Office 365 Email Administrative Setup: Difference between revisions
Jspenceratty (talk | contribs) |
Jspenceratty (talk | contribs) No edit summary Tag: Manual revert |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Office 365 Azure Active Directory Setup== | ==Office 365 Azure Active Directory / Entra ID Setup== | ||
In the Azure Active Directory menu, click on "App registrations" | |||
NOTE: Microsoft renamed Azure Active Directory to Microsoft Entra ID in August 2023. Some naming on screen shots may have changed. | |||
In the Azure Active Directory / Entra ID menu, click on "App registrations" | |||
[[File:Screenshot 2022-12-09 at 9.37.34 AM.png|400px]] | [[File:Screenshot 2022-12-09 at 9.37.34 AM.png|400px]] | ||
| Line 12: | Line 15: | ||
# Enter a "Name" for the application, for example, "Prime 16 Email Application". | # Enter a "Name" for the application, for example, "Prime 16 Email Application". | ||
# Leave the "Supported account types" selection of "Accounts in this organizational directory only". | # Leave the "Supported account types" selection of "Accounts in this organizational directory only". | ||
# In "Redirect URI", choose "Public client/native (mobile & desktop)" and enter <nowiki>"http://localhost:3017"</nowiki> in the next box. | # In "Redirect URI", choose "Public client/native (mobile & desktop)" and enter <nowiki>"http://localhost:3017"</nowiki> in the next box. [NOTE: The port (3017 shown here) may be different for your organization. The port information can be given to you by the support team here, or you can check the EmailUtilities module and look for the "ListenPort" setting.] | ||
# Click the "Register" button | # Click the "Register" button | ||
| Line 63: | Line 66: | ||
Click "+ Add a permission" link in the "API permissions" page. | Click "+ Add a permission" link in the "API permissions" page. | ||
This time, select "APIs my organization uses" at the top. In the search box, enter "Office 365 Exchange Online". Choose the resulting entry, then choose "Delegated permissions". Then, in "EWS" select the "EWS.AccessAsUser.All" | This time, select "APIs my organization uses" at the top. In the search box, enter "Office 365 Exchange Online". Choose the resulting entry, then choose "Delegated permissions". Then, in "EWS" select the "EWS.AccessAsUser.All" and "Calendars.ReadWrite" entries. Choose "Add permissions" at the bottom. | ||
Click the "Grant admin consent for kempscaseworks.com" at the top of the "API permissions page". And choose yes. This will keep users from seeing the "Do you grant consent to this application" when they attempt to use the Email system | Click the "Grant admin consent for kempscaseworks.com" at the top of the "API permissions page". And choose yes. This will keep users from seeing the "Do you grant consent to this application" when they attempt to use the Email system | ||
| Line 107: | Line 110: | ||
! Item !! Entry !! Notes | ! Item !! Entry !! Notes | ||
|- | |- | ||
| Email Address || user.name@organization.org || | | Email Address || user.name@organization.org || Always enter the email address the user will use to log on to O365. The credentials returned from O365 must match the email address entered here to ensure the correct security settings.. | ||
|- | |- | ||
| Name (shown on outgoing email) || User Name || If the user will be given permission to send and read mail from a shared mailbox in the organization system AND they want only to use that email from within Prime, you may enter the Name for that shared email box here and leave the "Send As Email Name" entry below blank. | | Name (shown on outgoing email) || User Name || If the user will be given permission to send and read mail from a shared mailbox in the organization system AND they want only to use that email from within Prime, you may enter the Name for that shared email box here and leave the "Send As Email Name" entry below blank. | ||
| Line 127: | Line 130: | ||
| Email server username || user.name@organization.org || | | Email server username || user.name@organization.org || | ||
|- | |- | ||
| Email server password || <enter some random string, for example: asd908ju2> || Any random string will be fine when using the Office 365 Email system with Azure Active Directory. | | Email server password || <enter some random string, for example: asd908ju2> || Any random string will be fine when using the Office 365 Email system with Azure Active Directory / Entra ID. | ||
|- | |- | ||
| User O365 Settings || Check the box || | | User O365 Settings || Check the box || | ||
Latest revision as of 16:02, 31 July 2023
Office 365 Azure Active Directory / Entra ID Setup
NOTE: Microsoft renamed Azure Active Directory to Microsoft Entra ID in August 2023. Some naming on screen shots may have changed.
In the Azure Active Directory / Entra ID menu, click on "App registrations"
At the top of the "App registrations" page, click on the "+ New Registration" link
In the "Register an application" page:
- Enter a "Name" for the application, for example, "Prime 16 Email Application".
