Need help - can't get Office365 connection to work at all

[davepusey]

I have been struggling to get it to connect to my Office 365 mailboxes, both with the windows exe and the online version. I have confirmed that IMAP is enabled for the users.

Host2: connecting and login on host2 [outlook.office365.com] port [993] with user [****]
Host2 IP address: 2603:1026:c06:141a::2
Host2 banner: * OK The Microsoft Exchange IMAP4 service is ready. [TABPADQAUAAxADIAMwBDAEEAMAAyADMAMwAuAEcAQgBSAFAAMQAyADMALgBQAFIATwBEAC4ATwBVAFQATABPAE8ASwAuAEMATwBNAA==]

Host2 capability before authentication: IMAP4 IMAP4rev1 AUTH=PLAIN AUTH=XOAUTH2 SASL-IR UIDPLUS ID UNSELECT CHILDREN IDLE NAMESPACE LITERAL+ AUTH
Host2 info: authmech [LOGIN] user [****] authuser [] IsUnconnected []
Host2 failure: Error login on [outlook.office365.com] with user [****] auth [LOGIN]: 2 NO LOGIN failed.
Host2: failed login on [outlook.office365.com] with user [****] auth [LOGIN]

[gilleslamiral]

Have you followed
https://imapsync.lamiral.info/FAQ.d/FAQ.Office365.txt
...

R2. Enable double-step authentication and configure it but after use 
an "app password" with imapsync. Details:

a) Go to 
https://account.microsoft.com/security

b) Click on "Advanced Security Options"
Turn "Two-step verification" on. Follow the steps and finish".

c) Then now "App passwords" is available.
Click on "Create a new app password". 
Use this password to authenticate with imapsync.

d) Delete this app password when the job with imapsync is finished.

R3. Also, check a license is assigned to that account in Office365.

R4. Microsoft introduced something called "security defaults" which is enabled
by default for new tenants. One of the rules blocks IMAP access as of imapsync.

The funny thing is that you can't disable a single rule of this 
security package without buying additional licenses.
Switching the whole thing off allows the IMAP login.

Also, disable double-step authentication on the Azure/Active Directory portal.
See here:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Thanks to Stephan Buhre for this R4 answer.

R5. Are there special characters in the password?
    https://imapsync.lamiral.info/FAQ.d/FAQ.Authentication_failure.txt
    https://imapsync.lamiral.info/FAQ.d/FAQ.Passwords_on_Windows.txt
    https://imapsync.lamiral.info/FAQ.d/FAQ.Passwords_on_Unix.txt
    https://imapsync.lamiral.info/FAQ.d/FAQ.Passwords_on_Mac.txt

R6. Triple check the hostname then. Try all of these:
 * outlook.office365.com
 * imap-mail.outlook.com
 * imap.outlook.com

[davepusey]

I had created an app password, and security defaults are already off.

I have now figured out the issue.

Despite the MS365 and EXO admin centers showing that IMAP and Basic Auth were all enabled, it turns out that in Oct 2021, Microsoft began disabling basic auth for all tenants that had have never used it by that point. There was an item in my Message Center from that date saying my tenant was being done.

You can re-enable it for specific protocols (IMAP in this case) using the diagnostic process detailed at https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/bc-p/2782230 (see the section "Limited Opt Out")

I am now able to sync GMail>MS365 using imapsync!

[gilleslamiral]

Thanks Dave! I have updated the FAQ with your input verbatim:
https://imapsync.lamiral.info/FAQ.d/FAQ.Office365.txt
...

R4. From Dave Pusey 
https://github.com/imapsync/imapsync/issues/317#issuecomment-1027776418

[adrensnyder]

Thanks Dave! I have updated the FAQ with your input verbatim: https://imapsync.lamiral.info/FAQ.d/FAQ.Office365.txt ...

R4. From Dave Pusey 
https://github.com/imapsync/imapsync/issues/317#issuecomment-1027776418

Sorry but this don't work anymore. When i try to do it in a tenant that already exist i get this:

Basic Authentication Deprecation in Exchange Online – Time’s Up
Sorry, you cannot re-enable Basic authentication for Exchange protocols anymore. You will have to work on guidance in the article linked below to upgrade your client applications to utilize Modern authentication to connect to Exchange online. For current information on this initiative, see our latest blog post at: [Basic Authentication Deprecation in Exchange Online – Time’s Up - Microsoft Community Hub](https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-time-s-up/ba-p/3695312) - and for technical guidance, please refer to: [Deprecation of Basic authentication in Exchange Online | Microsoft Learn](https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online)

I'm trying to use the "App password" but get always login failed. Now i will try the MUTT script with the token. Bad thing is that i can't change the expire time of this ticket :-(