What does Email Capture do?
It allows you to configure the email server and email information. User needs to use this email in To or Cc, while sending emails to lead(s), franchisee(s) and contact(s) so that system will capture emails from this email account automatically and display in the respective lead's message history section and franchisee's /contact's contact history section.
To configure Microsoft email accounts, follow the modern authentication process. Other types of accounts can be configured using a plain authentication process.
What is this document for?
This document is for the users to help them configure modern authentication for Microsoft email accounts.
Steps to configure modern authentication for email accounts. The steps below are to be performed only when configuring Microsoft accounts
Step-1: Log in to your Microsoft Azure account microsoft azure
Step 2: Click on Azure Active Directory
Step 3: Click on app registrations in the left panel
Step 4: Click on the new registration icon at the top
Step 5: Enter name and select "Accounts in this organizational directory only" in supported account types, and click on Register
Your application will be created successfully.
Step 6: Now, add a secret in the application, click on “Add a certificate or secret link”. A new page will open, click on “+ New client secret”.
Step 7: Add description and click on add. A client secret will be added
Note: Copy and store the client secret value because it will not be shown after immediate creation
Step 8: Add the POP and IMAP permissions to your AAD application
- Choose the API Permissions blade in your Azure AD application's management view in the Azure portal.
- Select Add permission.
- Select the APIs my organization uses tab and search for "Office 365 Exchange Online".
- Click Application permissions.
- For POP access, choose the POP. Access as App permission. For IMAP access, choose IMAP. Access as App permission.
- Once you've chosen which type of permission, select Add permissions.
You should now have the POP or IMAP application permissions added to your AAD application's permissions.
Steps below need to be performed only by the Admin
Step 9: Get Tenant Admin Consent
If you registered your application in your own tenant using "Accounts in this organizational directory only", you can simply go forward and use the application configuration page within the Azure AD admin center to grant the admin consent, and don't need to use the authorization request URL approach.
Step 10: Register service principals in Exchange
To use the New-ServicePrincipal cmdlet, install the ExchangeOnlineManagement and connect to your tenant as shown in the following snippet.
Install-Module -Name ExchangeOnlineManagement -allowprereleaseImport-module ExchangeOnlineManagementConnect-ExchangeOnline -Organization <tenantId>
Once your Azure AD application is consented to by a tenant admin, the tenant admin must register your AAD application's service principal in Exchange via Exchange Online PowerShell. This is enabled by the New-ServicePrincipal cmdlet
The following is an example of registering an Azure AD application's service principal in Exchange:
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]
The tenant admin can find the service principal identifiers referenced above in your AAD application's enterprise application instance on the tenant. You can find the list of the enterprise application instances on the tenant in the Enterprise applications blade in the Azure Active Directory view in the Azure Portal.
The OBJECT_ID is the Object ID from the Overview page of the Enterprise Application node (Azure Portal) for the application registration. It is not the Object ID from the Overview of the App Registrations node. Using the incorrect Object ID will cause an authentication failure.
Note: Use the Object ID from the Enterprise application page, not from the app registration overview page.
Step-11: Give add mail box permissions
The tenant admin can now add the specific mailboxes in the tenant that will be allowed to be accessed by your application. This is done with the Add-MailboxPermission cmdlet.
The following is an example of how to give your application's service principal access to one mailbox:
Add-MailboxPermission -Identity john.smith@contoso.com -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess