Accessing MFA Outlook.com from Linux

Or from any standards compatible email client

Often for work reasons, one is forced to use Microsoft Office365 Outlook as the email server. Moreover companies are enforcing multi factor authentication. This often leaves Linux uses out in the cold, but it doesn’t have to.

This brief article should allow you to use any email client of your choice on any OS platform, thanks to the davmail java program. Specifically version 5.2 and above support “modern auth” and ADFS.

To get started, ensure you have the following:

• davmail >= 5.2.0
• Java 8.0.40 or Oracle JDK 9.0.4
• outlook.office.com account with MFA enabled using modern auth and ADFS. The MFA I’m testing is a custom in house MFA.
• Any email client implementing email standards protocols, imap/pop/smtp.

The java version you are using is important. I am using:

$ /usr/bin/java -version
java version "1.8.0_211"

which is Oracle jdk8 8u211. I couldn’t get it to work with the free openjdk, only Oracles equivalent.

Next up, create .davmail.properties in the root of your home directory.

The important bits to set in the file are:

davmail.mode=O365Interactive
davmail.url=https\://outlook.office365.com/EWS/Exchange.asmx
davmail.defaultDomain=
# https://github.com/mguessan/davmail/issues/19
sun.net.http.allowRestrictedHeaders=true

Also ensure this old deprecated setting is removed

davmail.enableEws=true

To enable verbose logging, you can do this:

log4j.logger.davmail=INFO
log4j.logger.httpclient.wire=INFO
log4j.logger.org.apache.commons.httpclient=INFO
log4j.rootLogger=INFO
davmail.logFilePath=/tmp/davmail.log
davmail.logFileSize=1MB

Now, run davmail.

It opens a bunch of ports locally, depending on your config:

davmail.caldavPort=1080
davmail.imapPort=1143
davmail.ldapPort=1389
davmail.popPort=
davmail.proxyPort=
davmail.smtpPort=1025

So point your mail client to these ports and davmail should pop open a browser window, in my case, telling me to check my MFA and approve access.

In my case, I fetch email with offlineimap and my settings for that account are:

remotehost = localhost
remoteuser = username@domain.com
remoteport = 1143
remotepass = mypassword

I then use Emacs and mu4e (for now), to access my email.

That’s all there is to it! Enjoy having a choice on email client to use again.

In terms of picking an email client, Emacs and notmuch is a great choice. But for them not yet into Emacs, check out astroidmail. It’s a nice graphical fast e-mail client for Notmuch.