Office365 OAuth2 SMTP configuration - ActiveXperts Network Monitor

ActiveXperts Network Monitor supports virtually any SMTP server to send out e-mail alerts.
There are basically three authentication methods:

• No authentication
• Password Authentication (Account and Password required)
• OAuth2 Authentication (Client ID and an Access Token required)

This article describes how to create an OAuth2 Client ID (also known as Application ID) and how to request an OAuth2 Access Token from the Microsoft Azure platform. You need the OAuth2 Client ID and OAuth2 Access Token to configure ActiveXperts to authorize with the Office365 SMTP service. This is described at the end of this article.

To read more about Office365 Basic Authentication, click here.

Microsoft OAuth2 and ActiveXperts

To use ActiveXperts with Microsoft Office365/OAuth2, you must request three values from the Microsoft Office365 portal:

1. A Client ID that represents the public ID of a new App in your Microsoft Azure AD environment
2. The 'Access Token' associated with the new App
3. The 'Refresh Token' that is required by the ActiveXperts Network Monitor Engine service to request a new 'Access Token' when the 'Access Token' is about to expire.

Client ID Request

The Client ID is a unique, public ID for a Microsoft Application in Office365. Some other services also use a 'Client Secret'. The Client Secret was important in OAuth1, but is not that relevant anymore in Microsoft's OAuth2 implementation. However, companies like Google and Twitter still require the client-secret to get an access-token.

Since the ActiveXperts Network Monitor Engine runs as a service in the background without a user interface, 'OAuth2 Device Code Flow' is used to obtain an Access Token.

Sign In

Sign In to the Microsoft Azure Portal using the following URL: https://portal.azure.com/.
After login, click on 'App Registrations'.

Register a New App

In the 'App Registrations' applet, click on 'New App Registration'.

Fill in the 'Register an Application' form

Now, fill in the 'Register an Application' form.
You can select the a 'Single Tenant' account type, unless the App is also part of other tenants.
Select 'Public client/native' because the App is access by a non-browser application. The 'ActiveXperts Network Monitor Engine' uses 'Device Code Flow' and therefore does not require a redirect URI.

Save the Client ID

After the App Registration has completed, copy the Client ID to your clipboard and save it into a text file for later use.

Modify the Authentication properties

You can already try to setup SMTP in ActiveXperts. But the log file will show the following error:
[AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials]

Click on 'Authentication' on the left pane, and make the following changes:

• In the 'Supported account types' pane, select 'Accounts in any organizational directory'
• In the 'Advanced settings' pane, enable the 'Enable the following flows...' option.

Use ActiveXperts Network Monitor Manager to get the Tokens

Now, use the ActiveXperts Network Monitor Manager to get the Access Token and the Refresh Token. The Refresh Token is used to automatically get a new Access token when the Access Token is about to expire.
To obtain the tokens, choose 'Alert Notification Settings' from the 'Tools' menu and fill in the required parameters:

• SMTP Server: smtp.office365.com
• SMTP Port: 587
• E-mail Address: a valid Office365 account
• Connection Security: STARTTLS
• Authentication Method: OAuth2

Make sure you select 'Microsoft Exchange / Outlook (Common)' from the the Drop Down box, and enter the Client ID that you saved in the previous step.
After pressing the 'Get Authentication Tokens' button, an 'OAuth2 User Code' window will popup, showing the User Code that you need in the Browser window that will popup at the same time.

Proceed all the steps in the Browser. The ActiveXperts Network Manager will be waiting for the steps to complete, and will finally show the generated Tokens.