mirror of
https://github.com/rustdesk/doc.rustdesk.com.git
synced 2026-04-20 23:20:17 +00:00
fufesou
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Konfigurieren Sie SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro, um E-Mails uber Exchange Online zu senden."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Verwenden Sie diese Anleitung, um RustDesk Server Pro fur den E-Mail-Versand uber Microsoft 365 Exchange Online mit OAuth2 zu konfigurieren.
|
||||
|
||||
Diese Konfiguration eignet sich fur Einladungs-E-Mails, E-Mail-Anmeldebestatigungen und Verbindungswarnungen.
|
||||
|
||||
Allgemeine SMTP-Einstellungen finden Sie unter [SMTP](../).
|
||||
|
||||
## Welche Werte Tragen Sie in RustDesk Pro Ein?
|
||||
|
||||
| RustDesk Pro-Feld | Einzutragender Wert |
|
||||
| --- | --- |
|
||||
| From | Die Absenderadresse, die in ausgehenden E-Mails angezeigt wird. |
|
||||
| Mail Account | Die Postfachadresse, die RustDesk als XOAUTH2-SMTP-Benutzernamen verwendet. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` aus der App-Ubersicht |
|
||||
| OAuth2 Client ID | `Application (client) ID` aus der App-Ubersicht |
|
||||
| OAuth2 Client secret | Der unter `Certificates & secrets` erstellte Secret-`Value` |
|
||||
|
||||
Dieser Screenshot zeigt, wo diese Werte in RustDesk eingetragen werden:
|
||||
|
||||
|
||||
## Konfiguration
|
||||
|
||||
Bevor Sie mit der Konfiguration beginnen, stellen Sie sicher, dass Folgendes vorhanden ist:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` oder neuer
|
||||
- Ein vorhandenes Microsoft 365-Postfach oder ein Postfach, das Sie fur den Versand erstellen mochten, z. B. `no-reply@contoso.com`
|
||||
- Ein Microsoft 365-Administratorkonto, das Admin Consent in Microsoft Entra erteilen und Exchange Online-Service Principals verwalten kann
|
||||
|
||||
Diese Konfiguration hat drei Teile:
|
||||
|
||||
- Appregistrierung, Client Secret, API-Berechtigung und Admin Consent in Azure konfigurieren
|
||||
- Exchange Online-Service Principal, Postfach und Berechtigungen in PowerShell konfigurieren
|
||||
- SMTP OAuth2 in RustDesk konfigurieren und eine Test-E-Mail senden
|
||||
|
||||
### 1. In Azure Konfigurieren
|
||||
|
||||
1. Melden Sie sich im [Azure-Portal](https://portal.azure.com) an.
|
||||
1. Suchen Sie nach **App registrations** und offnen Sie den Eintrag.
|
||||
1. Wahlen Sie im linken Menu [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps) und klicken Sie dann auf **New registration**.
|
||||
|
||||
1. Erstellen Sie die Appregistrierung.
|
||||
|
||||
|
||||
1. Notieren Sie `Directory (tenant) ID` und `Application (client) ID`. Diese Werte tragen Sie spater in RustDesk ein.
|
||||
|
||||
1. Offnen Sie **Certificates & secrets** und erstellen Sie ein neues Client Secret.
|
||||
|
||||
1. Kopieren Sie den Secret-`Value` sofort. Microsoft zeigt diesen Wert nur einmal an.
|
||||
|
||||
1. Offnen Sie **API permissions** und fugen Sie die Microsoft 365 Exchange Online SMTP-Anwendungsberechtigung hinzu.
|
||||
1. Wahlen Sie **Add a permission**.
|
||||
1. Wahlen Sie **APIs my organization uses** und suchen Sie nach **Office 365 Exchange Online**.
|
||||
1. Wahlen Sie **Application permissions**.
|
||||
1. Wahlen Sie **SMTP.SendAsApp** und speichern Sie die Anderung.
|
||||
|
||||
|
||||
|
||||
1. Erteilen Sie Admin Consent fur die gerade hinzugefugte Berechtigung.
|
||||
|
||||
|
||||
|
||||
### 2. In PowerShell Konfigurieren
|
||||
|
||||
In diesem Teil verbinden Sie sich mit Exchange Online, erstellen den Service Principal, bereiten das Postfach vor und vergeben die Berechtigungen.
