Hello, New to Librem 5. Was able to finally sync old hotmail account, but cannot seem able to add my work email…which is vital. It is a Microsoft exchange account, so I cannot use the imap for outlook 365 or outlook….I have tried logging in on web browser to find imap information, and it does not show. Any suggestions???
Is this self-hosted by your work, or Office365 hosted by Microsoft, or Microsoft Exchange hosted by a third party? Or something else?
I have so far avoided ever having to use a Microsoft Exchange client i.e. I use IMAP to access work email - but I think that choice might have to be enabled by the Microsoft Exchange administrator. You will also have to have a client that supports OAuth2 authentication if using Office365. However I’m not doing this (yet) from my Librem 5. This is just Thunderbird on a desktop.
I have tried this also with no real luck. On my full size computers (desktop and laptop) I use Evolution. It connects and works great using this guide:
I have also tried to make Firefox work as it claims to support Oauth2 but no luck yet. I see a bug people are talking about here:
As for my Librem 5. I can add it under settings --> Online accounts, but it doesn’t see to do anything. I tried loading Evolution and it worked but… …the interface is not usable on the L5’s small screen. The best I have done so far is using the web client. The web client seems to work quite well but my battery drains even faster then normal if I keep it open.
I am the admin of our Microsoft account and I have tried enabling IMAP in the settings here but It doesn’t seem to work on any device / application. Perhaps I am just missing something somewhere.
Exchange online settings…
As time allows I’ll continue to do some testing. If you do have any success I would appreciate you reporting it back here, for my benefit.
I do read and write e-mail on y FreeBSD laptops and on the L5 with the MUA mutt using IMAP and SMTP with the following configuration details; maybe you can adjust your MUA with this:
set imap_authenticators="login"
set spoolfile="imaps://username@company.domain.de@pod51010.outlook.com/INBOX"
set folder="imaps://pod51010.outlook.com/"
set imap_user="username@company.domain.de"
set imap_keepalive=120
set record="=Sent"
set postponed="=Drafts"
set smtp_url="smtp://username@company.domain.de@pod51010.outlook.com:587"
my_hdr From: Fullname <username@company.domain.de>
my_hdr Reply-To: Fullname <username@company.domain.de>
mutt is asking for the password on connect with IMAP and on sending with SMTP (only once per session).
1 Like
My guess is Office 365 will only sync with Outlook. If this is your work they should have a browser option.
And another thing, if this is your work they should have issued you a company phone. If they can afford Office 365 they can afford that.
Behold the pain of carrying two phones!
At least if you’re in France you can turn the work phone off after working hours.
I just spent another couple of hours of my life I will never get back trying to make this work. No luck.
When I log in via the web interface. (gear icon) --> view all outlook settings --> Sync email
I see this:
I tried my login as my full email address with my MS password. I also tried enabling two factor auth so I would have the opportunity to make an app password. App password didn’t work either. Different web searches mostly show people never really having success. I did see some other domain server names but they didn’t work for me.
I officially give up. MS sucks, what a surprise.
Are you willing to talk IMAP “by hand”, i.e. something like this
purism@pureos:~$ telnet pod51010.outlook.com imaps
Trying 2603:1036:301:3042::2...
Connected to pod51042.outlook.com.
Escape character is '^]'.
...
If so, I could send you a complete session example and you use it with your credentials and so, to see what the server replies.
True, sure.
1 Like
Hi adamd,
Mustn’t the device (the L5) not be authorized at the MS ESX server (as a known device)?
By Firefox did you mean Thunderbird?
I can assure you that Thunderbird (I’m using version 102.x) works using OAuth2 authentication and IMAP to Office365. I am doing it every day.
Fortunately I am not the admin of anything Microsoft, so unfortunately I cannot tell you what settings are needed to make IMAP and OAuth2 work on the server side.
A recent new, exciting Microsoft bug however means that you will need to disable IPv6 in Thunderbird in order for it to work with Office365 (if IPv6 is even relevant in your environment - it is in mine).
Yes, I think this might be needed. The first time Thunderbird tries to use OAuth2 it sees that it has no token so it launches a web window to login to Office365 - and for that to succeed (for me) requires the Microsoft Authenticator app (on a burner phone). However that is a one-off. Once T’bird has the token, login should continue to work without launching a web window or involving the app.
You should probably have 2FA enabled anyway.
For 2FA, yes, I believe so. I’m not (yet) attempting to use my Librem 5 for that. (It was so long ago that I did that that I can’t remember the process. I suspect just the standard scanning of QR code in order to load a shared secret and then the app takes care of the rest of it.)
1 Like
OWA — Outlook Web Access
That IMAP setting looks correct. That is exactly what I have configured in Thunderbird. And then full email address as username.
I don’t know how you are set up but we are set up so that username and password authentication is sent back to our internal systems for verification. (I have no idea how that works though.)
1 Like
It’s likely your work is configured like we’re configured at my work with only modern clients supported. From my experience that tends to just be Outlook and the native iOS app. I just use OWA in Linux, it’s good enough for me. If you ask really nicely, you might be able to convince your Exchange admin to enable IMAP on your account. They may say no; I probably would, but it all depends on your admin’s mood and the regulatory requirements your business is under.
1 Like
That may be the way that Microsoft bullshitly phrases it.
Bottom line is as you say: Unless the admin specifically enables IMAP and SMTP, you won’t be able to use it in clients. But this guy is the admin. (The Microsoft admin at my work has enabled the standard protocols and they work fine with Office365.)
Yes, OWA works adequately for me (for the relatively few occasions that I use it instead of Thunderbird). The two negatives that I see with using OWA are:
- OWA requires 2FA. I can use Thunderbird without using 2FA - other than that one needs to use 2FA as a one-off to get the token for Thunderbird to use OAuth2 authentication. On the other hand, OWA requires 2FA to log in every time. (This is probably something specific to our configuration, so may not apply to all configurations.) 2FA is a bit squiffy in the original context of doing this from a phone.
- OWA is less responsive. There’s too much crap going back and forth on the internet, compared with a purely local client (apart from downloading emails of course). OWA is certainly usable - I can get the job done - but I never look forward to using OWA.
2 Likes
One of the things at my former job was “yes” you can use your personal phone at work with Lookout, but you needed to install an “app”. The “app” could also brick your phone for infractions, like using it in their warehouse.
1 Like
Yes, they work fine. The reason I would say no if I were your admin is because we’re worried about things like data exfiltration and removing a user’s access to the data when they leave the company. The “modern” apps have better hooks and controls that, along with MDM and/or DLP, allow us to remove your access to the data when you’re no longer at the company and reduce your ability to share it with unapproved people.
I could enable my account for IMAP and SMTP, but I refuse to give myself (many) benefits that my users don’t have. That would be a bit hypocritical :).
1 Like
And that’s fine but this guy is the admin. So the problem is not a policy decision by the admin but some opaqueness in Microsoft software that is preventing him getting it configured successfully.
1 Like
Fair enough, I obviously missed that. My bad. If IMAP is enabled both in Exchange and on his mailbox, then OP should put a ticket in with MS, since something is definitely off.
1 Like
Thank you everyone for your input. From the parts I could understand, I will be trying some things. For now, I just have to tether my iPhone for work email. I currently work on call and often miss the call in so I rely on the email to accept the job quickly.
Ive had to swap to a different phone for now…sad but the phone is just not usable at the moment for me. I need phone, email and text to work. The cellular connection goes down without notice and I miss work calls…the email does not refresh enough (or have manual refresh) so I miss work offers, I cannot add my work email so I cannot use it on jobs, I click on an email in my inbox and drafts opens instead of the email. Two calls come in at once, and both hang up. I answer the phone and it keeps ringing, etc etc. I really love my Librem 5 for so many reasons, but it just unusable currently.
3 Likes
Maybe this annoucement can help :
https://blog.thunderbird.net/2023/01/important-message-for-microsoft-office-365-enterprise-users/
1 Like