Knowledgebase : Technical, Configuration and Devices > Email

Microsoft now requires third-party applications, that want to import emails from a Microsoft 365 (Office 365) IMAP service, to use an access token for authenticated connection requests. Basic Authentication, which uses a Username and Password, is no longer supported by Microsoft.  The Incisive application will automatically recognise whether the Microsoft account is configured to only allow ‘Managed Authentication’ connections.

You need to register the Incisive application in your Azure Active Directory tenancy, that hosts your Exchange Online and grant it permissions. The AppID and Secret Value, of the app you register, are required for SPM/PHM to access the Microsoft 365 account.

The steps required are:

  • Register the ‘Message Centre’ as an App

  • Assign Users & Groups to the App

  • Assign Permissions to the App

  • Create a Secret

  • Enter the App ID and Secret into the Incisive program

Detailed instructions to configure the Azure portal are available from:

https://incisivesupport.com/docs/Microsoft365_OAuth2_Config.pdf

Microsoft have started closing access to Office365 email accounts for third-party products that use the IMAP protocol to view emails in the Incisive products, such as 'Specialist Practice Manager' (SPM) and 'Private Hospital Manager' (PHM).  This does not affect your ability to view emails directly in Outlook.

If you are no longer able to import your Office365 emails into the Message Centre, you can configure a temporary work around from Microsoft, which will extend the service until the end of December 2022.  We expect to be able to provide an update for SPM/PHM before then which will provide the required 'Modern' (OAuth 2.0) authentication functions.

The Microsoft workaround, the 'Enable Basic Auth once only' article, is available at https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437

The following information is for your IT technician.

To invoke the self-service diagnostic, you can go directly to the basic auth self-help diagnostic by simply clicking on this button (it’ll bring up the diagnostic in the Microsoft 365 admin center if you’re a tenant Global Admin):

thumbnail image 1 of blog post titled 			 																													Basic Authentication Deprecation in Exchange Online – September 2022 Update

Or you can open the Microsoft 365 admin center and click the green Help & support button in the lower right-hand corner of the screen.

thumbnail image 2 of blog post titled 			 																													Basic Authentication Deprecation in Exchange Online – September 2022 Update

thumbnail image 3 of blog post titled 			 																													Basic Authentication Deprecation in Exchange Online – September 2022 Update

When you click the button, you enter the self-help system. Here you can enter the phrase “Diag: Enable Basic Auth in EXO

The protocol you want to enable is IMAP.

Note - Microsoft have now deprecated the ability to connect to IMAP services using PLAIN authentication.

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.

There is a alternative security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Microsoft account.

Microsoft have a Knowledgebase article on adding App Passwords https://support.microsoft.com/en-us/account-billing/create-app-passwords-from-the-security-info-preview-page-d8bc744a-ce3f-4d4d-89c9-eb38ab9d4137

The basic steps are:

  1. Login to your Microsoft account
    https://myaccount.microsoft.com/

  2. Add a new App Password in the Security Info section



  3. The App Password is then automatically generated.  Copy & save the password as you won't be able to view it again.


  4. Use the password for the SMTP Authentication field in Setup > Provider > Email

You can add 'alias' email accounts to Gmail and Office mailboxes, without them costing anything.  The incoming emails, addressed to the alias accounts, will all appear in the main mailbox account.

The MFA function for Incisive inCLOUD requires a unique email address for each inCLOUD account and if you don't have individual practice emails or you don't want to use a personal email, you can easily create additional alias accounts.

Google Gmail

Send emails from a different address or alias - Gmail Help (google.com)

How to set up Gmail or Google Workspace (G Suite) aliases – cloudHQ Support

Microsoft Office

Add another email alias for a user - Microsoft 365 admin | Microsoft Docs

See Sending emails using Apple's SMTP service for icloud.com or me.com email accounts.

If you are using Apple's icloud.com or me.com SMTP service to send emails from Incisive applications, you will need to create an 'App-Specific' password to use for the Authentication password.

In Apple's words "App-specific passwords are passwords for your Apple ID that let you sign in to your account and securely access the information you store in iCloud from a third-party app. For example, use app-specific passwords with mail, contacts, and calendar services not provided by Apple."

https://support.apple.com/en-us/HT204397

If you follow the links in the above page and log into your apple account you can find the option to Generate Password...  for App-Specific Passwords.

5Y9znGE2uBwAAAAASUVORK5CYII=

You can have up to 25 App-Specific passwords.

The SMTP settings you need to use are available for your icloud.com or me.com email address from the following URL

https://support.apple.com/mail-settings-lookup

Microsoft and Google are changing the connection requirements for third-party applications (like Incisive) to send emails through their SMTP (out-going) email services.  These connections now require a token to be requested and passed back to Incisive application, instead of just requiring your encrypted login & password, for the Microsoft & Google services to allow the email to go through.

Previously, Gmail had an option to allow 'less secure' applications to send emails through their SMTP service, however this option has now been disabled.  There is a different security option called 'App Password' which may work for you, but is only available if you have 2FA authentication enabled on your Google account.

Google Support provides the following knowledgebase article https://support.google.com/accounts/answer/185833?hl=en