|
||||
|
||||
1. Offnen Sie PowerShell als lokaler Administrator.
|
||||
|
||||
1. Installieren Sie das Exchange Online-Modul und verbinden Sie sich mit Ihrem Mandanten-Administratorkonto.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Wenn Sie das Administratorkonto explizit angeben mochten, konnen Sie auch Folgendes verwenden:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. Suchen Sie in Microsoft Entra unter **Enterprise applications** die App und notieren Sie deren `Object ID`. Dieser Wert wird beim Erstellen des Exchange Online-Service Principals benotigt.
|
||||
|
||||
{{% notice note %}}
|
||||
Die `OBJECT_ID` muss hier die Objekt-ID der App unter **Enterprise applications** sein, nicht die Objekt-ID aus der Ubersicht unter **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Fuhren Sie diesen Befehl aus, um den Exchange Online-Service Principal fur die Appregistrierung zu erstellen. Microsoft beschreibt diesen Schritt als Registrierung des Service Principals einer Microsoft Entra-Anwendung in Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Wenn dieser Befehl trotz erfolgreicher Exchange-Verbindung fehlschlagt, prufen Sie, ob das Administratorkonto Exchange Online-Service Principals verwalten darf.
|
||||
|
||||
|
||||
1. Bestatigen Sie, dass Exchange den Service Principal erstellt hat, und notieren Sie seinen `Identity`-Wert fur die nachsten Schritte.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Verwenden Sie den hier zuruckgegebenen `Identity`-Wert in den nachsten beiden Berechtigungsbefehlen als `<SERVICE_PRINCIPAL_ID>`.
|
||||
|
||||
1. Wenn das Absenderpostfach noch nicht existiert, konnen Sie zuerst ein Shared Mailbox-Postfach erstellen, zum Beispiel:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Wenn Sie bereits ein Postfach fur den Versand haben, konnen Sie diesen Schritt uberspringen.
|
||||
|
||||
|
||||
1. Prufen Sie, ob `Authenticated SMTP` fur den Mandanten und das Absenderpostfach aktiviert ist.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Wenn dies nicht aktiviert ist, konnen Test-E-Mails mit folgendem Fehler fehlschlagen:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Fur die Postfachebene konnen Sie bei Bedarf Folgendes ausfuhren:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Wenn die Mandantenebene `True` zuruckgibt, entscheiden Sie gemaB Ihrer Organisationsrichtlinie, ob Sie Folgendes ausfuhren:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Wenn die beiden Einstellungen oben korrekt aussehen, der gleiche Fehler `535 5.7.139` aber weiterhin auftritt, prufen Sie auch, ob der Mandant Microsoft Entra `Security defaults` verwendet. Laut Microsoft Learn ist SMTP AUTH in Exchange Online deaktiviert, wenn `Security defaults` aktiviert ist.
|
||||
|
||||
Details zu den Befehlen finden Sie in Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Gewahren Sie dem Exchange-Service Principal `FullAccess` fur das Postfach, das RustDesk zum Senden verwenden soll.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Verwenden Sie hier das Postfach, das Sie in RustDesk bei `Mail Account` eintragen mochten.
|
||||
|
||||
Wenn dieser Befehl einen Fehler wie den folgenden zuruckgibt:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
dann wurde der an `-Identity` ubergebene Wert in Exchange Online nicht zu einem tatsachlichen Postfachobjekt aufgelost.
|
||||
|
||||
Prufen Sie zuerst, ob das Postfach in Exchange Online wirklich existiert:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Wenn kein Postfach zuruckgegeben wird, erstellen oder bestatigen Sie dieses Postfach zuerst. Fur eine `no-reply`-Absenderadresse konnen Sie z. B. ein Shared Mailbox-Postfach erstellen:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Wenn das Postfach bereits existiert, stellen Sie sicher, dass der in `Add-MailboxPermission -Identity ...` verwendete Wert die tatsachliche Adresse, der Alias oder eine andere auflosbare Mailbox-Identity ist.
|
||||
|
||||
|
||||
1. Gewahren Sie demselben Service Principal zusatzlich die Berechtigung `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Auch dieser Schritt gehort zur offiziellen app-only SMTP-Konfiguration von Microsoft.
|
||||
|
||||
### 3. In RustDesk Konfigurieren
|
||||
|
||||
Zu diesem Zeitpunkt sollten Sie bereits Folgendes haben:
|
||||
|
||||
- die Absenderadresse fur `From`
|
||||
- die Postfachadresse fur `Mail Account`
|
||||
- die `Directory (tenant) ID`
|
||||
- die `Application (client) ID`
|
||||
- den Secret-`Value`
|
||||
- einen bestatigten Exchange Online-Service Principal, der bereits `FullAccess` und `SendAs` fur das unter `Mail Account` verwendete Postfach hat
|
||||
|
||||
RustDesk fragt nicht nach der `Identity` des Exchange-Service Principals, aber die oben genannten Berechtigungsschritte mussen vor dem E-Mail-Test abgeschlossen sein.
