Exchange Office365 Auth - Custom client authentication configuration

Exchange Office365 Auth - Custom client authentication configuration

By default, Mail Attachment Downloader uses a public client ID and delegated authentication to authenticate with Microsoft's Office 365. If you are having login issues, we would first recommend troubleshooting using the following articles:

IMPORTANT: In all cases (even the ones below), Mail Attachment Downloader requires EWS or Exchange Web Services permissioning and access. Otherwise, you will fail to auto discover or will get a 403 Forbidden error in the app.


In cases where an enterprise requires restricted permissioning, it's possible to also configure Mail Attachment Downloader with custom client IDs as follows:

IMPORTANT: Build 1067 includes support for the following configuration. Upgrade first before you try these settings out: https://gearmage.zohodesk.com/portal/en/kb/articles/latest-pro-client-and-pro-server-builds-how-to-get-them

Option-1: By default, Mail Attachment Downloader uses delegated auth using a public client and tenant ID. This is the recommended path we suggest.

Option-2: Use a confidential app-only client

Use a Confidential Client and give permissions to EWS as indicated https://learn.microsoft.com/en-us/exchange/client-developer/exchange-web-services/how-to-authenticate-an-ews-application-by-using-oauth#configure-for-app-only-authentication      

Quit the program and the service if they are running first.

Add the exchange client id, secret and tenant id inside *.config files (MailAttachmentDownloader.exe.config MailAttachmentDownloaderService.exe.config) in Mail Application Downloader installation directory as follows:

         Under the <appSettings> </appSettings> tags add...

        <!-- Config for Exchange ClientId/Secret and TenantId, leave blank to use public client -->
        <add key="Exchange.ClientId" value="..."/>
        <add key="Exchange.ClientSecret" value="..."/>
        <add key="Exchange.TenantId" value="..."/>
    
Option-3: Use public client with delegated auth and a custom client id + tenant id. Note: Client secret MUST NOT be specified in this case.

Add the exchange client id and tenant id inside *.config files (MailAttachmentDownloader.exe.config MailAttachmentDownloaderService.exe.config) in Mail Application Downloader installation directory as follows:

         Under the <appSettings> </appSettings> tags add...

        <!-- Config for Exchange ClientId and TenantId, leave blank to use public client -->
        <add key="Exchange.ClientId" value="..."/>
        <add key="Exchange.TenantId" value="..."/>