Configuring OAuth2 Token Authentication with Office 365
Last updated: January 2026
Overview
OAuth2 authentication allows VisNetic MailFlow to access Office 365 mailboxes
without storing or using account passwords.
Instead, secure tokens issued by Microsoft are used to authenticate
POP3 or IMAP access.
Note: OAuth2 utilizes tokens in place of passwords to authenticate a user
to an email account. MailFlow automatically refreshes tokens after the initial authorization
process is completed.
TLS Version Requirement
Important: Office 365 requires TLS version 1.2 or higher
for all OAuth2 authentication and mail connectivity.
Systems that do not support TLS 1.2 or higher will be unable to authenticate
or collect mail successfully.
Ensure the operating system hosting the VisNetic MailFlow Application Server
is fully updated and configured to support TLS 1.2 or later.
Older operating systems or unpatched servers may fail authentication
even if OAuth2 is configured correctly.
Prerequisites
- An Office 365 mailbox with POP3 or IMAP enabled
- A Message Source configured in VisNetic MailFlow
- Administrative access to the MailFlow Application Server
- Operating system support for TLS 1.2 or higher
Configuring the Message Source
- Edit the desired Message Source in the MailFlow Administration interface.
- Set the authentication method to Authenticate with Token.
- Select the appropriate Authentication Provider (Office 365).
- Ensure the Username matches the Office 365 login email address exactly.
- Click Save to store the Message Source configuration.
Important: The username defined in the Message Source must match
the Office 365 account username used to log in to Microsoft.
Obtaining the Initial OAuth2 Token
After saving the Message Source, the initial OAuth2 token must be authorized
using the VisNetic MailFlow Administration Tool.
- On the MailFlow Application Server, open the Start Menu.
- Locate the VisNetic MailFlow Administration Tool.
- Right-click the icon and select Run as Administrator.
- Select the configured Message Source from the dropdown list.
- Click the Go button.
Authorizing Access with Microsoft
- Log in using the Office 365 account specified in the Message Source.
- Authorize VisNetic MailFlow to access the mailbox via POP3 or IMAP.
- Once authorization completes, close the browser window.
Testing the Connection
- Return to the Message Source configuration dialog.
- Click Test Login.
- Confirm the test succeeds without authentication errors.
Token Refresh Process
After the initial authorization, VisNetic MailFlow automatically refreshes
access tokens using the provider’s refresh token process.
No further user interaction is required unless permissions are revoked
or security policies change.
Applying to Additional Message Sources
Once you have confirmed successful collection on one Message Source,
repeat this process for each additional Office 365 mailbox.
Troubleshooting Tips
- Verify the server supports TLS 1.2 or higher
- Confirm the username matches the Office 365 login exactly
- Ensure POP3 or IMAP is enabled for the mailbox
- Run the Administration Tool as Administrator
- Review MailFlow logs for authentication or TLS-related errors
Need Help?
If you need assistance configuring OAuth2 authentication or resolving
Office 365 connectivity issues, contact the Deerfield Support team
and we’ll be happy to get you taken care of.
← Back to Knowledge Base
