This article will provide information on the changes being implemented by Microsoft and the OAuth support for Archiver.
Preview Information is available on the GFI Insider Google Group.
Microsoft is discontinuing support for Basic Authentication in Microsoft 365 for Exchange Web Services (EWS). Their strategy is documented here: https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055
The alternative is to switch to OAuth authentication. GFI has been working on the new integration between Microsoft 365 with GFI Archiver for our customers, and a preview build with version v15.1 is below.
This is a Preview BETA build. We appreciate anybody who can test this new functionality. It is advised that proper backup mechanisms are in place when running in production environments.
EWS passwords (in GFI Archiver for DataSources, Import/Export, and Folder Sync) should be set using the format below when using OAuth Authentication via EWS.
[password]_@oAuthCoxn_[ClientID] (underscore included)
[password] is the user's password (as before)
[ClientID] is the OAuth ClientID obtained when registering GFI Archiver as an OAuth client app in Microsoft 365
To Register GFI Archiver as an OAuth client in Microsoft 365
To use OAuth, an application must have an application ID issued by Azure Active Directory. In this tutorial, it is assumed that the application is a console application, so you need to register your application as a public client with Azure Active Directory.
Open a browser and navigate to the Azure Active Directory admin center and login using a personal account (aka: Microsoft Account) or Work or School Account.
Select Azure Active Directory in the left-hand navigation, then select App registrations under Manage.
- Select New registration. On the Register an application page, set the values as follows.
- Set Name to a friendly name for your app - GFI Archiver
- Set Supported account types to the choice that makes sense for your scenario.
- For Redirect URI, change the dropdown to Public client (mobile & desktop) and set the value to urn:ietf:wg:oauth:2.0:oob.
- Choose Register. On the next page, copy the value of the Application (client) ID and save it, you will need it later.
- Select API permissions in the left-hand navigation under Manage.
- Select Add a permission. On the Request API permissions page, select Exchange under Supported legacy APIs.
- To use Delegated permissions, select Delegated permissions and then select EWS.AccessAsUser.All under EWS. Click on Add permissions.