|
||||
|
||||
1. Offnen Sie in der RustDesk-[Web-Konsole](../../console/) **Settings** -> **SMTP**.
|
||||
1. Aktivieren Sie OAuth2 und wahlen Sie **Microsoft 365** als Anbieter.
|
||||
1. Fullen Sie diese Felder aus:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Klicken Sie auf **Check**, um die Konfiguration zu speichern und eine Test-E-Mail zu senden.
|
||||
|
||||
|
||||
|
||||
Wenn der E-Mail-Test weiterhin fehlschlagt, gehen Sie zum PowerShell-Abschnitt zuruck und prufen Sie den Exchange Online-Service Principal, `Authenticated SMTP` und die Postfachberechtigungen fur das in `Mail Account` verwendete Postfach erneut.
|
||||
|
||||
## Referenzen
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Verwendet fur die Schritte zu Exchange Online-Appberechtigungen und Service Principals.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Verwendet zum Prufen und Aktivieren von `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Verwendet zum Erstellen eines Shared Mailbox-Postfachs.
|
||||
@@ -0,0 +1,222 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configure SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro to send email through Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Use this guide to configure RustDesk Server Pro to send email through Microsoft 365 Exchange Online with OAuth2.
|
||||
|
||||
This setup is suitable for invitation emails, login verification emails, and connection alarm notifications.
|
||||
|
||||
For general SMTP setup, see [SMTP](../).
|
||||
|
||||
## Which Values Go Into RustDesk Pro?
|
||||
|
||||
| RustDesk Pro field | What to enter |
|
||||
| --- | --- |
|
||||
| From | The sender address shown in outgoing mail. |
|
||||
| Mail Account | The mailbox address RustDesk uses as the XOAUTH2 SMTP username. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` from the app overview |
|
||||
| OAuth2 Client ID | `Application (client) ID` from the app overview |
|
||||
| OAuth2 Client secret | The secret `Value` created under `Certificates & secrets` |
|
||||
|
||||
This screenshot shows where these values are entered in RustDesk:
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
Before you start this configuration, make sure you have:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` or later
|
||||
- An existing Microsoft 365 mailbox, or one you plan to create for sending mail, for example `no-reply@contoso.com`
|
||||
- A Microsoft 365 administrator account that can grant admin consent in Microsoft Entra and manage Exchange Online service principals
|
||||
|
||||
This configuration has three parts:
|
||||
|
||||
- Configure the app registration, client secret, API permission, and admin consent in Azure
|
||||
- Configure the Exchange Online service principal, mailbox, and permissions in PowerShell
|
||||
- Configure SMTP OAuth2 in RustDesk and send a test email
|
||||
|
||||
### 1. Configure in Azure
|
||||
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
1. Search for and select **App registrations**.
|
||||
1. In the left menu, select [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), then click **New registration**.
|
||||
|
||||
1. Create the app registration.
|
||||
|
||||
|
||||
1. Record the `Directory (tenant) ID` and `Application (client) ID`. You will enter these later in RustDesk.
|
||||
|
||||
1. Open **Certificates & secrets**, then create a new client secret.
|
||||
|
||||
1. Copy the client secret `Value` immediately. Microsoft shows this value only once.
|
||||
|
||||
1. Open **API permissions** and add the Microsoft 365 Exchange Online SMTP application permission.
|
||||
1. Select **Add a permission**.
|
||||
1. Select **APIs my organization uses** and search for **Office 365 Exchange Online**.
|
||||
1. Select **Application permissions**.
|
||||
1. Select **SMTP.SendAsApp** and save the change.
|
||||
|
||||
|
||||
|
||||
1. Grant admin consent for the permission you just added.
|
||||
|
||||
|
||||
### 2. Configure in PowerShell
|
||||
|
||||
In this part, connect to Exchange Online, create the service principal, prepare the mailbox, and grant permissions.
|
||||
|
||||
1. Open PowerShell as a local administrator.
|
||||
|
||||
1. Install the Exchange Online module and connect with your tenant administrator account.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
If you want to specify the administrator account explicitly, you can also use:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. In Microsoft Entra **Enterprise applications**, find the app and record its `Object ID`. You will need it when creating the Exchange Online service principal.
|
||||
|
||||
{{% notice note %}}
|
||||
The `OBJECT_ID` here must be the app's object ID in **Enterprise applications**, not the object ID shown on the **App registrations** overview page.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Run this command to create the Exchange Online service principal for the app registration. Microsoft describes this step as the registration of a Microsoft Entra application's service principal in Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
If this command fails even though the Exchange connection succeeded, verify that the administrator account has permission to manage Exchange Online service principals.
