Skip to main content

Office 365 Email Authentication

How do I setup the new Office 365 Email Authentication?

D
Written by Dylan Jackson
Updated over 2 months ago

Overview

Microsoft is phasing out Basic Authentication across Office 365 services, which affects applications like Weighsoft 5 that rely on SMTP for email delivery. This guide outlines the steps required to configure Weighsoft 5 to use Modern Authentication via token-based access, ensuring continued email functionality.

Pre-Requisites

  • Access to Azure Active Directory and Office 365 Admin Center

  • A publicly accessible URL for your Weighsoft instance

  • Valid SSL certificate (if using HTTPS)

Step 1: Enable External URL Access for Weighsoft

To allow token-based communication, Weighsoft must be accessible externally.

  1. Configure IIS to expose the Weighsoft site publicly.

  2. Use either:

    • A new domain (recommended for remote access)

    • Port 80 exposure (for basic external access)

  3. Note the public URL or IP address — this will be used as the Redirect URI in Azure and Weighsoft.

Note: If using HTTPS, ensure a valid SSL certificate is installed.

We are unable to assist with putting this in place on your server unless you are hosted by the Access Group. In the case of Hosted we will provide the location to connect to.

Due to the inherent cyber security risks associated with setting up and maintaining an external domain the process of acquiring a domain and configuring IIS must be handled internally by your IT and cyber security teams to ensure the address is correctly configured and secure.

If you wish for us to manage your external access, please contact your Account Manager to discuss migrating to our hosted platform.

Step 2: Register an Application in Azure

  1. Go to Azure Portal > App Registrations.

  2. Create a new registration.

  3. This will take you to a screen similar to the below:

  4. Record the following:

    • Client ID

    • Tenant ID

  5. Assign an owner email address to the app.

  6. In the API Permissions tab:

    • Add Mail.Send under Delegated Permissions for Office 365 Exchange Online.

Step 3: Configure the Email User

  1. Go to Microsoft 365 Admin Center. (https://admin.microsoft.com/)

  2. Navigate to Active Users > Select the user.

  3. Under Mail > Manage App, enable Authenticated SMTP.

Note: Authenticated SMTP supports both username/password and token-based methods. When the master setting is disabled, only token-based access will work.

Step 4: Setup Redirect URI (for MFA only)

The Redirect URI is the address that allows Weighsoft and the email server to communicate. When Weighsoft attempts to connect up to send an email Azure will reply with a token which then grants Weighsoft access.

If using Multi-Factor Authentication (MFA):

  1. Go to Azure > App Registration > Authentication > Mobile and Desktop Applications.

  2. Add the following Redirect URIs:

    • https://<<public URL>>/Mail/Mail

    • https://<<public URL>>/Mail/Index (if emails are also sent from your web portal)

Step 5: Configure Weighsoft 5

We have 2 solutions which will work in Weighsoft when basic authentication is disabled. The office user can be a user/pass token or an MFA Token.

These steps will also need to be carried out on your Web Portal if you are setting up emails to be sent from there as well.

Universal Settings

Apply these settings in both:

  • Settings > Email

  • Lookups > Companies > Email Tab

Set the following:

  • SMTP Username and From Address: Use the email address from the app registration.

  • If there is a "Clear" link next to the password field, click on it to remove the saved password.

  • Secure Socket: StartTls

  • Security Protocol Type: SystemDefault

  • Enter Client ID and Tenant ID

Option 1: Token Authentication

  • Enable Use Token

  • Ensure Client ID and Tenant ID are entered

Note: The "Redirect URI" option is only required if you use the "MFA" option, as detailed below.

Option 2: Multi-Factor Authentication (MFA)

  1. Enable Use Token and Use MFA

  2. Enter the Redirect URI

  3. Click Update

  4. Click Start Login Here (in both Settings and each Company)

Important: The Redirect URI is Case-Sensitive and must match exactly what was entered into Azure

You’ll be prompted to log in and complete MFA. A successful login will generate a token for Weighsoft to use.

Note: You will need to go through the Start Login Here option on Each company in the Lookups section, as well as the Email section in Settings.

Token Lifecycle

Tokens refresh automatically with usage, but in the event it remains unused for ~30 days, re-authentication via MFA is required.

Removing MFA from a User

  1. Go to Azure Profile

  2. Edit Security Info

  3. Remove MFA methods (e.g., phone, app)

This reverts the user to username/password authentication (if Basic Auth is still enabled).

Mail Server Options

  • outlook.office365.com

  • smtp.office365.com

Common Issues

  • Incorrect API permissions (e.g., User.Read added under Graph instead of Office 365)

  • MFA not configured with a device

  • TLS 1.0/1.1 not disabled on server (use IIS Crypto by Nartac Software)

  • Case mismatch in Redirect URI

  • Using localhost in Redirect URI (must be accessed from server directly)

  • MFA login not completed in both System and Company sections

Related Articles
Create a new User
Email Address Validation
Configuring Email Settings
Modify a Quote template
Getting support in Weighsoft
Did this answer your question?