- Leave the "Supported account types" selection of "Accounts in this organizational directory only".
- In "Redirect URI", choose "Public client/native (mobile & desktop)" and enter "http://localhost:3017" in the next box. [NOTE: The port (3017 shown here) may be different for your organization. The port information can be given to you by the support team here, or you can check the EmailUtilities module and look for the "ListenPort" setting.]
- Click the "Register" button
This should return you to the new app registration. Your chosen Name for the application should appear at the top of the form. Now click on the "API permissions" link
In the "API permissions" page, click on the "+ Add a permission" link
In the "Request API permissions" box, select "Microsoft Graph"
When asked "What type of permissions does your application require?", choose "Delegated permissions"
From the resulting list below that, check the box next to the following options;
OpenId permissions:
- offline_access
- openid
- profile
IMAP
- IMAP.AccessAsUser.All
MailboxSettings
- MailboxSettings.Read
- Mail.Read
- Mail.Read.Shared
- Mail.ReadWrite
- Mail.ReadWrite.Shared
- Mail.Send
- Mail.Send.Shared
SMTP
- SMTP.Send
User
- User.Read
Click "Add permissions" at the bottom of the "Request API permissions" box.
The resulting page should look like this:
Click "+ Add a permission" link in the "API permissions" page.
This time, select "APIs my organization uses" at the top. In the search box, enter "Office 365 Exchange Online". Choose the resulting entry, then choose "Delegated permissions". Then, in "EWS" select the "EWS.AccessAsUser.All" and "Calendars.ReadWrite" entries. Choose "Add permissions" at the bottom.
Click the "Grant admin consent for kempscaseworks.com" at the top of the "API permissions page". And choose yes. This will keep users from seeing the "Do you grant consent to this application" when they attempt to use the Email system
Prime 16 Setup
Within Prime 16, got to the "Admin" top line menu and choose "Custom Admin" and choose "O365 Setup". Enter the values as follow:
| Item | Entry |
|---|---|
| OnlyOneRowAllowed | True |
| Redirect URI | http://localhost:3017 |
| the Client ID | <copy value for Application (client) ID from the App registration you created above as shown File:Screenshot 2022-12-09 at 1.17.45 PM.pnghere> |
| client Secret | <Enter a random string, for example: jo2i3jutr98uyxcvoijkn2> |
| scope | https://outlook.office.com/IMAP.AccessAsUser.All%20offline_access%20email%20openid |
| auth Uri | <copy value the App registration, click on Endpoints and enter the value from "OAuth 2.0 authorization endpoing (v2)". That should look like this:
https://login.microsoftonline.com/<your directory tenant id>/oauth2/v2.0/authorize > |
| token Uri | <copy value the App registration, click on Endpoints and enter the value from "OAuth 2.0 token endpoing (v2)". That should look like this:
https://login.microsoftonline.com/<your directory tenant id>/oauth2/v2.0/token |
Close this form to save the entries.
Staff Member Setup
Open the Staff Member Input Form (Admin-->Staff Settings-->Search Staff and select a staff member).
In the "Email Setup" tab, ensure the following entries:
| Item | Entry | Notes |
|---|---|---|
| Email Address | user.name@organization.org | Always enter the email address the user will use to log on to O365. The credentials returned from O365 must match the email address entered here to ensure the correct security settings.. |
| Name (shown on outgoing email) | User Name | If the user will be given permission to send and read mail from a shared mailbox in the organization system AND they want only to use that email from within Prime, you may enter the Name for that shared email box here and leave the "Send As Email Name" entry below blank. |
| Account type | IMAP | |
| Incoming mail server | outlook.office365.com | |
| Incoming port | 993 | |
| Incoming security | SSL | |
| Outgoing mail server | smtp.office365.com | |
| Outgoing port | 587 | |
| Outgoing security | TLS | |
| Email server username | user.name@organization.org | |
| Email server password | <enter some random string, for example: asd908ju2> | Any random string will be fine when using the Office 365 Email system with Azure Active Directory / Entra ID. |
| User O365 Settings | Check the box | |
| Send As Email Address | IntakeGroup@organization.org | If the user will be given permission to send and read mail from a shared mailbox in the organization system, you can enter the email address for that shared mailbox here to give the user the ability to select to send from or to read email in that account. |
| Send As Email Name | Intake Group Mailbox | This is the name that will be included on outgoing email from the shared mailbox. |