Microsoft guide for developers
⛔️ As of October 1, 2022, Microsoft has deprecated Basic authentication support for all Exchange Online accounts. For more information, see Nylas' Microsoft Exchange Online Basic authentication changes guide.
If you're a developer, there are a few things you can do to make sure your organization gets the most out of Nylas. This page explains recommended setups, best practices, and some basic troubleshooting for working with Microsoft accounts.
Choose an authentication method
Your end users will need to authenticate with your Microsoft application, so you must choose an auth method. You can choose to have Nylas handle the authentication flow using Hosted authentication, or build your own login portal with Native authentication to fully customize the experience.
When you've decided on an auth method, you can choose how to collect your end users' information. Microsoft offers two authentication methods:
- Modern Authentication/OAuth
- (Not supported for Exchange Online accounts) Basic Authentication
Nylas recommends reading about both options to determine which works best for your organization.
Microsoft Basic authentication
Nylas recommends you keep the following things in mind when working with Microsoft Basic authentication:
- You don't require an Azure application for Basic auth.
- Basic auth uses your end users' account username and password to authenticate them.
- If you have two-factor authentication (2FA) enabled, your end users must provide their app password instead of their account password. This is required by Microsoft for enhanced account security.
- If you're trying to enable an account from one of the following Microsoft providers, you must use Basic auth:
- Office 365
- Outlook
- Live
- Hotmail
- If an end user's account is sourced from Active Directory (AD), you can use Microsoft's Modern Authentication or OAuth. Check with your system Administrator to verify account types.
Microsoft Service Accounts
You can use Microsoft Service Accounts to make and authorize calls to the Nylas API for applications or cloud provider compute workloads. When working with Service Accounts, keep the following things in mind:
- You must use Native authentication.
- Be sure to invite Nylas to your Azure app to help with any troubleshooting you might need to do.
Microsoft provider limitations
You should keep in mind the following limitations when working with Microsoft accounts:
- Modern Authentication/OAuth with Nylas' Native and Hosted auth works with Office 365 accounts only. If you want to use either of these methods, you must complete the following tasks:
- Create an Azure provider auth app.
- Invite Nylas to your Azure app.
- Publish your Azure app and complete Microsoft's domain verification process.
- Become a Microsoft verified publisher.
Office 365 limitations
Keep the following limitations in mind when working with Office 365 accounts:
- Your end users cannot use email aliases. They must use their actual email address.
- If an email account uses two-factor authentication (2FA) or multi-factor authentication (MFA), the end user must enter their app password instead of their account password. This is required by Microsoft for enhanced account security.
- If your application uses Exchange Web Services (EWS) scopes and Nylas cannot connect to the app, it falls back to using Exchange ActiveSync (EAS). For more information, see How to detect mobile device management issues for EAS.
Exchange limitations
If your application requires access to contacts, you must use EAS, and the Contacts scope must be enabled for both Nylas and your Azure project.