|
||||
|
||||
|
||||
1. Confirm that Exchange created the service principal and record its `Identity` value for the next steps.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Use the `Identity` value returned here as `<SERVICE_PRINCIPAL_ID>` in the next two permission commands.
|
||||
|
||||
1. If the sending mailbox does not exist yet, you can create a shared mailbox first, for example:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
If you already have a mailbox for sending mail, you can skip this step.
|
||||
|
||||
|
||||
1. Check whether `Authenticated SMTP` is enabled for the tenant and the sending mailbox.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
If it is not enabled, test emails may fail with this error:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
For the mailbox-level setting, run this if needed:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
If the tenant-level setting returns `True`, decide according to your organization policy whether to run:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
If both settings above look correct but the same `535 5.7.139` error continues, also check whether the tenant uses Microsoft Entra `Security defaults`. Microsoft Learn states that SMTP AUTH is disabled in Exchange Online when `Security defaults` is enabled.
|
||||
|
||||
For command details, see Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Grant the Exchange service principal `FullAccess` to the mailbox that RustDesk will use for sending mail.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Use the mailbox that you plan to enter in RustDesk `Mail Account`.
|
||||
|
||||
If this command returns an error like this:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
the value passed to `-Identity` did not resolve to an actual mailbox object in Exchange Online.
|
||||
|
||||
First confirm that the mailbox really exists in Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
If no mailbox is returned, create or confirm that mailbox first. For a `no-reply` sender address, you can create a shared mailbox, for example:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
If the mailbox already exists, make sure the value you use in `Add-MailboxPermission -Identity ...` is the mailbox's actual address, alias, or another resolvable mailbox identity.
|
||||
|
||||
|
||||
1. Grant the same service principal the `SendAs` permission.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
This step is also part of Microsoft's official app-only SMTP configuration.
|
||||
|
||||
### 3. Configure in RustDesk
|
||||
|
||||
At this point, you should already have:
|
||||
|
||||
- the sender address you will use in `From`
|
||||
- the mailbox address you will use in `Mail Account`
|
||||
- the `Directory (tenant) ID`
|
||||
- the `Application (client) ID`
|
||||
- the client secret `Value`
|
||||
- a confirmed Exchange Online service principal that already has `FullAccess` and `SendAs` on the mailbox used for `Mail Account`
|
||||
|
||||
RustDesk does not ask for the Exchange service principal `Identity`, but the permission steps above must already be complete before you test email.
|
||||
|
||||
1. In the RustDesk [web console](../../console/), go to **Settings** -> **SMTP**.
|
||||
1. Enable OAuth2 and select **Microsoft 365** as the provider.
|
||||
1. Fill in these fields:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Click **Check** to save the configuration and send a test email.
|
||||
|
||||
|
||||
|
||||
If the test email still fails, go back to the PowerShell section and re-check the Exchange Online service principal, `Authenticated SMTP`, and mailbox permissions for the mailbox used in `Mail Account`.
|
||||
|
||||
## References
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Used for the Exchange Online app permission and service principal steps.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Used for checking and enabling `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Used for creating a shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configure SMTP OAuth2 (Microsoft 365) en RustDesk Server Pro para enviar correo a traves de Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Use esta guia para configurar RustDesk Server Pro para enviar correo mediante Microsoft 365 Exchange Online con OAuth2.
|
||||
|
||||
Esta configuracion es adecuada para correos de invitacion, verificacion de inicio de sesion por correo y notificaciones de alarma de conexion.
|
||||
|
||||
Para la configuracion SMTP general, consulte [SMTP](../).
|
||||
|
||||
## Que Valores Van en RustDesk Pro?
|
||||
|
||||
| Campo de RustDesk Pro | Que introducir |
|
||||
| --- | --- |
|
||||
| From | La direccion del remitente que se muestra en los correos salientes. |
|
||||
| Mail Account | La direccion del buzon que RustDesk usa como nombre de usuario XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` de la vista general de la aplicacion |
|
||||
| OAuth2 Client ID | `Application (client) ID` de la vista general de la aplicacion |
|
||||
| OAuth2 Client secret | El `Value` del secreto creado en `Certificates & secrets` |
|
||||
|
||||
Esta captura muestra donde se introducen estos valores en RustDesk:
|
||||
|
||||
|
||||
## Configuracion
|
||||
|
||||
Antes de empezar esta configuracion, asegurese de tener:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` o posterior
|
||||
- Un buzon de Microsoft 365 existente, o uno que piense crear para enviar correo, por ejemplo `no-reply@contoso.com`
|
||||
- Una cuenta de administrador de Microsoft 365 que pueda conceder admin consent en Microsoft Entra y administrar service principals de Exchange Online
|
||||
|
||||
Esta configuracion tiene tres partes:
|
||||
|
||||
- Configurar en Azure el registro de la aplicacion, el client secret, el permiso de API y el admin consent
|
||||
- Configurar en PowerShell el service principal de Exchange Online, el buzon y los permisos
