Therefore, we need to set up the account and correct settings afterwards.
Note: Configure manually would be the place you expect to set authentication to OAuth2 straight away, but with the build we used, the OAuth2 option is not available from the manual account setup dialog. We can’t select OAuth2 for authentication here, so leave Authentication as is we will correct this right after we click Done.
If Thunderbird can’t figure out your settings (for some reason the Windows build could, but the Ubuntu build couldn’t), configure them as indicated above. When it properly discovers the mailbox location, it will set the configuration as follows: Press Continue to have Thunderbird figure out where your mailbox is hosted.
You can leave the password empty, as we will be using an Oauth token which we will retrieve later on. Select Add Mail Account, and enter your name and e-mail address. We can now set up our account in Thunderbird. In the settings overview, set setting to True: Preference NameĬlose the Config Editor and Preferences tab. Scroll all the way down, and open the Config Editor.
Click the ‘hamburger’ menu to open the Options window. Do not start configuring the account yet, as we first need to modify a Thunderbird setting to allow for successful Modern Authentication through a browser popup. Read and write access to mailboxes via SMTP AUTH. Read and write access to mailboxes via POP. Read and write access to mailboxes via IMAP. Use Conditional Access to restrict access to certain locations.Īnother thing to note is that permissions for Thunderbird app will have been translated to the following Graph permissions: API.Restrict access to specific users or groups.Here you can further customize it, like any enterprise application supporting Modern Authentication, e.g. When you look at the Enterprise Applications blade in the Azure Portal, you will notice the Thunderbird app has been added. Because the redirect_uri is empty here, you will likely be send to a non-existing location after giving consent, but that’s OK. You will be greeted with a consent form, in which you will be asked to accept for your organization. Open your browser, and visit this URL as an administrator. As we can see in the table below, the ID of Thunderbird is 08162f7c-0fd2-4200-a84a-f25a4db0b584. Replace with the Application ID (sometimes also referred to as Client ID) of the application you want to provide consent for.This piece of information can be found under the Azure Active Directory blade in the Azure portal. To construct the consent URL, take the following URL: The easiest way to add Thunderbird to the allowed applications and grant consent to the organization, is by constructing an admin consent URL.
So, how to go ahead if your organization restricts access to third party applications, and they only want to allow specific applications, which is of course good practice. This process has been blogged about for common popular applications, such as the native iOS Mail app or the Gmail app on Android. The procedures below have been run against Thunderbird 78.0b4 on Windows as well as Ubuntu.īefore we move on to Thunderbird, we first make sure the organization settings allow for third party applications to access your mailbox Exchange Online. That said, in this article I will show you how to approve usage of a popular 3 rd party e-mail application Thunderbird, using IMAP protocol in conjunction with the Modern Authentication scheme. resistant to password spray attacks), as well that it can leverage Microsoft 365 functionality like Conditional Access to limit protocols to certain locations. The benefits of Modern Authentication are of course that it is a more secure model (e.g. That does not mean however developers and organizations can sit back and relax: Act sooner rather than later, the end of Basic Authentication is nigh. With Modern Authentication available, vendors, developers as well as organizations running custom scripts are given time to adopt Modern Authentication where applicable.īy delaying the original end date of Basic Authentication from Octoto Q3’ish 2021 due to the Corona situation, the adoption period is increased significantly. This support was much needed with the imminent deactivation of Basic Authentication. Not too long ago, the Exchange product group enabled Modern Authentication (or OAuth2) support for IMAP and SMTP in Exchange Online, and shortly after for POP3 as well.
Update 22feb2021: Added note about enabling SMTP Authentication.