Knowledgebase : Technical, Configuration and Devices > Email
Sending emails using Microsoft365 (Office365)

Emails can be sent through Office365 email servers using either:

  • Authenticated Client SMTP, or
  • SMTP Relay (using an Outlook connector)

Authenticated Client SMTP is the preferred option. SMTP Relay may be deprecated by Microsoft

Authenticated SMTP

Authenticated SMTP requires authentication to be enabled at the Microsoft 365 Tenant and the Mailbox level.  It is now enabled by default.

The per-mailbox setting to enable (or disable) SMTP AUTH is available in the Microsoft 365 admin centre or Exchange Online PowerShell.

  1. Open the Microsoft 365 admin center and go to Users > Active users.
  2. Select the user, and in the flyout that appears, click Mail.
  3. In the Email apps section, click Manage email apps.
  4. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled.
  5. When you’re finished, click Save changes.

In SPM/PHM configure the options in Setup > Provider > Email   (for each Provider)

SMTP Server Settings

SMTP Server Name:    smtp.office365.com (or outlook.office365.com)
SMTP Encryption:       TLS
SMTP Server Port:      587  (needs to be an open Outgoing port)

Account Authentication

SMTP Authentication required
Authentication Method:     AUTO or LOGIN
Account Username:          The email address of a user account
Account Password:           The password for the user account

Note:

Enable SMTP AUTH for specific mailboxes

The per-mailbox setting to enable (or disable) SMTP AUTH is available in the Microsoft 365 admin center or Exchange Online PowerShell.

  1. Open the Microsoft 365 admin centerand go to Users > Active users.
  2. Select the user, and in the flyout that appears, click Mail.
  3. In the Email appssection, click Manage email apps.
  4. Verify the Authenticated SMTPsetting: unchecked = disabled, checked = enabled.
  5. When you’re finished, click Save changes.

 

SMTP Relay

In SPM/PHM (release 409.6 or newer) configure the options in Setup > Provider > Email   (for each Provider)

SMTP Server Settings

SMTP Server Name:    <your-domain>.mail.protection.outlook.com
SMTP Encryption:       TLS
SMTP Server Port:      25  (needs to be an open Outgoing port)

Account Authentication

SMTP Authentication NOT required

Troubleshooting

  • Use the Check Connection and Send Test Email.
    Look at the log as it will explain the problem.  Scroll to the bottom of the log for the most recent entry.
  • Check port 25 or 587 are open  (Use Telnet if you are not sure)
  • Check .NET Framework 4.8 or newer is installed.
  • Get your Office365 administrator to go to the Azure Active Directory and check the Sign-In logs to view the connection attempts.

Microsoft365 Managed Authentication for importing emails

Microsoft now requires third-party applications, that want to import emails from a Microsoft 365 (Office 365) IMAP service, to use an access token for authenticated connection requests. Basic Authentication, which uses a Username and Password, is no longer supported by Microsoft.  The Incisive application will automatically recognise whether the Microsoft account is configured to only allow ‘Managed Authentication’ connections.

You need to register the Incisive application in your Azure Active Directory tenancy, that hosts your Exchange Online and grant it permissions. The AppID and Secret Value, of the app you register, are required for SPM/PHM to access the Microsoft 365 account.

The steps required are:

  • Register the ‘Message Centre’ as an App

  • Assign Users & Groups to the App

  • Assign Permissions to the App

  • Create a Secret

  • Enter the App ID and Secret into the Incisive program

Detailed instructions to configure the Azure portal are available from:

https://incisivesupport.com/docs/Microsoft365_OAuth2_Config.pdf

Using Microsoft App-Password option

Note - Microsoft have now deprecated the ability to connect to IMAP services using PLAIN authentication.

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.

There is a alternative security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Microsoft account.

Microsoft have a Knowledgebase article on adding App Passwords https://support.microsoft.com/en-us/account-billing/create-app-passwords-from-the-security-info-preview-page-d8bc744a-ce3f-4d4d-89c9-eb38ab9d4137

The basic steps are:

  1. Login to your Microsoft account
    https://myaccount.microsoft.com/

  2. Add a new App Password in the Security Info section



  3. The App Password is then automatically generated.  Copy & save the password as you won't be able to view it again.


  4. Use the password for the SMTP Authentication field in Setup > Provider > Email
Email Alias accounts

You can add 'alias' email accounts to Gmail and Office mailboxes, without them costing anything.  The incoming emails, addressed to the alias accounts, will all appear in the main mailbox account.

The MFA function for Incisive inCLOUD requires a unique email address for each inCLOUD account and if you don't have individual practice emails or you don't want to use a personal email, you can easily create additional alias accounts.

Google Gmail

Send emails from a different address or alias - Gmail Help (google.com)

How to set up Gmail or Google Workspace (G Suite) aliases – cloudHQ Support

Microsoft Office

Add another email alias for a user - Microsoft 365 admin | Microsoft Docs

Sending emails using Apple's SMTP service for icloud.com or me.co...

See Sending emails using Apple's SMTP service for icloud.com or me.com email accounts.

If you are using Apple's icloud.com or me.com SMTP service to send emails from Incisive applications, you will need to create an 'App-Specific' password to use for the Authentication password.

In Apple's words "App-specific passwords are passwords for your Apple ID that let you sign in to your account and securely access the information you store in iCloud from a third-party app. For example, use app-specific passwords with mail, contacts, and calendar services not provided by Apple."

https://support.apple.com/en-us/HT204397

If you follow the links in the above page and log into your apple account you can find the option to Generate Password...  for App-Specific Passwords.

5Y9znGE2uBwAAAAASUVORK5CYII=

You can have up to 25 App-Specific passwords.

The SMTP settings you need to use are available for your icloud.com or me.com email address from the following URL

https://support.apple.com/mail-settings-lookup

Using Google App-Password option

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.

Previously, Gmail had an option to allow 'less secure' applications to send emails through their SMTP service, however this option has now been disabled.  There is a different security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Google account.

Google Support provides the following knowledgebase article https://support.google.com/accounts/answer/185833?hl=en