Microsoft 365 Token Authentication Manager

Last update:
Created :
Written by Support InfoBridge

Overview

Microsoft will decommission Basic Authentication for EWS. These plans apply only to the cloud-based Microsoft 365/Exchange Online products; there are no changes to EWS capabilities of on-premises Exchange products , more info

The latest information from Microsoft learns that, effective October 1, 2022, they will begin to permanently disable Basic Auth in all tenants, regardless of usage (with the exception of SMTP Auth, which can still be re-enabled after that). More info

Because the Synchronizer uses EWS we have now created a new version which supports the latest OAuth authentication and authorization techniques.

In this new version (From 3.2.314) the administrator will be using the Microsoft 365 Token Authentication Manager to send an invitation to all the users who need to be linked in the Synchronizer. The users can authorize the Synchronizer and as soon as that is done the administrator is allowed to link the user in the Synchronizer.

Preparations

The Synchronizer admin, program and service need to start in Exchange Token mode. This can be done by adding an extra parameter to the start command of the Synchronizer and the Synchronizer admin shortcut. And to the InfoBridge Service in the register.

Synchronizer program and Synchronizer admin. The parameter to use is /ET

The start command in the shortcut properties should look like this:

"C:\Program Files (x86)\InfoBridge\Exchange Online Synchronizer\InfoBridge Synchronizer Administrator.exe" /DC /ET 

Synchronizer Service

In the registry go to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Select the InfoBridge Synchronizer Service and open the ImagePath.
In the Value Data field add the parameter /ET

"C:\Program Files (x86)\InfoBridge\Exchange Online Synchronizer\InfoBridge.Synchronizer.Service.exe" /ET

Microsoft 365 Token Authentication Manager

Start the Synchronizer Admin

Go to User Synchronization Settings

Click on Manage Invites to start the Microsoft 365 Token Authentication Manager
mceclip11.png

All SuperOffice associates will be shown in the Token Manager. Select the users who need to be synchronized. By clicking the 'Send invites to selected users' button, an email can be send to the selected users (to the e-mail address specified in SuperOffice, so make sure these are correct!).
mceclip10.png

In the Invitation mail the administrator can customize the text and add his name in the Your Name section.

Note: The Emails are send from the address noreply@infobridge.com so make sure this address is not classified as spam.

If the administrator wants to inform his users in another way, that is also possible. He just needs to provide the users with the authorization code (in the screenshot above this code is 9rfg8o) and the url to the M365 authorization platform: https://exchangeonlinesync.azurewebsites.net/

mceclip1.png

Click Ok and Yes in the next pop-up
mceclip6.png

The invites are now send to the users
mceclip5.png

From the email the users need to click on the Link 'Click here to register'
mceclip2.png

This will bring them to registration page for the Synchronizer where they can Sign in with their Microsoft 365 account
mceclip13.png

After Signing in the registration is completedmceclip14.png

The administrator is now able to link the users in the Synchronizer admin. 

    • First click the Load External Users button. Note: Only the users who have accepted will be loaded.
    • Choose the SuperOffice associate to link and select the corresponding mailbox
    • Select which items (Diary, Task, Contact) need to be synchronized
    • Click on the Link User button to link
    • Click the Save Added Users button to save the linked user in the SuperOffice database.

Optional

As an optional step you can even choose to delete the online registration data after all users are linked. In the Microsoft 365 Token Authentication Manager you need to click on the Delete Registration button. After this all data from the customer will be deleted from the online database.

Re-authentication

If a user needs to re-authenticate (this can happen when a user has changed their Microsoft 365 password) you can click on Re-authenticate in the User Synchronization Settings panel. You can also setup that re-authentication e-mails are send automatically. You can do this in the Notifications panel.

Troubleshooting

You can see which user(s) have authentication problems in the User Synchronization Settings panel in Synchronizer Admin.

mceclip0.png

In the dropdown menu above the linked users, you can select to see all users, users with errors or users without errors.

mceclip1.png

When you hover over a user with errors, an error message is shown.

NOTE1: The user status is a snapshot from when the Synchronizer Admin has been started. To refresh the user status, a restart of Synchronizer Admin is needed.

NOTE2: Syncing for users with authentication problems will restart automatically once they have
re-authenticated. However, if the synchronizer service was started with users that had authentication problems, a restart of the service is necessary to get these users synced again.