Hi Kevin, we have a document that is being reviewed and will be posted soon.

Thank you
Bret

Hi Kevin, we will be adding this information regarding Microsoft specific settings to the KB.
Thank you
Bret

Configuring Sage 100 OAuth email settings for use with a Microsoft 365 App Registration. 

 First, if not yet completed, create the app registration.  

1. Logon to your Microsoft Azure Portal account (portal.azure.com) as the admin user.
2. Go to Azure Active Directory / App Registrations and click New Registration.

• Enter the Display Name: (user-defined) 
• Select Who can use: Single tenant 
• Enter the Redirect URI: (Platform = Public client/native) https://localhost 

3. Click Register.
4. Tip: copy the Application (client) Id and save it for later reference.
5. Tip: click Endpoints and copy the Authorization endpoint (v2) and the Token endpoint (v2) for later use. Then Close Endpoints.
6. Click API permissions / Add a permission / Select Microsoft Graph and then Delegated Permissions.
7. Select the offline_access and SMPT.Send permissions and then click Add permissions. 

There should be 3 permissions at this point: offline_access, SMTP.Send, User.Read.  

8. Click Grant admin consent for (user) for these permissions. 

The new app registration should now be ready for use.  

Next, if not already done, verify the SMTP setting in the Microsoft 365 Admin Center.  

1. Logon to www.office.com as the admin user.
2. Type admin in the search field and select the Admin app in the search results.
3. In the Admin Center, click Users / Active Users and select the admin user used to create the App Registration.
4. Click Mail / Manage email apps.
5. Make sure the "Authenticated SMTP" checkbox is checked and save changes. 

Now in Sage 100 Company Maintenance, on the Email tab, select the OAuth Authentication Method.  

1. Enter the Address: smtp.office365.com
2. Accept default Port: 587
3. Accept default SMTP Encryption: TLS
4. Enter your User ID: (the email/admin user used to create the App Registration)
5. Enter the Client ID for this app registration.
6. The Client Secret is not required for Microsoft 365.
7. Enter the Auth endpoint for this app registration.
8. Enter the Token endpoint for this app registration.
9. Enter the Scope: outlook.office.com/SMTP.Send offline_access
10. Enter the Redirect URL used above: https://localhost
11. Accept the default Code Challenge Method: S265
12. Click Accept to save the company record and then click Test Email to initiate the authentication process. 

• On the initial auth process, a user interface is launched where you will be prompted for the user and password. After that the system will use a token and a refresh token to send SMTP emails without user interaction.  

• This will continue if emails are sent from the company at least every 90 days.  

• However, after 90 days of inactivity, the refresh token will expire which will cause the UI to launch again, stopping the email send, and require the user and password.  

• Note: This refresh token expiration is specific to Microsoft 365 and may vary with other providers.  

Creating an Alias username in the Microsoft 365 Admin Center to use as the friendly-from email address in Sage 100 Paperless Office Forms Electronic Delivery Options.  

1. Logon to www.Office.com as the admin user.
2. Type admin in the search field and select the Admin app in the search results.
3. In the Admin Center, click Users / Active Users and select the admin user used to create the App Registration.
4. On the Account tab click Manage username and email.
5. Enter an Alias Username and click Add and then click Save changes. 

• In Sage 100 go to Paperless Office / Setup / Form Maintenance. 
• Select the desired form printing setting and enter the alias username (email address) in the From E-mail Address field. 
• Note: Don’t use the alias username in the email settings in Company Maintenance. This must be the primary username used to authenticate the App Registration. 

Thank you very much Bret!  This will be a great help.

Is there a reason that we couldn't use a simplified login screen like the one below which seems much more common.

Probably 90% of my customers use some type of MSP which means to setup paperless we have to open a ticket to get someone at their provider to walk us through changes.

Followed Solution ID 116301.  Pretty straight forward with regards to setting up the app in Office 365. 

However, when I try to test an email from within MAS100 I receive:

"The Authentication process failed. {"error":"invalid_request","error_description":"AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: 2d86a286-d6ef-4e47-8606-6dcaa40cb9d9. Please refer to go.microsoft.com/.../ and conduct needed actions to remediate the issue. For further questions, please contact your administrator.\r\nTrace ID: d598a803-9a99-4c29-8e74-93c378e67800\r\nCorrelation ID: 0fba3fcd-0ac0-42ad-a6e4-2038b62468cf\r\nTimestamp: 2022-08-08 18:58:33Z","error_codes":[1002016],"timestamp":"2022-08-08 18:58:33Z","trace_id":"d598a803-9a99-4c29-8e74-93c378e67800","correlation_id":"0fba3fcd-0ac0-42ad-a6e4-2038b62468cf"}"

Currently on Sage 7.00.4 (v2021.4) and client is a Windows 10 workstation which is fully patched.  

When I go to "">https://outlook.office.com" (mentioned in 116301 in order to test setting), and review the TLS it appears that I am utilizing TLS 1.2

Finally if I review the app log in Azure, it appears that I am connecting successfully:

Have this issue with three separate customers......needless to say very frustrating.

For Advanced / Premium make sure TLS 1.2 is installed on the server too.

Yes, we are on Advanced

Internet Options:

And checking via browser:

We're working on a hotfix for Advanced and Premium workstations. Stay tuned...

Hi Bret,

Is there an ETA on this fix?

Hi Kevin,

I am told by the end of this week.