|
||||
- Configurar SMTP OAuth2 en RustDesk y enviar un correo de prueba
|
||||
|
||||
### 1. Configurar en Azure
|
||||
|
||||
1. Inicie sesion en el [portal de Azure](https://portal.azure.com).
|
||||
1. Busque y seleccione **App registrations**.
|
||||
1. En el menu izquierdo, seleccione [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps) y luego haga clic en **New registration**.
|
||||
|
||||
1. Cree el registro de aplicacion.
|
||||
|
||||
|
||||
1. Anote `Directory (tenant) ID` y `Application (client) ID`. Los introducira mas tarde en RustDesk.
|
||||
|
||||
1. Abra **Certificates & secrets** y cree un nuevo client secret.
|
||||
|
||||
1. Copie inmediatamente el `Value` del secreto. Microsoft solo lo muestra una vez.
|
||||
|
||||
1. Abra **API permissions** y agregue el permiso de aplicacion SMTP de Microsoft 365 Exchange Online.
|
||||
1. Seleccione **Add a permission**.
|
||||
1. Seleccione **APIs my organization uses** y busque **Office 365 Exchange Online**.
|
||||
1. Seleccione **Application permissions**.
|
||||
1. Seleccione **SMTP.SendAsApp** y guarde el cambio.
|
||||
|
||||
|
||||
|
||||
1. Conceda admin consent al permiso que acaba de agregar.
|
||||
|
||||
|
||||
|
||||
### 2. Configurar en PowerShell
|
||||
|
||||
En esta parte se conectara a Exchange Online, creara el service principal, preparara el buzon y concedera los permisos.
|
||||
|
||||
1. Abra PowerShell como administrador local.
|
||||
|
||||
1. Instale el modulo de Exchange Online y conectese con la cuenta de administrador del inquilino.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Si desea especificar la cuenta de administrador de forma explicita, tambien puede usar:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. En Microsoft Entra **Enterprise applications**, busque la aplicacion y anote su `Object ID`. Lo necesitara al crear el service principal de Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
El `OBJECT_ID` aqui debe ser el object ID de la aplicacion en **Enterprise applications**, no el object ID que aparece en la pagina de informacion general de **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Ejecute este comando para crear el service principal de Exchange Online para el registro de la aplicacion. La documentacion de Microsoft describe este paso como el registro del service principal de una aplicacion de Microsoft Entra en Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Si este comando falla aunque la conexion a Exchange haya funcionado, verifique que la cuenta de administrador tenga permiso para administrar service principals de Exchange Online.
|
||||
|
||||
|
||||
1. Confirme que Exchange ha creado el service principal y anote su valor `Identity` para los pasos siguientes.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Use el valor `Identity` devuelto aqui como `<SERVICE_PRINCIPAL_ID>` en los dos comandos de permisos siguientes.
|
||||
|
||||
1. Si el buzon de envio todavia no existe, puede crear primero un shared mailbox, por ejemplo:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Si ya tiene un buzon para el envio de correo, puede omitir este paso.
|
||||
|
||||
|
||||
1. Compruebe si `Authenticated SMTP` esta habilitado para el inquilino y para el buzon de envio.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Si no esta habilitado, los correos de prueba pueden fallar con este error:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Para la configuracion a nivel de buzon, ejecute esto si es necesario:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Si la configuracion a nivel de inquilino devuelve `True`, decida segun la politica de su organizacion si debe ejecutar:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Si la configuracion del inquilino y del buzon parece correcta pero el mismo error `535 5.7.139` continua, compruebe tambien si el inquilino usa Microsoft Entra `Security defaults`. Microsoft Learn indica que SMTP AUTH esta deshabilitado en Exchange Online cuando `Security defaults` esta habilitado.
|
||||
|
||||
Para los detalles de los comandos, consulte Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Conceda al service principal de Exchange `FullAccess` al buzon que RustDesk usara para enviar correo.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Use aqui el buzon que piensa introducir en `Mail Account` de RustDesk.
|
||||
|
||||
Si este comando devuelve un error como este:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
significa que el valor pasado a `-Identity` no se resolvio como un objeto de buzon real en Exchange Online.
