Modern Authentication (Oauth) support for the Microsoft Exchange ActiveSync (e-mail, contacts, calendar)

As I use my Xperia X as a daily driver, it had been a pleasure to use my work e-mail and calendar with the native Jolla apps (e-mail calendar and contacts) thanks to the exchange support on Sailfish.
However as my employer has pushed successfully to a more secure environment by enforcing MFA / 2FA I am not able anymore to sync with my phone due to the fact that the Exchange Supported apps do not support Modern Authentication.

I raised a case with Jolla and after some e-mail back an forth they closed the case and wrote the following:

"The best thing you can do is to start a discussion / suggest a feature on the forum, as then it will get more audience and maybe there are other with the same interest and needs. That will then indicate for us that this is needed.

Sincerely,
Jolla Customer Care"

So as @tehhel has already posted a request questioning support for Modern Authenticatons as Basic Authentication wil not be supported by Microsoft (Exchange environments)
https://forum.sailfishos.org/t/basic-authentication-deprecated-by-microsoft/2905

There is a need for implementing Modern Authentication in the sailfish OS.
As I succesfully configured the SailOTP app as a token generator I can use the webbased (OWA) with 2FA. However a webbased client has a lot of drawbacks compared to a native integrated app on the phone.

So I’m hoping that there a lot of users who can support this request so that these features can be available and implemented soon.

This is an issue for me, too, our university (where Linus Torvalds was studying when he first started developing Linux) has been using M$ cloud services for a while now, and we’re starting to require MFA university-wide after summer. I know for a fact we have many Sailfish users here…

Thanks for posting this @Sakul, and for the reinforcement @elakim. The problem is clear and we have an internal issue logged for it; I’ll reply here if there’s news I can post.

Hi Flypig,
That is great news, thanks for the heads-up! And this feature will be good news if its availabe. Thereby quite necessary for the sailfish OS to stay competitive.
Looking forward for the upcoming news in this regards

I agree with what you say. But just to avoid any confusion, my previous message doesn’t imply a commitment to release a fix, or within any particular timescale (sorry, I wish I could give you that, but I want to be straight with you).

Hello,

I recently ran into this problem myself and I think this issue is currently much more relevant than before. Due to the pandemic many of us have been working from home, and many employers with no MFA in use have changed their policy, or are going to do so in the near future. Rather likely the obligation to use MFA is going to be an issue to more users than it used to.

my outlook account is not working anymore, now i switched to use android microsoft outlook instead

This is a must feature for us as well and our customers!

My faculty (same university) switched over to that yesterday, and thus sync stopped working for as well. Up until yesterday there was a possibility to use app-password to make things work but not anymore. So yeah, +1 from me for this.

Btw: have you managed to get the Microsoft Authorization app to work? Last time I tried I couldn’t get it to work.

@Pheet Regarding Microsoft authentication app - I haven’t used it, but instead I’ve installed SailOTP from the Jolla store. It works fine as a general purpose TOTP authentication app, also with the Microsoft Office365 suite. I don’t recall the specifics of setting it up but I think you had to select an option like “use another authenticator app” and then you just scan the QR code and it will work just fine.

Thank you lot for this! I had completely missed the fact that you could use a different authentication app for this.

My employer turned basic authentication off this morning and all calendar, email, and contact synchronisation stopped for my Exchange account in Sailfish. So can confirm: this MS change is breaking the Exchange feature in Sailfish.

My employer also switched to OAuth2, with no option to add device passwords. So I’m currently not able to access my work mail and calendar on my phone

I wonder if there’s any update on this?

No news unfortunately, i suspect mfa requires a major upgrade in the exchange stack

Yeah, now that you mentioned, might be quite an undertaking; might be something that needs to be though through for other type accounts as well.

Thank you for the prod. As noted earlier, but just to reiterate, we’re aware of the importance of this issue, but I don’t have any updates for you at this time.

OK, I admit, this is just another ‘any news?’ post But let’s pretend I have at least something to add: Microsoft will start disabling basic authentication on random tenants beginning October 11th, Basic Authentication Deprecation in Exchange Online – May 2022 Update - Microsoft Tech Community

Up until now MS has been disabling the feature on tenants where it’s not used at all. Tenant admins have obviously always had the option to disable it at will. After Oct 11th though, “There is no way to request an exception after October. Tenant selection is random, and we cannot put your tenant to the back of the queue to give you more time”.

As already discussed on this thread, please note that app passwords count as basic authentication as well, so that won’t help either.

Thanks again for the info. It’s always good to have as much clarity as possible and we appreciate any info shared on this topic. The impending cut-off is definitely something we’re conscious of.

I’m kind of curious how long it will take before this is fixed. I’d like to be able to use my phone again to check my work mail.