How to determine if an Exchange account should use Basic or Modern authentication and if they must Migrate.

Alex Petersen
Alex Petersen
  • Updated

We have an API endpoint that will try to detect what authentication method should be used with Nylas.   

The documentation for that endpoint is here: https://developer.nylas.com/docs/api/#post/connect/detect-provider

 

There are three possible results for mailboxes hosted on Exchange servers.

 

1: The detect-provider endpoint returns "Office365" as the provider. This mailbox should use Office365 to authenticate. If it is currently connected using Password authentication (See next section), this user needs to re-authenticate with Nylas using Office365 as the Provider. This will connect the Nylas account using Microsoft's Modern OAuth authentication.  Make sure you have a working Azure app integration first (See https://developer.nylas.com/docs/the-basics/provider-guides/microsoft/create-azure-app/)

 

2: The detect-provider endpoint returns "Outlook" as the provider. This mailbox is a Personal or Family  Microsoft account and should continue to use Basic authentication. Microsoft's Basic authentication depreciation will not affect this account. This user should authenticate using "Outlook" with Nylas.

 

3: The detect-provider endpoint returns "detected=false" This indicates that the domain is not managed by an OAuth provider like Gmail or Microsoft Office365. The user should either authenticate with "Exchange" Provider or "IMAP" and should check with their email administrator to confirm. There is no way for Nylas to determine if a mailbox should use Exchange or IMAP since both providers do not publicly reveal themselves like OAuth providers do.

 

Determining if a Nylas account needs to migrate from Basic to Modern Authentication.

You can query our account API endpoint to determine if an account is connected with a password-based authentication or an OAuth-based authentication. Our documentation is located here: https://developer.nylas.com/docs/api/#get/a/client_id/accounts/id

 

Please note that the application-based account endpoint will not reveal this information. Only the API endpoint linked in that document will reveal the correct information.

1: The account endpoint returns "authentication_type=token" This account is connected via OAuth such as Microsoft Modern/Office365 or Gmail

2: The account endpoint returns "authentication_type=password" This account is connected via a password-based authentication like IMAP or Microsoft Basic/Exchange.

 

If you find a Nylas account that is returning a provider of "Office365" from the detect-provider endpoint and "authentication_type=password" from the account endpoint, this Nylas account needs to migrate to Microsoft Modern authentication or risk getting disconnected by Microsoft. Please have the user re-authenticate through Nylas and ensure they select "Office365" as their provider.

Once they do so, the Nylas account will automatically migrate to using Microsoft Modern authentication and will no longer be at risk for being disconnected by Microsoft.

Moving forward, they will continue to use Office365 for authentication and will be blocked from going back to Exchange/Microsoft Basic.

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.