|
||||
|
||||
Primero confirme que el buzon realmente existe en Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Si no se devuelve ningun buzon, cree o confirme primero ese buzon. Para una direccion de remitente `no-reply`, puede crear un shared mailbox, por ejemplo:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Si el buzon ya existe, asegurese de que el valor usado en `Add-MailboxPermission -Identity ...` sea la direccion real del buzon, su alias u otra identidad de buzon que Exchange pueda resolver.
|
||||
|
||||
|
||||
1. Conceda al mismo service principal el permiso `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Este paso tambien forma parte de la configuracion oficial de SMTP app-only de Microsoft.
|
||||
|
||||
### 3. Configurar en RustDesk
|
||||
|
||||
En este punto ya deberia tener:
|
||||
|
||||
- la direccion del remitente que usara en `From`
|
||||
- la direccion del buzon que usara en `Mail Account`
|
||||
- el `Directory (tenant) ID`
|
||||
- el `Application (client) ID`
|
||||
- el `Value` del client secret
|
||||
- un service principal de Exchange Online confirmado que ya tenga `FullAccess` y `SendAs` sobre el buzon usado en `Mail Account`
|
||||
|
||||
RustDesk no solicita la `Identity` del service principal de Exchange, pero los pasos de permisos anteriores deben completarse antes de probar el correo.
|
||||
|
||||
1. En la [consola web](../../console/) de RustDesk, vaya a **Settings** -> **SMTP**.
|
||||
1. Habilite OAuth2 y seleccione **Microsoft 365** como proveedor.
|
||||
1. Rellene estos campos:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Haga clic en **Check** para guardar la configuracion y enviar un correo de prueba.
|
||||
|
||||
|
||||
|
||||
Si la prueba de correo sigue fallando, vuelva a la seccion de PowerShell y revise otra vez el service principal de Exchange Online, `Authenticated SMTP` y los permisos del buzon usado en `Mail Account`.
|
||||
|
||||
## Referencias
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Se usa para los pasos de permisos de aplicacion y service principal de Exchange Online.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Se usa para comprobar y habilitar `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Se usa para crear un shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configurez SMTP OAuth2 (Microsoft 365) dans RustDesk Server Pro pour envoyer des e-mails via Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Utilisez ce guide pour configurer RustDesk Server Pro afin d'envoyer des e-mails via Microsoft 365 Exchange Online avec OAuth2.
|
||||
|
||||
Cette configuration convient aux e-mails d'invitation, aux e-mails de verification de connexion et aux notifications d'alerte de connexion.
|
||||
|
||||
Pour la configuration SMTP generale, consultez [SMTP](../).
|
||||
|
||||
## Quelles Valeurs Saisir Dans RustDesk Pro ?
|
||||
|
||||
| Champ RustDesk Pro | Valeur a saisir |
|
||||
| --- | --- |
|
||||
| From | L'adresse de l'expediteur affichee dans les e-mails sortants. |
|
||||
| Mail Account | L'adresse de la boite aux lettres que RustDesk utilise comme nom d'utilisateur XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` dans la vue d'ensemble de l'application |
|
||||
| OAuth2 Client ID | `Application (client) ID` dans la vue d'ensemble de l'application |
|
||||
| OAuth2 Client secret | La `Value` du secret cree sous `Certificates & secrets` |
|
||||
|
||||
Cette capture montre ou saisir ces valeurs dans RustDesk :
|
||||
|
||||
|
||||
## Configuration
|
||||
|
||||
Avant de commencer cette configuration, assurez-vous d'avoir :
|
||||
|
||||
- RustDesk Server Pro `1.8.1` ou version ulterieure
|
||||
- Une boite aux lettres Microsoft 365 existante, ou une boite que vous prevoyez de creer pour l'envoi, par exemple `no-reply@contoso.com`
|
||||
- Un compte administrateur Microsoft 365 capable d'accorder l'admin consent dans Microsoft Entra et de gerer les service principals Exchange Online
|
||||
|
||||
Cette configuration comporte trois parties :
|
||||
|
||||
- Configurer dans Azure l'enregistrement de l'application, le client secret, l'autorisation API et l'admin consent
|
||||
- Configurer dans PowerShell le service principal Exchange Online, la boite aux lettres et les autorisations
|
||||
- Configurer SMTP OAuth2 dans RustDesk et envoyer un e-mail de test
|
||||
|
||||
### 1. Configurer Dans Azure
|
||||
|
||||
1. Connectez-vous au [portail Azure](https://portal.azure.com).
|
||||
1. Recherchez **App registrations** et ouvrez cet element.
|
||||
1. Dans le menu de gauche, selectionnez [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), puis cliquez sur **New registration**.
