Skip to main content
Skip table of contents

How to migrate old EWS-based Email integration to new Graph API-based integration (OAuth2)

As mentioned in our KB related to Email Parameters, Imagicle UCX Suite version Summer 2025 or older supports OAuth2 authentication based on Exchange Web Services (EWS). This protocol is deprecated by Microsoft for non-Microsoft apps to Exchange Online starting from October 1st, 2026.

That’s why we strongly suggest to update your on-prem UCX Suite instance to latest version prior to this deadline and lately amend your Azure Enterprise Application (App registration). See below the procedure for migrating the existing Azure App to new modern authentication.

Azure web portal configurations

Please access to Azure portal and go to "Enterprise Applications":

image-20251222-130936.png

Locate “Imagicle Email Provider” app (or any previously assigned name) and click on it to edit. From left menu panel, click on API Permissions:

image-20250113-103621.png

Please remove the existing Office365 Exchange permission and then click on "Add permissions" → "API’s my organization uses". Then search for "Office 365 Exchange Online".

image-20251112-143742.png

Select "Office 365 Exchange online" and then click on "Application Permissions"

image-20250113-103536.png

From the list of available permission levels, please search for the following items:

  • IMAP.AccessAsApp

  • SMTP.SendAsApp

Once permission has been assigned, you must authorize them for your organization, by clicking on "Grant admin consent for <company_name>".

A new client secret must be issued too, by selecting “Certificates and secrets” → “New client secret”. See below:

image-20251222-115839.png

Do not forget to copy new Client Secret Value, once created, to be lately copied in UCX Suite web portal.

image-20251222-120152.png

Now go back to the list of Enterprise Applications and locate your application:

image-20251112-144934.png

Copy the “Object ID” for later usage.

PowerShell configurations

Please run PowerShell as Administrator and execute the following commands:

POWERSHELL 
Set-ExecutionPolicy RemoteSigned 
Install-Module ExchangeOnlineManagement
Connect-ExchangeOnline

Authenticate with your full admin Tenant account

Execute the following command:

POWERSHELL 
New-ServicePrincipal -AppId <ApplicationID> -ServiceId <ObjectID> -DisplayName AnyNameYouLike

where <ApplicationID> and <ObjectID> must be replaced with those coming from your Enterprise App.

Now execute the following command:

POWERSHELL 
Add-MailboxPermission -Identity <email> -User <ObjectID> -AccessRights FullAccess

where <email> should be replaced with the dedicated account to be used by Imagicle applications.

<ObjectID> is the previous one associated to the Enterprise App.

Finally, you need to enable SMTP Client Authentication:

POWERSHELL 
Set-TransportConfig -SmtpClientAuthenticationDisabled $false

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close