Access shared/delegate mailbox of Office 365
Enable IMAP/POP3
First make sure IMAP / POP3 are turned on properly: Enable IMAP / POP3 in Office 365
Shared mailbox permissions
Make sure you have access to the shared mailbox. Log in to Microsoft 365 admin portal at https://admin.microsoft.com/ as an administrator, go to Users/Active users tab and select shared mailbox:
On the Mail tab, in Mailbox permissions click Read and manage permissions:
Make sure your user is on the list:
Enable IMAP/POP3 for shared mailbox
On the same screen go to Manage email apps:
and select IMAP and POP3:
Now, there are 2 ways of accessing a shared mailbox in Office 365:
Using regular IMAP basic authentication and a using OAuth 2.0.
Shared mailbox – basic authentication [deprecated]
It is no longer possible to re-enable Basic Auth or use App passwords.
You’ll need to use OAuth described below.
To use basic authentication you’ll need to re-enable Basic Auth for your tenant:
https://www.limilabs.com/blog/office-365-prevent-basic-auth-disabled
Make sure IMAP/POP3 access is configured and basic authentication is turned on:
Enable IMAP / POP3 in Office 365
Consider using Application passwords for your account instead of your primary password:
Application passwords in Office 365
Try authenticating to users’ regular mailbox with his credentials (or App password) to check if basic authentication works and the user/password is correct:
client.UseBestLogin("AlexW@example.com", "AlexWPass-or-AlexWAppPass");
Access the shared mailbox
Use the following user format:
Username@DomainName\Shared@DomainName
You must use Login method:
client.Login(@"AlexW@example.com\invoices@example.com", "AlexWPass-or-AlexWAppPass");
-or-
alternatively you may use LoginPlain method:
client.LoginPlain("invoices@example.com", "AlexW@example.com", "AlexWPass-or-AlexWAppPass");
Don’t use UseBestLogin for Office365 shared mailboxes and basic authentication.
The reason is Office 365 advertises LOGIN PLAIN as a preferred login method and UseBestLogin chooses to use it. However Office 365 does not recognize Username@DomainName\Shared@DomainName user pattern when using LOGIN PLAIN. For Office 365 to accept a LOGIN PLAIN to a shared mailbox, you need to provide all 3 parameters separately: shared mailbox, user and user password – use LoginPlain to do that.
Shared mailbox – OAuth 2.0
It is much simpler with OAuth. Use any of the available OAuth 2.0 flows:
Daemons/Services: Password grant (MFA/2FA must be turned off for this account):
https://www.limilabs.com/blog/oauth2-password-grant-office365-exchange-imap-pop3-smtp
Daemons/Services: Client credential flow:
https://www.limilabs.com/blog/oauth2-client-credential-flow-office365-exchange-imap-pop3-smtp
Web apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-web-flow-office365-exchange-imap-pop3-smtp
Standalone devices (requires very little interaction):
https://www.limilabs.com/blog/oauth2-device-flow-office365-exchange-imap-pop3-smtp
Desktop apps (requires user interaction):
https://www.limilabs.com/blog/oauth2-office365-exchange-imap-pop3-smtp
When you’ve obtained an access token you simply use it to access shared mailbox:
string accessToken = result.AccessToken;
using (Imap client = new Imap())
{
client.ConnectSSL("outlook.office365.com");
client.LoginOAUTH2("invoices@example.com", accessToken);
client.SelectInbox();
List<long> uids = imap.Search(Flag.Unseen);
foreach (long uid in uids)
{
var eml = imap.GetMessageByUID(uid)
IMail email = new MailBuilder().CreateFromEml();
string subject = email.Subject);
}
client.Close();
}