# IMAP - Microsoft 365 - Setup Account Mitto uses OAuth 2.0 to gain access to the contents of your Microsoft 365 or Outlook.com mail. This requires the creation of an "app" in Azure Active Directory that will act on your behalf. Once the app has been created, the credentials associated with the app are used to authenticate Mitto to Microsoft when your IMAP job(s) run. Microsoft documentation describing how to do this can be found [here](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#register-your-application) and [also here]( https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app). .. |register| image:: assets/m365-setup-account__register.png .. |overview| image:: assets/m365-setup-account__overview.png .. |secret-1| image:: assets/m365-setup-account__secrets-1.png :alt: client secret .. |secret-2| image:: assets/m365-setup-account__secrets-2.png :alt: client secret .. |permissions-1| image:: assets/m365-setup-account__permissions-1.png :alt: permissions .. |permissions-2| image:: assets/m365-setup-account__permissions-2.png :alt: permissions .. NOTE:: You only need to create one "app" within Azure AD, regardless of the number of IMAP jobs you wish to create. ## Prerequisites 1. An Azure account that has an active subscription. 1. The account must have an administrator, or developer role assigned to it. ## Register an Application in Azure AD 1. Signin to the [Azure Portal](https://portal.azure.com). 2. If you have multiple tennants, ensure that you are in the correct tennant. 3. Search for and select "Azure Active Directory". 4. Navigate: `Manage --> App registrations --> New registration` 5. Select the correct account type. |register| 6. Click `Register` 7. The app's Overview page will be displayed. |overview| 8. Make a copy the `Application (client) ID` (`client_id`) and `Directory (tenant) ID` (`tenant_id`). ## Create Application Credentials 1. On the app's Overview page, click `Certificates & secrets`. 1. Click `+ New client secret`. |secret-1| 1. Make a copy of the `Secret ID` (`client_secret`) for later use. |secret-2| ## Grant Permissions to Application ### Office 365 Exchange Online Permissions 1. On the app's Overview page, click `API Permissions`. 1. Use `+ Add a permission`. 1. Under `Select an API`, click `APIs my organizaiton uses`. 1. In the search box, type "Office 365 Exchange Online". 1. From the list that is displayed, click on `Office 365 Exchange Online`. 1. Under `What type of permissions...`, click `Application Permissions`. 1. Under `IMAP` click `IMAP.AccessAsApp`. |permissions-1| 1. Click `Add permissions`. 1. Click `Grant admin consent for zuar.com` to grant admin permissions to `IMAP.AccessAsApp`. ### Microsoft Graph Permissions 1. On the app's Overview page, click `API Permissions`. 1. Under `API / Permissions`, click `Microsoft Graph`. 1. Select the following permissions: * `email` * `IMAP.Access.AsUser.All` * `offline_access` * `openid` * `profile` * `User.Read` 1. Click `Update Permissions`. ### Confirm Permissions When you are done, you should have the following permissions: |permissions-2| ## Credentials You have successfully configured an app within Azure that can be used with Mitto's IMAP job. You should have collected credentials similar to the following (the format is unimportant): ``` client_id = 9aef02cb-6efb-485f-91b8-ea57fda29d68 client_secret = utM8Q~xHAJt4PSCZzDKlL5P~WPgSlautR-VMrdsR tenant_id=abdfa575-4bf4-4e51-878b-14e280eab912 ``` You'll need these credentials when you run the IMAP wizard to create an IMAP job. Instructions for doing that can be found [here](m365-create-job).