The customer has internal mailboxes which are usually also shared mailboxes that they have in their company. And from there they would like to automatically raise issues in JSM from emails, with the possibility to select from which folder the mail should be synced. <like an option to just drag and drop the email into the right folder. And then JSM would fetch the email and just import it.> * Customer wants to go with IMAPS to have it in a secure way, not with basic authentication.

• The option that we have in the system with adding a Microsoft account, will utilize OAuth. But they have another problem with it as they need to create a personalized account on their side. That's something they are trying to avoid, and indicate there are other ways of OAuth integration where they could create a key and configure it in the Azure active directory, and then define which mailbox they would like to fetch emails, it wouldn't need the personalized account because, for the current solution, the problem is if they create a personalized account, they have to disable multi-factor authentication (MFA) to integrate it and then anybody could log in who has the password with that mailbox and catch email. So that's not a secure way of having it integrated.

Current available solutions that don't help with the above-mentioned customer's use case:
 
The only available options that we have are as follows:

• Either you should use Basic Auth and IMAP Secure and Generate Token for Password. (This option may no longer be valid due to MS deprecating basic auth)
• Or you should setup Standard Microsoft OAuth.

Additionally, without a personalized outlook created, it’s not possible to support our current implementation.
 
Reason:

• Without personalized email, there is a way where we can use Microsoft OAuth by using an AAD application and letting the authentication happen via the Microsoft Identity Platform.
• For this, our service or app should be listed as an AAD app or we need to create another AAD app which will do auth on behalf of our service(incoming email) for the users which is not possible with the current implementation.