1. Knowledge Base
  2. MDaemon® Email Server

How to setup MultiPOP for use with Microsoft 365 using OAuth

In late 2022, Microsoft retired Basic Authentication, which will cause MultiPOP configurations for users to no longer collect mail. MDaemon deployed support for OAuth 2.0 in MDaemon 23.0.0 to continue to use MultiPOP for Microsoft 365 accounts.

HTTPS for MDaemon Webmail must be enabled with a valid certificate.  Self-signed certificates are not recommended. 

Follow the steps below to configure Azure and MDaemon to allow MDaemon to authenticate using OAuth and continue to download mail via MultiPOP.

In Azure Active Directory:

  1. Navigate to the App Registrations page
  2. Select New Registration
  3. Enter an application name in the name field.
  4. For Supported account types select Accounts in any organizational directory (Any Azure AD directory - Multitenant)
  5. For "Redirect URI" select web and then enter your redirect URI.
    Change mail.company.test to the FQDN of the MDaemon server
  6. Select Register
  7. Make note of the Application (client) ID
  8. Select API Permissions
  9. Select + Add a permission
  10. Select Microsoft Graph
  11. Select Delegated Permissions
  12. Select POP.AccessAsUser.All and User.Read (User.Read is already selected by default)
  13. Select Add permissions
  14. Select Certificates & Secrets
  15. Click + New Client Secret
  16. Enter a description in the description field.
  17. Select how long the password will be valid for.
  18. Click Add
  19. Copy the password generated in the Value field as it will not be viewable again.

In MDaemon:

  • Open the MDaemon GUI
  • Select Setup
  • Select Server Settings
  • Select MultiPOP
  • Select Enable MultiPOP
  • In the Office365 section, enter the Application (Client) ID from Step 7 above in the Client ID text box.
  • Enter the Value from Step 19 above in the Client Secret text box.
  • Click OK

To create a new MultiPOP profile for a user:

  • Open MDaemon 
  • Select Accounts
  • Select Edit Account
  • Double click on the account  to open the account in the Account Editor.
  • Select MultiPOP
  • Select Enable MultiPOP
  • Enter outlook.office365.com:995 for the Server text box.
  • Enter the Microsoft 365 address in the Logon text box. 
  • Enter the Microsoft 365 address password in the Password text box. 
  • Verify Enable this entry is checked.
  • Check the Leave a copy of message on POP server if desired. 
  • Select Use OAuth
  • Choose the number of days to delete messages older than. (0 = never delete)
  • Choose the maximum size of messages that MDaemon should download. (0 = no limit)
To edit an existing MultiPOP profile in MDaemon's GUI:
  1. Select Accounts
  2. Select Edit Account
  3. Double click on the account to modify.
  4. Select MultiPOP
  5. Select the MultiPOP host(s) to edit the entry.
  6. Verify outlook.office365.com:995 is entered in the Server text box.
  7. Click the Use OAuth checkbox.
  8. Click Replace
  9. Click OK to exit the menu.

Alternatively, the MultiPOP profile can be created or edited in MDaemon's Remote Administration:

  1. Login to Remote Administration as a global or domain admin.
  2. Select Account Manager
  3. Double click the account to edit. 
  4. Select MultiPOP from the Account Settings
  5. Double Click on the host or select the host and click Edit to edit an existing profile or click New to create a new MutliPOP profile. 
  6. Check the Use OAuth checkbox
  7. Click Save and Close

End Users must have the ...edit MultiPOP settings web service enabled in order to authorize the account with Microsoft 365. 

To do this: 

  1. Open MDaemon
  2. Select Accounts
  3. Select Edit Account
  4. Double click on the account to edit to bring up the Account Editor. 
  5. Select Web Services
  6. Verify ...edit MultiPOP settings is enabled.
  7. Click Ok

Once enabled, the end user will need to perform the steps below to authorize MDaemon to connect to the Microsoft 365 account. 

  1. Log in to Webmail
  2. Select Settings (Gear Icon)
  3. Select Mailboxes
  4. Click the Authorize button for the Office 365 POP account.
  5. Click Connect to Office365
  6. Select your Office 365 account and sign in.
  7. Click Accept on the Permissions requested page.
  8. Close the popup window after successful authorization.