/
How to use Azure Entra Authentication for MS-Exchange in Office365

How to use Azure Entra Authentication for MS-Exchange in Office365

  • Rough draft

    • For Barracuda Networks it is paramount to provide solid, up-to-date information for our products also if they interchange information with other technologies. However, as every company, we can only influence the quality of our own documentation in the context of our own products.

    Therefore, this article contains all steps which illustrate how to basically ensure all necessary prerequisites so that the CloudGen Firewall can use Azure Entra authentication for MS-Exchange, i.e. for sending notifications. The mentioned URLs will ensure that you will always access the most newsworthy information provided by Microsoft.

    Perform the following steps to ensure that your individual configuration in Azure optimally supports the subsequent configuration for the CloudGen Firewall.

     

    Prerequisites for using Azure Entra Authentication for Sending Notifications in the CloudGen Firewall

    1. Register an application in MS Entra ID

      1. Invoke the page for the URL:

        1. https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app

    2. Create a Client Secret

      1. Invoke the page for the URL:

        1. https://learn.microsoft.com/en-us/entra/identity-platform/how-to-add-credentials?tabs=client-secret

      2. Switch to the tab “Add a Client Secret” and perform the steps.

    3. Set appropriate permissions for the app

      1. Invoke the page for the URL and set the permissions as described in the article as described in at Pt. 5, “For SMTP access, choose the SMTP.SendAsApp” permission.

        1. https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#add-the-pop-imap-or-smtp-permissions-to-your-microsoft-entra-application

    4. Confirm the permissions to get tenant admin consent

      1. Invoke the page for the URL to grant consent as described in the article:

        1. https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#how-to-grant-consent-if-you-registered-the-application-for-your-own-tenant

    5. Allow the app sending mails using a specific email address (which is the sender address that must also be configured for the CGF for sending notifications):

      1. Invoke the page for the URL and allow the app sending mails as described in the article:

        1. https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#register-service-principals-in-exchange

      2. Ensure that your email address in the following command matches the email address in the CGF configuration for sending notifications. Replace the email address in the example below with your individual email address:

        1. Add-MailboxPermission -Identity "john.smith@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

     

    After completing these steps, return to the article for configuring notifications and continue with the configuration:

     

    We value your feedback.
    If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
    For general product inquiries or technical support, please contact the global Barracuda Support team.