Directory Services Integration with Office 365 (Microsoft 365)

In order for a Mailstore user to be able to authenticate in the archive (e.g. through the Outlook add-on) using O365 modern authentication, Mailstore has to be able to synchronize user data from O365. User data in O365 is stored within AAD (Azure ActiveDirectory). Enabling the synchronization is a complex process with many steps, but it is not difficult to do. (This article is  in part based on an original Mailstore Server KB article.)

Registering MailStore as an App in Azure

Sign in to the Azure Portal as a Global Administrator for your Microsoft 365 tenant.

In the navigation menu (☰), select the option Azure Active Directory.

image-1612984909982.png

On the next page, select App registrations in the Manage section of the left navigation menu.

image-1612984947919.png

Select New Registration. The Register an application page appears.

In the Name field, enter a display name, e.g. MailStore. Click on Register. 

image-1612984960262.png

You'll be presented the registered application page. Keep it open, you'll need the following information from it: Name, Application (client) ID, Directory (tenant) ID

image-1612985025941.png

Creating Credentials in MailStore

Log on to MailStore Client as a MailStore Server administrator. Check the first two sections of this article to see how.

Click on Administrative Tools > Users and Archives > Directory Services.

In the Integration section, change the directory service type to Microsoft 365 (Modern Authentication).

In the Connection section, click on the button (…) next to the Credentials drop-down list.

In the Credential Manager that appears, click on Create…

In the Azure AD App Credentials dialog, enter the following information in the Settings section: Name,  Application (client) ID, Directory (tenant) ID based on the Registered app within Azure.

In the Authentication section, click on the drop-down button next to the Certificate text box und select Download Certificate. Save the certificate on your hard drive.

Confirm your entries by clicking OK.

image-1612985169961.png

Close the Credential manager and choose the newly created credentials from the drop-down.

Publishing Credentials in Azure

Switch to the Azure AD app overview page in your web browser.

image-1612985459928.png

Select Certificates & secrets in the Manage section of the left navigation menu.

Click on Upload certificate in the Certificates section. Select the certificate file that you have saved previously and upload it to Azure AD by clicking Add.

image-1612985468040.png

The certificate is uploaded: