This article describes how to configure a Microsoft 365 mailbox in the Axence nVision HelpDesk module using OAuth2 authentication.
The configuration includes:
- adding the mailbox in nVision,
- verifying mailbox settings in Microsoft 365,
- configuring user consent and permissions in Microsoft Entra,
- authorizing the mailbox account in nVision,
- verifying the Axence OAuth2 application in Microsoft Entra.
Prerequisites
Before starting the configuration, make sure that:
- the Microsoft 365 mailbox has an active Exchange Online license,
- the mailbox can be used by mail applications,
- the required mail protocols are enabled in Microsoft 365,
- the Microsoft 365 administrator account has permissions to manage enterprise applications and consent settings in Microsoft Entra,
- nVision is updated to the latest available version.
0. Initial mailbox configuration in nVision
First, add the mailbox in the nVision console.
This step is required so that, during OAuth2 authorization, the Axence application is created in Microsoft Entra. After authorization, the application should be visible in Enterprise applications in Microsoft Entra.
In the nVision console, go to:
Options → HelpDesk → Mailboxes
In the Receiving e-mail messages section, select Add.
Enter the Microsoft 365 mailbox details.
Example configuration for IMAP:
| Field | Value |
|---|---|
| Server protocol | IMAP4 |
| Server | outlook.office365.com |
| Port | 993 |
| Encryption | TLS 1.2+ |
| User | Microsoft 365 mailbox e-mail address |
| Authentication | MS OAuth2 |
Example configuration for POP3:
| Field | Value |
|---|---|
| Server protocol | POP3 |
| Server | outlook.office365.com |
| Port | 995 |
| Encryption | TLS 1.2+ |
| User | Microsoft 365 mailbox e-mail address |
| Authentication | MS OAuth2 |
After entering the data, select MS OAuth2 as the authentication method, and then click Authorize or Reauthorize.
In the Microsoft sign-in window, log in with the Microsoft 365 account assigned to the configured mailbox and accept the required permissions.
After successful authorization, the Axence application should be added in Microsoft Entra. You can later find it in:
Microsoft Entra → Enterprise applications → All applications
After completing this step, continue with the Microsoft 365 and Microsoft Entra configuration described below.
1. Check mailbox settings in Microsoft 365
Log in to the Microsoft 365 admin center.
Go to:
Users → Active users
Select the mailbox account that will be used in the HelpDesk module.
Then go to:
Mail → Manage e-mail apps
Make sure that the required options are enabled:
- IMAP — if messages will be received using IMAP,
- POP — if messages will be received using POP,
- Authenticated SMTP — if the mailbox will be used to send messages.
Save the changes if any settings were modified.
2. Check the Exchange Online license
In the user profile, go to:
Licenses and apps
Make sure that the account has a license that includes Exchange Online.
The mailbox must be able to work with Microsoft 365 mail services and support connections from mail applications.
3. Configure user consent in Microsoft Entra
Log in to the Microsoft Entra admin center.
Go to:
Entra ID → Enterprise applications → Consent and permissions → User consent settings
In the User consent for applications section, select:
Allow user consent for apps from verified publishers, for selected permissions
Then save the changes.
4. Classify permissions as “low impact”
In Microsoft Entra, go to:
Entra ID → Enterprise applications → Consent and permissions → Permission classifications
Check the permissions classified as low impact.
For correct nVision authorization with Microsoft 365, the following Microsoft Graph permissions may be required:
| Permission | Description |
|---|---|
offline_access |
Maintains access to data the user has granted access to |
IMAP.AccessAsUser.All |
Access to the user mailbox via IMAP |
POP.AccessAsUser.All |
Access to the user mailbox via POP |
SMTP.Send |
Sending messages using SMTP AUTH |
Mail.Read |
Reading user mail |
User.Read |
Signing in and reading the user profile |
email |
Reading the user’s e-mail address |
openid |
Signing in the user |
profile |
Reading the user’s basic profile |
Add any missing permissions to the low impact classification.
After saving the changes, wait approximately 5–10 minutes for Microsoft Entra to apply the settings.
5. Reauthorize receiving e-mail messages in nVision
After configuring the required settings in Microsoft 365 and Microsoft Entra, return to the nVision console:
Options → HelpDesk → Mailboxes
Open the mailbox that was added earlier, and then select Reauthorize next to MS OAuth2.
Log in with the Microsoft 365 account used as the HelpDesk mailbox and accept the required permissions.
After the reauthorization is complete, run Test connection.
If the configuration is correct, the test should finish successfully.
If the test fails, continue with the next steps.
6. Check the Axence OAuth2 application in Microsoft Entra
After completing authorization in nVision, go to Microsoft Entra:
Entra ID → Enterprise applications → All applications
Find the application:
Axence OAuth2 Authentication
Open the application and go to:
Permissions
Check the following tabs:
- User consent,
- Admin consent.
The User consent section should show the permissions granted during mailbox account authorization.
7. Grant admin consent
In the Axence OAuth2 application settings in Microsoft Entra, go to:
Permissions
Select:
Grant admin consent for the directory
Then confirm the consent.
This step approves the required application permissions for the Microsoft 365 tenant.
8. Reauthorize the mailbox in nVision again
After granting admin consent, return to the nVision console.
In the mailbox configuration, select:
Reauthorize
After the reauthorization is complete, run Test connection again.
If the configuration is correct, the test should finish successfully.
9. Configure outgoing e-mail messages
If the mailbox will also be used to send HelpDesk notifications, configure SMTP settings.
Recommended Microsoft 365 SMTP settings:
| Field | Value |
|---|---|
| SMTP server | smtp.office365.com |
| Port | 587 |
| Encryption | TLS 1.2+ |
| Authentication | MS OAuth2 |
After entering the settings, authorize or reauthorize the account using OAuth2, and then run the connection test.
10. Additional troubleshooting
If authorization completes successfully but the connection test fails or times out, check the following:
- whether the nVision server can connect to
outlook.office365.com, - whether the nVision server can connect to
smtp.office365.com, - whether a firewall, UTM, or SSL inspection mechanism is blocking the connection,
- whether port
587is used for SMTP, - whether Authenticated SMTP is enabled for the mailbox,
- whether the mailbox has an active Exchange Online license.
When configuring mail retrieval via IMAP, it is recommended to use the latest version of nVision, as newer versions include changes related to Microsoft 365 mailbox support over IMAP.
If the above steps do not resolve the issue, create a support request by sending an e-mail to: