Introduction
Microsoft Office 365 allows two different methods to authenticate users:
Basic Authentication
Basic Authentication is the use of an email address as the username and a password. This is also known as Single-Factor Authentication, and is being deprecated in favour of:
Modern Authentication
Modern Authentication, also known as Two-Factor Authentication (2FA), Multi-Factor Authentication (MFA) or OAuth2.0. The user is authenticated by a password and an external factor (for example, a text to a known mobile number, a digital One-Time pad etc.)
Note: Any new Office 365 accounts will have Modern Authentication enabled by default and will not allow Basic Authentication to be enabled. If this is the case you must install Spindle Document Management or Spindle Document Distribution version 8.15 or later.
As of October 2022, Basic Authentication is no longer available. You must switch to using Modern Authentication using Spindle Document Management or Spindle Document Distribution version 8.15 or newer.
Prior to the deadline, Microsoft is proactively selecting tenants, disabling Basic Authentication Protocols, which are unsupported before the October 2022 deadline.
See link for further details published by Microsoft.
Basic Authentication and Exchange Online – September 2021 Update - Microsoft Tech Community
Applies to
- Spindle Professional 6
- Spindle Document Management v7
- Spindle Document Management v8.13 and below
- Spindle Document Distribution standalone v8.13 and below
- Spindle Professional for Credit Hound
Resolution
If the customer's Exchange 365 subscription allows Basic Authentication to be enabled, you can continue to use the App Password method below.
If Basic Authentication cannot be enabled or is not permitted by the Customer's IT policy, you will need to upgrade to Spindle Document Management v8.15 or later, or Spindle Document Distribution (Standalone) v8.15 or later. Software is located on Draycir Partner portal:
Draycir Software - Draycir Main Site
When upgrading Spindle Document Management to the latest version, a Draycir subscription license is now mandatory.
For further information on Draycir Subscription licensing and how to configure activation see below:
KBA-05-01-011 - Draycir Subscription Licensing : Draycir Support (freshdesk.com)
Modern Authentication (MFA) or OAuth2.0
Once upgraded, the configuration of the Exchange connector is straightforward. In Spindle Document Distribution Tools, select User Settings>Email Settings>Exchange> Setup (This window is also accessible via the User Setup Wizard):
Select Use Microsoft Account and click Sign In to Your Microsoft Account.
You will now be prompted by the Microsoft Account Sign-in screen:
Enter your Email Address and click Next
You will now see the options for Multi-Factor authentication as configured by your organisation.
Once complete you will see a message advising that sign in was successful:
Allow Consent for Spindle Document Distribution
Depending on the configuration of Exchange 365 in place, the first user from an organisation to use the Exchange connector may be presented with the following message, click accept:
A System Admin must grant consent for the Spindle Document Distribution to access an authenticated user's mailbox. Please note that granting this consent does not override the requirement for Modern Authentication. Users will still need to sign in (and potentially use a second factor).
This consent only needs to be granted once per organisation. Subsequent users will not see these messages.
If needed, consent may also be granted using the Azure administration portal (portal.azure.com), under Enterprise Applications>Consent & Permissions.
Basic Authentication & App Password
For each user, you need to generate something called an App Password in Office 365 and use this in place of the original password. This functionality is made for scenarios exactly like this one, where a client non-browser application cannot connect to Office 365 because of Multi-Factor Authentication. (More info here:
Once the steps in the above document have been followed, you can use the App Password in Spindle Tools as per the below steps:
Spindle Document Distribution Tools:
- Add each user to go into Spindle Tools and click on User Settings > Email Settings > Exchange Online/Office 365 > Setup
- Put in their Email address
- Important: Instead of the normal Office 365 password for their email account, they need to input their App Password created
- Note: One issue in SDD is the Auto-Discover URL does not work with App Passwords. So it is best for the user to enter this URL in manually as https://outlook.office365.com/EWS/Exchange.asmx
- Click Test Connection – This should now work.
If you have any issues around the upgrade please contact Draycir Support
Knowledge Base Article Details
| Related Product | Spindle Document Management & Spindle Document Distribution |
| Ref Number | KBA-01-03-039 |
| Document Date | 10/03/2022 |
| Original Author | Shannon Walker |
| Document Version | v1.0 |
| Last Updated | 10/03/2022 |
| Update Author | Phinder Heer |