>I think there may also be an option to use a personal token (which may >have to be enabled). I cannot search for it at the moment, but I do >recall seeing some discussion in the Davmail forums about using a token >instead of MFA.
Here is my understanding of the situation. It certainly may be wrong or incomplete. - Aside from username/password, the "normal" way things are authenticated to Office 365 is OAuth (there were other options with older protocols). - The way that works in practice is your application (in this case DavMail) opens up a web browser window, you enter in your second factor, and that gets the OAuth bearer token. - I won't get into the details of the OAuth protocol, but when you get the bearer token incorporated into it is a client software identifier (nmh has one registered for Gmail, for example). So when I run DavMail the authentication succeeds, but it then pulls up a window saying that an administrator needs to enable DavMail to access email for this domain. Clearly someone _registered_ DavMail (it had the DavMail icon and everything), but I don't have the rights to make it work without getting our Office 365 people involved. - In theory you could put any client identifier and secret in there you wanted, so if (for example) you could figure out the client identifier and secret for, say, Outlook for Android you could use that (any Android users want to spend some time trawling through the Outlook client binary??). Although you need to run some app to enable those mobile devices in O365, so maybe something else is needed. I did see some of those messages you were talking about on the DavMail user list, but all of the ones I saw were talking about things like RSA tokens with Exchange (which use the older protocol, not Office 365). What I have seen says for Office 365, you need OAuth and that means you're kind of stuck if your domain doesn't allow the application identified by the OAuth client identifier. Again, I would like to stress that it is entirely possible my information is incomplete or wrong. --Ken -- nmh-workers https://lists.nongnu.org/mailman/listinfo/nmh-workers
