Microsoft Exchange Online Setup
It is first needed to set up Microsoft Exchange Online in Microsoft Azure, and then configure it in MyQ.
Microsoft Exchange Online setup in Microsoft Azure
Log in to the Microsoft Azure portal and go to App registrations.
Create a New registration:
Create a multitenant app:
Name - The name for this application (this can be changed later). For example, MS Exchange Online. It is important to use the same name as the one used in MyQ under External Systems
Supported account types - Who can use this application or access this API? Select the Accounts in any organizational directory (Any Azure AD directory - Multitenant) option.
Redirect URI (optional) - The authentication response is returned to this URl after successfully authenticating the user. Select the Public client/native (mobile&desktop) option from the drop-down and fill in https://login.microsoftonline.com/common/oauth2/nativeclient as the redirect URI.
Click Register.
The new app overview page opens. Copy the Application (client) ID and the Directory (tenant) ID, as they are needed for the connection to MyQ.
On the left-hand menu, click Manifest and modify and Save the JSON with the following:
CODE"allowPublicClient": true, "replyUrlsWithType": [ { "url": "https://login.microsoftonline.com/common/oauth2/nativeclient", "type": "InstalledClient" } ], "requiredResourceAccess": [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "258f6531-6087-4cc4-bb90-092c5fb3ed3f", "type": "Scope" }, { "id": "d7b7f2d9-0f45-4ea1-9d42-e50810c06991", "type": "Scope" }, { "id": "652390e4-393a-48de-9484-05f9b1212954", "type": "Scope" }, { "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182", "type": "Scope" } ] } ],
On the left-hand menu, click Authentication. In Advanced settings, under Allow public client flows, select Yes next to Enable the following mobile and desktop flows, and then click Save at the top.
On the left-hand menu, click API permissions and add the additional permissions required for the correct functionality, described in the table below.
Scope ID | Description |
7427e0e9-2fba-42fe-b0c0-848c9e6a8182 | Microsoft Graph: offline_access Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions. |
e1fe6dd8-ba31-4d61-89e7-88639da4683d | Microsoft Graph: User.Read Sign in and read user profile |
652390e4-393a-48de-9484-05f9b1212954 | Microsoft Graph: IMAP.AccessAsUser.All Allows the app to read, update, create and delete email in your mailbox. Does not include permission to send mail. |
d7b7f2d9-0f45-4ea1-9d42-e50810c06991 | Microsoft Graph: POP.AccessAsUser.All Allows the app to read, update, create and delete email in your mailbox. Does not include permission to send mail. |
258f6531-6087-4cc4-bb90-092c5fb3ed3f | Microsoft Graph: SMTP.Send Allows the app to send emails on your behalf from your mailbox. |
Microsoft Exchange Online setup in MyQ
Log in to the MyQ web administrator interface, and go to MyQ, Settings, External Systems.
In the External Systems section, click +Add and select Microsoft Exchange Online from the list.
In the pop-up window, fill in the required fields:
Title - add the name you chose during App registration in MS Azure; for example, MS Exchange Online.
Client ID - the Application (client) ID you copied during the MS Azure setup.
Tenant ID - the Directory (tenant) ID you copied during the MS Azure setup.
Click OK.
After setting up the external system in MyQ, you are requested to confirm a code through the Microsoft website (https://microsoft.com/devicelogin). The code you need to confirm is shown in the pop-up window, just below the link to the Microsoft website. There is timeout for confirming the code (usually it is 15 minutes).
The email functionality will not work until the confirmation is successfully completed.
This confirmation must be done with the Microsoft account that owns the email box (email address), which is used to connect to the exchange (Sender email in the MyQ, Settings, Network tab).
For example, if you use the sender email “print@somedomain.com”, then you need to authenticate on the Microsoft website as this user during this step.
Microsoft Exchange Online is now connected to MyQ and is ready to be used in the Network settings tab, as an Outgoing SMTP server and in the Jobs settings tab, in Jobs via Email as a POP3 or IMAP server.
Additional Settings
Send scan as the logged-in user
If MyQ is set to send scans as the logged-in user in MyQ, Settings, Scanning & OCR - Default settings of an email with scan - Sender, the mailbox authenticated in MyQ has to have a Send As permission for all users.
Log in to Exchange admin center.
Go to Mailboxes, select all users.
Click on “Mailbox delegation”.
Select the mailbox that has been authenticated in MyQ when the Exchange Online connector was created (you can find it in Settings - Connections).
Choose "Send as" permission.
Click Save.
Your selected mailbox for outgoing emails has now been assigned the rights to send scanned documents on behalf of the user who scanned them.
If you select to send emails as the default sender, this change is not required.