|
||||
|
||||
1. Creez l'enregistrement de l'application.
|
||||
|
||||
|
||||
1. Notez `Directory (tenant) ID` et `Application (client) ID`. Vous les saisirez plus tard dans RustDesk.
|
||||
|
||||
1. Ouvrez **Certificates & secrets**, puis creez un nouveau client secret.
|
||||
|
||||
1. Copiez immediatement la `Value` du secret. Microsoft n'affiche cette valeur qu'une seule fois.
|
||||
|
||||
1. Ouvrez **API permissions** et ajoutez l'autorisation applicative SMTP de Microsoft 365 Exchange Online.
|
||||
1. Selectionnez **Add a permission**.
|
||||
1. Selectionnez **APIs my organization uses** et recherchez **Office 365 Exchange Online**.
|
||||
1. Selectionnez **Application permissions**.
|
||||
1. Selectionnez **SMTP.SendAsApp** et enregistrez la modification.
|
||||
|
||||
|
||||
|
||||
1. Accordez l'admin consent a l'autorisation que vous venez d'ajouter.
|
||||
|
||||
|
||||
|
||||
### 2. Configurer Dans PowerShell
|
||||
|
||||
Dans cette partie, vous vous connectez a Exchange Online, creez le service principal, preparez la boite aux lettres et accordez les autorisations.
|
||||
|
||||
1. Ouvrez PowerShell en tant qu'administrateur local.
|
||||
|
||||
1. Installez le module Exchange Online et connectez-vous avec votre compte administrateur du tenant.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Si vous souhaitez specifier explicitement le compte administrateur, vous pouvez aussi utiliser :
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. Dans Microsoft Entra **Enterprise applications**, recherchez l'application et relevez son `Object ID`. Vous en aurez besoin lors de la creation du service principal Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
L'`OBJECT_ID` utilise ici doit etre l'object ID de l'application dans **Enterprise applications**, et non l'object ID affiche dans la vue d'ensemble de **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Executez cette commande pour creer le service principal Exchange Online pour l'enregistrement de l'application. La documentation Microsoft decrit cette etape comme l'enregistrement du service principal d'une application Microsoft Entra dans Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Si cette commande echoue alors que la connexion a Exchange a reussi, verifiez que le compte administrateur est autorise a gerer les service principals Exchange Online.
|
||||
|
||||
|
||||
1. Verifiez qu'Exchange a bien cree le service principal et relevez sa valeur `Identity` pour les etapes suivantes.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Utilisez la valeur `Identity` renvoyee ici comme `<SERVICE_PRINCIPAL_ID>` dans les deux commandes d'autorisation suivantes.
|
||||
|
||||
1. Si la boite aux lettres d'envoi n'existe pas encore, vous pouvez d'abord creer une shared mailbox, par exemple :
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Si vous disposez deja d'une boite aux lettres pour l'envoi, vous pouvez ignorer cette etape.
|
||||
|
||||
|
||||
1. Verifiez si `Authenticated SMTP` est active pour le tenant et pour la boite aux lettres d'envoi.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Si ce n'est pas active, les e-mails de test peuvent echouer avec l'erreur suivante :
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Pour le parametre au niveau de la boite aux lettres, executez ceci si necessaire :
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Si le parametre au niveau du tenant renvoie `True`, decidez selon la politique de votre organisation s'il faut executer :
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Si les parametres du tenant et de la boite aux lettres semblent corrects mais que la meme erreur `535 5.7.139` persiste, verifiez aussi si le tenant utilise Microsoft Entra `Security defaults`. Microsoft Learn indique que SMTP AUTH est desactive dans Exchange Online lorsque `Security defaults` est active.
|
||||
|
||||
Pour le detail des commandes, consultez Microsoft Learn : [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Accordez au service principal Exchange le droit `FullAccess` sur la boite aux lettres que RustDesk utilisera pour envoyer les e-mails.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Utilisez ici la boite aux lettres que vous prevoyez de saisir dans `Mail Account` de RustDesk.
|
||||
|
||||
Si cette commande renvoie une erreur comme celle-ci :
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
cela signifie que la valeur fournie a `-Identity` n'a pas ete resolue en un veritable objet de boite aux lettres dans Exchange Online.
