Announcement

Collapse
No announcement yet.

Connecting to Email Connector with Office 365 App Password

Collapse
X
 
  • Filter
  • Time
Clear All
new posts

    Connecting to Email Connector with Office 365 App Password

    With the requirement by Microsoft to implement new security policies we have turned on MFA for the account that is used by the Email Connector. Since CommitCRM wouldn't be able to do anything with MFA we created an App Password for the account. We ran ServerConfig.exe and entered the App Password into the password fields for Outgoing Mail Server and Email Connector but it doesn't seem to be working properly. When we run the test from those areas we just get responded back with bad username or password.

    Does anyone have ideas on what might be going on?

    Re: Connecting to Email Connector with Office 365 App Password

    So here is what I have gotten so far.

    Microsoft announced an important update regarding these mandatory partner security requirements. Effective February 29, 2020, Azure Active Directory "baseline" policies will be removed and replaced with "security defaults." These new policies are more comprehensive and designed to protect your organization with pre-configured security settings for common attacks.

    It sounds like Commit needs to support the more secure Modern Authentication method as opposed to the Legacy Authentication methods that were previously allowed. As a Microsoft Partner and CSP we are required to have made this change by Feb 29th.

    In order to continue working in a manner that is compliant for Microsoft Partners and CSP's Commit would have needed to have been setup as a registered Office 365 Application in the Azure Portal. I don't believe this has been done yet.

    So since most of us are MS Partners and CSP's, how is everyone else handling this without risking their Microsoft Partner status by disabling things to allow Commit to continue working?

    Comment


      Re: Connecting to Email Connector with Office 365 App Password

      This doesn't specifically answer your question, but there might be an opportunity for me to assist to work around what you are using the CommitCRM email features for.

      You are correct, Microsoft CSP tenants must have secure defaults turned on.
      Alternatively you can purchase Azure Premium P1 for every mailbox/user in your Tenant.
      Not a great alternative.
      In our MSP/IT business, we do not use the email features of CommitCRM. For automated emailing to customers, we have traditionally used a inhouse LAMP platform that amoungst other things, sends AV and RMM reports to customers via a Postfix server.
      I've never been entirely happy with this setup.

      For a while we have been working on our Jupiter Server product, which eventually will replace our LAMP platform and our Postfix server.
      As part of this, Microsoft's decision regarding SecureDefaults triggered us to work on a utility that harnesses Jupiter Server that we call sendmail.exe.

      In summary,
      Using Powershell (or a .NET application), it is possible to connect to Jupiter Server to obtain data from your CommitCRM database.
      Also using Powershell, sendmail.exe can be scripted to allow you to send email with securedefaults turned on.

      Documentation on sendmail.exe is here
      https://dentaur.com.au/jupiter-serve...port/sendmail/

      If you have further questions you can email me
      andrew@dentaur.com

      Comment

      Working...
      X