Add a permission link (2).

A pop-over page appears on the right. Click the Microsoft Graph panel.

Select Delegated permissions (1), then use the search box (2) to start locating and assigning permissions.

You need to add the following permissions:

  • IMAP.AccessAsUser.All
  • SMTP.Send

Type the permission code (or some of it) in the search box (1). When the permission you want appears, click the checkbox to select it (2).

Repeat for the other permissions you need to assign.

Click the Add permissions button at the bottom of the pop-over to apply your permission selections.

Then click the Grant admin consent for [your-tenant-name] button.

In the screenshot the grant has already been done, and the permissions' statuses show as granted in the grid.

Configure finPOWER Connect for Exchange Online

Under Global Settings you can define the default email address that emails from your Company come from. In addition, each User can use their own email address if required.

So, always setup Global Settings and then for those Users that you want to override the global email address, override this in User Preferences.

In Global Settings, Messaging, Email, Specify Exchange Configuration. (1)

Enter the Tenant ID and Client ID (aka Application ID) from your Microsoft 365 Exchange Online tenant. (2)

In the User Name box, enter the email address for global email address you want emails from your company to come from This must match a user defined in your Exchange Online tenant.

Click Authenticate. (3) You will be directed through the Microsoft log in process, which may include two-factor authentication using your Authenticator app. The process generates a Token which is stored in Global Settings.

Once authentication has completed successfully, the Deauthorise and Verify buttons become enabled.

Deauthorise will remove the token data from Global Settings.

Verify will send a test email. Do this to ensure your configuration was successful.

NOTE: There are equivalent Exchange Configuration settings fields in User Preferences, Messaging, Email that work the same way as those in Global Settings. If provided, they will override the configuration in Global Settings.

Authenticated SMTP Permission

If you have recently set up your Exchange Online tenant you will need to check that your users have the Authenticated SMTP permission. If you have an existing Exchange Online tenant, you might need to assign the permission, or it might already be assigned. Our observation is that older Exchange Online tenants had this permission granted by default, and newer tenants are created without the permission granted.

The Authenticated SMTP permission must be granted to all users using their own within finPOWER Connect.

Log in to your Microsoft 365 administration portal https://admin.microsoft.com and select the list of Active users in the Users section.

In the list of active users, click on a user name (e.g. click on "Intersoft Dev" in the example image)(1). A side panel will pop up. Click on Mail (2) then Manage email apps (3).

Make sure Authenticated SMTP is checked:

All the other permissions will probably be checked already. Leave them as you find them.

Save your changes.

Repeat for other users.