TB no longer working with Outlook server
So I've been a happy TB user for years, but then one day my company decided to outsource email to Micro$oft.
Still, TB could talk with the Office365 server and things were still good. But suddenly about a month ago, I could no longer connect and get email using TB, only receiving the error:
Login to server outlook.office365.com with username me@my-company.com failed.
The problem seems to be that my company now requires Microsoft MFA via a cellphone running MS's Authenticator app, and TB doesn't(?) support that.
My server settings are: IMAP, outlook.office365.com, port 993, connection security is SSL/TLS, and authentication method is 'normal password'. Outgoing email is via smtp.office365.com, port 587, authentication method is 'normal password', and connection security is STARTTLS.
I've asked the company IT services group about creating an app password, but they have a policy against that. Basically, their position is that they "don't support Thunderbird". Of course, I'm not asking them to support an app, just an 'effin password.
I know of at least two other TB users who are stuck on the same problem, and I think we're not alone.
Question: is there any hope? Needless to say, I REALLY DO NOT want to use Mi¢ro$oft.
Setup: Thunderbird v 102.1.2 64-bit installed on Windows 10.
All Replies (14)
Hello
Can't you give a shot to using OAuth2 ? for example (I found it on the Net): https://uit.stanford.edu/service/office365/configure/thunderbird-oauth2
HTH
Thanks for the pointer, @gp.
I tried that and it opened a browser window to send a request to the company admin for approval of authentication. However, I'm doubtful they will do that.
Any other ways around this?
The browser window does not send a request to a company admin, it is sending a request to a fully automated process to generated a oauth token based on your username/password. At least that's what I have used with Google Oauth. Other than my connection using Google rather than Microsoft, the parameters are the same. If you can post a screenshot of your browser window (scrubbing personal detail), it would be useful to understand what is happening.
Thanks. Here's what the authentication screen looks like...
Also, I get an email from <azure-noreply@microsoft.com> that says:
Thunderbird access request received
Your request has been received. Details of your request are below.
Requested app: Thunderbird Status: submitted Request date: October 14, 2022 Expiration date: October 16, 2022
How should I proceed?
I would suggest this is your company trying to restrict what apps you can use.
Yep, the company is trying to do that — because they are paranoid about security and don't want to "support" Thunderbird —, so my question is: whether and how can I work around their attempts to push me onto Microsoft?
Not sure about that, but can you login in your Microsoft account ? if yes, can you access the screen attached to the solution post in this thread:
@gp, I have tried that but the Password page on the MS Account site just says:
You can't change your password here.
Your organization doesn't allow you to change your password on this site.
I asked the IT services ppl about creating an app password for use with TB, but they had no idea what I was talking about.
Other solutions?
Do you have 2 steps auth turned on or off ? if yes you should have the app password button below, as in the attached screenshot.
I do have 2FA enabled via the Authenticator app on a cellphone, but it wasn't my choice.
I don't see the screen you are posting anywhere via my MS account page.
Their UI is a rats nest, so I'm going to need an exact path to the page you are talking about.
The path is Security (in the upper ribbon), then click in Advanced security. See attached screenshot. About the account configuration, as I don't manage an enterprisey Office 365 configuration, I have no access to one myself, but I found a post from an admin doing this very task on the Net here:
Note that I have removed the https : // because I noticed that posting an URL causes huge delays in post display, so do the right thing and create the correct URL yourself :-)
@gp, thanks for clarifying. I guess I've got the enterprise version, or MS changed their UI (they seem to do this continuously, as pretty much all documentation I find for MS UIs seems incorrect), but in any case there are no similar options, and no "Advanced security options". I can choose the MS Authenticator app or choose to have authentication via a cellphone, but that is all.
It looks like there is just no way to create an app password. Idk if this is the same at Oauth2, but in any case it's been locked down and I can't change anything there.
Other options?
I was looking at something called DavMail, but I don't know if it will work for me, and I haven't been able to make it launch due to the usual JRE/JDK chaos. The Java problems can be sorted out, I assume.
No, the app password allows you to use your mail client with a normal password. Since your organization don't allow you to create one, this can't go forward. Unfortunately, I can't help you with OAuth2 and Outlook 365 since I have only a free account and this feature is not available here.
From this:
www.codetwo.com/kb/resolving-need-admin-approval-error/
particularly the 'Allowing users to choose if an app can access organization's data' part, it seems that indeed your org has changed the default office 365 admin settings to disallow users from allowing oauth2 by themselves.
Thanks, @gp, for this pointer. Meanwhile, I've found a couple of other colleagues are in the same boat with TB, so we are cogitating.
I'm now wondering about possible workarounds like DavMail, and if anybody on this forum has experience with them?