Microsoft are disabling basic authentication for Exchange Web Services and other protocols in January 2023 and from then are only supporting OAuth 2.0 token-based authorisation. You can now configure your Access People Planner email settings to use OAuth authentication instead of basic authentication.
You can do this follow these steps:
Configure your Microsoft organisation
Your first step is to set up Access People Planner to your Microsoft organisation.
Navigate to your Microsoft 365 administration portal.
Click the nine-dot menu, then click Admin.
Click Show All, then under Admin Centres, click Azure Active Directory.
Register
The first thing you need to do is register.
Click Azure Active Directory, then under Manage, click App registrations.
Click New registration, fill out the required details then click Register.
Once registered, note down the Application (client) ID and the Directory (tenant) ID values. You use these in your Access People Planner settings later.
Add authentication
Whilst still in the Azure Active Directory admin centre, you’ll need to add authentication for your Access People Planner.
Under Manage, click Authentication, then click Add a platform.
Click Mobile and desktop applications.
Accept the pre-provided Reply URLs and add the URL of your Access People Planner instance e.g. https://servicexx-appgrpxx.peopleplanner.biz
Tip: This can be found in your URL when you login to Access People Planner.For supported account types, select Accounts in this organisation directory only (MSFT only – single tenant).
Under Advanced settings, ensure Allow public client flows is set to No.
Once done, click Save changes.
Add client secret
After completing your authentication, you now need to set up your client secret.
Under Manage, click Certificates & secrets.
Click on the Client Secrets tab, then click New Client Secret.
Enter a description and expiry date, then click Add.
Once complete, copy the client secret Value somewhere safe as it’s only visible after creation, and you’ll need it for the settings within your Access People Planner.
Please be aware that the secret needed is the Value, not the ID.
Add API permissions
After completing your client secret, you need to set up API permissions.
Under Manage, click API permissions, then click Add a permission.
Click Microsoft Graph, then click Application permissions.
In the search box, type Mail, then select Mail.Send.
In the search box, type User, then select User.ReadBasic.All.
In the bottom-left of the popup, click Add permissions.
Next to the new permissions, click Grant admin consent for MSFT.
Configure enhanced authentication within Access People Planner
Once you complete the registration in Azure Active Directory, you can use the registration details to configure the enhanced authentication settings in your Access People Planner.
Click Settings, then point to Other.
Click Email Settings.
On the Authentication list, select Enhanced Authentication.
Add your noted details into the relevant boxes.
To check your settings, enter an address into the Test Address box, then click Test settings.
Once you’re happy, click the disk
button, double-check the information in the warning message, then click Save.
📌Note: As Access People Planner can’t have more than one active email configuration set up, when selecting save on either authentication type, the alternative authentication type clears the entered details.
Error logs
If the email test returns errors, please see the error log:
A configuration issue is preventing authentication: The Secret has expired. Expiry can be set against it, up to 24 months. The customer or their IT will need to renew the Secret and re-enter the Secret Value into the People Planner Email Settings.
Code: OrganizationFromTenantGuidNotFound: Office365 license has expired, most probably the customer is on trial and now running on a free version of Office365.