Registering and Configuring JAMS for Microsoft Office 365 Modern Authentication

Overview

JAMS supports Microsoft Office 365 Modern Authentication for the EWS protocol in the EWS Connection Store object, Connect-JEWS PowerShell cmdlet, the EWSSession Activity in Workflow Jobs, and EWS Mail Triggers. You need to register and configure JAMS as an application within the Azure Portal before you can configure JAMS.

NOTE: Modern Authentication is supported for only EWS within JAMS. IMAP and POP3 are not supported.

Configuring JAMS as an Application in the Azure Portal

To use Modern Authentication in JAMS, get the Azure Directory (Tenant) ID, Azure Application (Client) ID, and Azure Client Secret Value from the Azure Portal. The Client Secret can expire, so configure this as appropriate for your security preferences. When it expires, generate a new Client Secret and update the JAMS Credential.

To register and configure JAMS as an application in the Azure Portal, do the following:

  1. Complete the steps in Register your application to create the Application (Client) ID and the Directory (Tenant) ID.

  2. Complete the steps in Configure for app-only authentication to allow the use of application permissions and to create the Client Secret (Value). These changes may require several hours to take effect.

NOTE: To restrict access to the mailboxes, follow the instructions for Limiting application permissions to specific Exchange Online mailboxes.

Configuring JAMS for Modern Authentication

To configure JAMS, you need the Azure Tenant ID, Azure Client ID, and Azure Client Secret Value.

Adding a JAMS Credential for the Azure Credentials

  1. Click Credentials from the Shortcuts menu.
  2. Click +.
  3. In the Credential Name field, enter a name for the Credential, such as EWSCredential.
  4. In the Logon As field, enter the Client ID.
  5. In the Enter Password and Re-Enter Password fields, enter the Client Secret Value.
  6. In the Edit Credential after adding field, clear the check box.
  7. Click Ok.

Adding a JAMS Credential for the Mailbox

  1. Click Credentials from the Shortcuts menu.
  2. Click +.
  3. In the Credential Name field, enter a name for the Credential, such as EWSMailCredential.
  4. In the Logon As field, enter the email address of the mailbox to monitor.
  5. In the Edit Credential after adding field, clear the check box.
  6. Click Ok.
NOTE: If you are already using Basic Authentication, you should have a JAMS Credential for the mailbox username and password. You will need to reference this in the EWS Connection Store object.

Adding an EWS Connection Store

You can create an EWS Connection for Workflow Jobs, PowerShell cmdlets, or EWS Mail Triggers. This Connection Store will reference both JAMS Credentials.

  1. Click Connection Store from the Shortcuts menu.
  2. Click +.
  3. On the Add a Connection Definition dialog, enter the Name (EWSConnection), Description (Connection for EWS Server), and Type of Connection (EWS).
    NOTE: You can also change the Type of Connection on the Properties tab. If you change it, the Property values are maintained if they exist in the new Connection Type.
  4. Click OK. The Properties dialog is displayed.
  5. Click the Properties tab.
  6. In the Address field, enter the address of the EWS server (outlook.office365.com).
  7. In the Port field, enter the incoming port number for the EWS server.
  8. In the Client Credential, select the EWS Credential previously saved within the JAMS Credential shortcut via the drop-down. This should contain the Client ID and Client Secret Value from the Azure Portal.
  9. In the Tenant Id field, enter the Tenant ID from the Azure Portal.
  10. In the Mail Credentials field, select the Credential previously saved within the JAMS Credential shortcut via the drop-down. This should contain the email address.
  11. Optional - In the Mail Check Interval field, specify a value for Mail Watch Jobs. The default is 30 seconds.
  12. In the SSL Heading field, select any SSL Setting for the EWS server, if needed.

  13. On the Security tab, review the permissions for this Connection.
    NOTE: Ensure the Submit permission is selected for user accounts that will use this Connection.
  14. Click Save and Close.

Updating Mail Triggers

If you use Mail Watch Jobs, you can update them to use the new properties and the EWS Connection Store object.

  1. Click Definitions from the Shortcuts menu.
  2. Create or open a Job.
  3. Click the Schedule tab.
  4. Click + and select Run this job | based on an email, or double-click an existing Mail Trigger.
  5. In the Mail Server field, select the EWS Connection Store object.
  6. In the Mail Credentials field, you can override the target email address in the Connection Store object by selecting a new credential in this field. Otherwise, keep this field empty to use the credential in the Connection Store object.
  7. Make any updates as needed in the Mail Selection section.
  8. Click Save and Close.

Updating PowerShell Scripts

If you use the JAMS Connect-JEWS PowerShell cmdlet, you can update it use the new required properties. The PowerShell cmdlet has a JAMSConnection argument that should be updated to use the EWS Connection Store object. See JAMS PowerShell cmdlets for more information.

Updating Workflow Jobs

If you use EWSSession Workflow activity in a Workflow Job, you can update them to use the new required properties. Specify the EWS Connection Store object in the JAMSConnection field in the EWSSession Activity. To specify the email address, add it to a Credential and select it in the JAMSUsername field or enter it in the Username field. See Workflow Activities for more information.

NOTE: To use this updated EWSSession activity with Modern Authentication, update your JAMS Client and JAMS Scheduler.