This particular user could not resolve the issue, but I was able to use my Office365 account with passbolt and the details on how to do it are all there.
@ricardo In the forum we build resources that we will link back to. If a user shares they have the same error as another has had, we help them find previous discussions. It may help, it may not. We hope it will but even if it doesn’t, from a moderation standpoint it saves time compared to rewriting recommendations.
But when using the gmail app password, this does not narrow down an issue with Microsoft. Better test would be to use the Microsoft app password on a different app, line K9 mail as suggested in the other thread.
The issue at hand is:
are your Microsoft account settings established to permit the use of an app password
is your password correct
Does Microsoft permit this at all
These things need to be verified as working before concluding there is a problem on the passbolt side of things (though I’m not ruling that out). The fact is passbolt smtp setup is very straightforward. Other mail services and providers… sometimes not so much.
I can send mail with my O365 Enterprise E3 app password. Let me dig in further with my other Microsoft account.
Question: What domain is the email address you used to subscribe to Microsoft365? Your own personal/business domain or a domain from another email provided like Gmail, etc?
And, who provides the mail service for that domain? If it’s a Gmail account, the answer is Gmail. If it’s a Protonmail address, then it’s Protonmail.
For example, if you use a Gmail account to subscribe to Microsoft365, you can use Outlook and setup smtp with Gmail requirements in order to authorize Microsoft to login to your Gmail account and send out email for you. That’s exactly what passbolt would do, except passbolt does not have OAuth2 so an app password is often needed - this would be generated in your Gmail account settings.
If however you subscribe to Microsoft365 and they manage a domain for you, they only support domain management for those domains managed by GoDaddy. In other words, did you get your domain through Microsoft? If so, then Microsoft would send out the email for you.
If you use Microsoft to manage email services on a domain that you own (or your business owns, etc) then all emails from that domain would be coming from Microsoft mail servers. I have this setup - but I use Office365 E3 and am not limited by domains from GoDaddy. When mail from this domain of mine goes out, it comes from Microsoft mail servers. Therefore, if I want to send mail from K9, I have to establish an app password with Microsoft smtp settings so I can connect to Microsoft servers. See this MS365 page about app passwords.
The bottom line is which mail service is sending out the mail? SMTP authorizes a connection to a mail service.
Edit: for further clarity…If you already have to use SMTP settings to connect your Microsoft365 to another email account, then it’s not going to work to try to connect passbolt to Microsoft365. Instead, connect passbolt to whatever that other email account is.
I see what you mean @garrett Garrett, thanks for the further clarification.
We are talking about a business/company owned domain and the email service is provided by Microsoft as we have a tenant and similar to your E3 we have our licenses… you know how it goes from there. Thus as you said, Microsoft should be sending those emails for me.
I have SMTP enabled for the whole tenant and the mailbox I need to send emails from specifically.
I tried changing the password to be more complex
I tried with password in the passbolt.php, as well as trying with an app password and both gave me the same error: Could not send the test email.
Error: SMTP server did not accept the password.
The fact that the password is instantly accepted and the test email instantly sent with a Gmail username and app password is forcing me to conclude the issue is on Microsoft’s side. Either it doesn’t work or again, we are missing something.
If your setup is similar to mine then please share your passbolt.php and/or whatever steps you took on your tenant to make this possible.
It just takes enabling an app password, and you should be fine. I have had 2FA turned on for awhile, so an app password was necessary for that reason.
When I log into my account, I searched app password:
It explains the differences between how your organization may use 2FA. Depending on the approach, the links are different. My organization is described by the first section, so it takes me to the Additional Security Verification page:
Another consideration as found on this MS page: App passwords are available only to users who have been enforced for Multi-Factor Authentication. App passwords are not available to users who are enabled for Multi-Factor Authentication via a Conditional Access policy.
I have MFA forced on my user.
In Admin > Active Users > Select User > Manage multifactor authentication:
Hi @garrett , bit late to get back to you but unfortunately I had already tried with an app password while enforcing 2FA on the mailbox in question and still passbolt couldn’t make it send emails. Going to use a gmail account instead until we can figure out the o365 mystery.