The GoAnywhere Support team wants to make sure our customers are aware that on September 1, 2022 Microsoft announced they will let customers re-enable basic authentication for selected protocols one time after the October 1st deadline until the end of 2022. Microsoft said it will permanently disable basic authentication for these protocols in the first week of January 2023. The link below has the information and also instructions for “avoiding disruption” if you act fast. To do this, Diagnostics must be completed on or before September 30, 2022. Please follow the link below for complete details.

https://techcommunity.microsoft.com/t5/ ... -p/3609437

This is a Microsoft mandate for online services and does not affect on-premise systems or SMTP (sending mail) at this time. For more information, or for additional help to configure your Microsoft Azure account, please contact Microsoft Azure support. We have included the steps in our start up guide, but configuration is the responsibility of the account administrator.

Since some of our customers use the MS Exchange Server online within their workflows, the GoAnywhere Development team has released a new connector to obtain the needed token for authentication. The new OAuth Online Connector is available for free download from our Marketplace. Here’s how:

1. In the Admin UI, navigate to System, then Add-ons.
In 7.0.x, it will look like this…  
2. Click the Marketplace button at the top left.
3. Enter ‘oauth’ to search, then click the connector name to see the link to the startup guide.
4. Click the link for the Getting Started guide. Save the PDF once opened.

5. Click install to download and install the connector (7.0.x UI shown).
Now you are ready to get started setting up the OAuth Online Connector. The next step is the guide you’ve downloaded and saved. If you lose track of it, just go back to the Marketplace and get it again.

The Development team has thoughtfully provided this enumerated step-by-step guide for the Microsoft process. Steps 1-9 are based on the Microsoft instructions and are for use with the Microsoft service, so we must ask that you carefully follow the guide provided with the connector, keeping in mind that if necessary, it is possible to delay Modern Auth to the end of the year as mentioned above.

It is important to know that the token has an expiry, and therefore must be retrieved in each workflow, before it can be used in the Retrieve Email task. This will require a change to each workflow retrieving from the online Exchange server.

Please note: The Microsoft Graph section of the MFT configuration instructions (1-6 at bottom of page 3) can be skipped. This connector is designed to work with Graph, but these steps are not necessary to retrieve or use the mailbox token.


SFT Professional Services

If you would like our Professional Services team to set up the connector for you, please send an email with your request to [email protected]. The professional services team is available to assist for configuration of resource changes, cloud connector configuration and assistance on workflow design changes to accommodate the new Oauth token needed. The workflow changes will be delivered on up to 3 projects adding the authentication task to the mailbox connector. This will be offered at a pre-package rate of $500. Please note the Services team will not be able to deliver same day requests for configuration. There may be up to one week delay for requests, which may impact projects if additional time was not requested to Microsoft.

If you feel you have accurately followed the Getting Started guide and are still having issues, please see the "Exchange Mailbox Troubleshooting" guide posted as a response below. introducing-the-oauth-connector-for-ms- ... 113a#p3157

Make sure you have found and followed the Quick Start Guide in the Add-On Marketplace from steps 1-4 on this forum page:
introducing-the-oauth-connector-for-ms-online-1641

While we have provided steps for the Azure configuration as a convenience, this is a Microsoft service and the steps were derived from Microsoft documentation. Azure admin Access and admin knowledge is required.

If the Getting Started guide is followed correctly, the OAuth Connector should work. As of this posting, we have not seen any other issues besides an access restriction, missed step or mistake. Here are a few examples:

1. Cannot access the Marketplace due to firewall security policies

We realize that not all customers permit their GA server to connect to the Web directly, so we provide XML for free connectors (Command Client and MS Oauth). Contact [email protected] to request the MS OAuth Connector XML if your GA server is unable to reach the Marketplace.

2. Incorrect Azure admin permissions

Make sure you have the proper permissions. You should see “Application” permission Type, not Delegated as shown below, and make sure the admin consent is “Granted” in the Status column. Also, confirm the page path at the top line is correct:


Example of incorrect permissions Status

IMPORTANT: If permissions were delegated instead of granted, after correction, the tenant approval process will need to be repeated. You will need to delete the service principle and re-add it.


Removal and Re-adding Example:
Please note: You do not have to re-install The Exchange Online Management module as instructed in IMAP step 8, but BEFORE you remove and recreate the principle, you will need ‘Import’ and ‘Connect’ as shown in that step’s first command string IF you have opened a new PowerShell session.

3. POP-3 Exchange Servers
Please note that POP-3 Mailbox Resources will not work with Modern Auth
This might Microsoft forum link for migrating to IMAP: https://learn.microsoft.com/en-us/answe ... -imap.html


4. Incorrect Object ID
Make sure you have copied the object ID from the correct location – Enterprise Application page (from Admin Center).
When copying the ID from the source in step 8 of the IMAP section, the page path at the top, and the title should match this example. IMPORTANT: If you need to copy the ID again, you will need to repeat the steps from the New Service Principle command (step 4.8 in IMAP section) with the correct IDs.


5. Failing IMAP Mailbox Test
• Be sure to:
o Run the Microsoft OAuth Connector's Resource Test
o Copy the returned token from the test (double clicking it first should make it easy)
o Run the IMAP Mailbox Resource Test
o Paste the token in when prompted (just the token, no white spaces or other characters)


6. Additional Things to Check / Troubleshooting Tips
Make sure you followed the guide exactly. Here are some of the other things we have seen people miss:
o Make sure not to add the "Microsoft Graph > IMAP.AccessAsApp" permission instead of the "Office 365 Exchange Online > IMAP.AccessAsAp" permission.
o IMAP > Step 8 - Go to the Enterprise Applications blade in Azure to look up the Application and Object IDs (as mentioned above in section 4).
o IMAP > Step 8 - Service Principal ID is the output of the command we list last "Get-ServicePrincipal -Organization | fl" -> Grab the ID field out of the printed result.
o If your mailbox test is working, but project is failing:
• Make sure you have selected OAuth2 for Auth Type on the IMAP Resource.
• Make sure you can generate an Authentication token using the Microsoft OAuth Connector resource test, and paste this token directly into your Retrieve Mail task