|
||||
|
||||
Verifiez d'abord que la boite aux lettres existe bien dans Exchange Online :
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Si aucune boite aux lettres n'est renvoyee, creez ou confirmez d'abord cette boite. Pour une adresse d'expedition `no-reply`, vous pouvez creer une shared mailbox, par exemple :
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Si la boite aux lettres existe deja, assurez-vous que la valeur utilisee dans `Add-MailboxPermission -Identity ...` est bien l'adresse reelle de la boite, son alias, ou une autre identity de mailbox qu'Exchange peut resoudre.
|
||||
|
||||
|
||||
1. Accordez ensuite au meme service principal l'autorisation `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Cette etape fait aussi partie de la configuration SMTP app-only officielle de Microsoft.
|
||||
|
||||
### 3. Configurer Dans RustDesk
|
||||
|
||||
A ce stade, vous devriez deja avoir :
|
||||
|
||||
- l'adresse d'expediteur pour `From`
|
||||
- l'adresse de boite aux lettres pour `Mail Account`
|
||||
- la `Directory (tenant) ID`
|
||||
- l'`Application (client) ID`
|
||||
- la `Value` du client secret
|
||||
- un service principal Exchange Online confirme, qui dispose deja de `FullAccess` et `SendAs` sur la boite aux lettres utilisee dans `Mail Account`
|
||||
|
||||
RustDesk ne demande pas l'`Identity` du service principal Exchange, mais les etapes d'autorisation ci-dessus doivent etre terminees avant le test d'envoi.
|
||||
|
||||
1. Dans la [console web](../../console/) RustDesk, ouvrez **Settings** -> **SMTP**.
|
||||
1. Activez OAuth2 et choisissez **Microsoft 365** comme fournisseur.
|
||||
1. Renseignez ces champs :
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Cliquez sur **Check** pour enregistrer la configuration et envoyer un e-mail de test.
|
||||
|
||||
|
||||
|
||||
Si l'e-mail de test echoue encore, revenez a la section PowerShell et verifiez de nouveau le service principal Exchange Online, `Authenticated SMTP` et les autorisations de la boite aux lettres utilisee dans `Mail Account`.
|
||||
|
||||
## Sources
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Utilise pour les etapes relatives aux autorisations d'application Exchange Online et aux service principals.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Utilise pour verifier et activer `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Utilise pour creer une shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configura SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro per inviare e-mail tramite Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Usa questa guida per configurare RustDesk Server Pro in modo da inviare e-mail tramite Microsoft 365 Exchange Online con OAuth2.
|
||||
|
||||
Questa configurazione e adatta a e-mail di invito, e-mail di verifica dell'accesso e notifiche di allarme di connessione.
|
||||
|
||||
Per la configurazione SMTP generale, vedi [SMTP](../).
|
||||
|
||||
## Quali Valori Inserire in RustDesk Pro?
|
||||
|
||||
| Campo RustDesk Pro | Valore da inserire |
|
||||
| --- | --- |
|
||||
| From | L'indirizzo mittente mostrato nei messaggi in uscita. |
|
||||
| Mail Account | L'indirizzo della mailbox che RustDesk usa come nome utente XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` nella panoramica dell'app |
|
||||
| OAuth2 Client ID | `Application (client) ID` nella panoramica dell'app |
|
||||
| OAuth2 Client secret | Il `Value` del secret creato in `Certificates & secrets` |
|
||||
|
||||
Questa schermata mostra dove inserire questi valori in RustDesk:
|
||||
|
||||
|
||||
## Configurazione
|
||||
|
||||
Prima di iniziare questa configurazione, assicurati di avere:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` o successivo
|
||||
- Una mailbox Microsoft 365 esistente, oppure una mailbox che prevedi di creare per l'invio, ad esempio `no-reply@contoso.com`
|
||||
- Un account amministratore Microsoft 365 che possa concedere l'admin consent in Microsoft Entra e gestire i service principal di Exchange Online
|
||||
|
||||
Questa configurazione ha tre parti:
|
||||
|
||||
- Configurare in Azure la registrazione dell'app, il client secret, il permesso API e l'admin consent
|
||||
- Configurare in PowerShell il service principal di Exchange Online, la mailbox e i permessi
|
||||
- Configurare SMTP OAuth2 in RustDesk e inviare una e-mail di test
|
||||
|
||||
### 1. Configurare in Azure
|
||||
|
||||
1. Accedi al [portale di Azure](https://portal.azure.com).
|
||||
1. Cerca e seleziona **App registrations**.
|
||||
1. Nel menu a sinistra, seleziona [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), quindi fai clic su **New registration**.
|
||||
|
||||
1. Crea la registrazione dell'app.
|
||||
|
||||
|
||||
1. Annota `Directory (tenant) ID` e `Application (client) ID`. Li inserirai piu tardi in RustDesk.
|
||||
|
||||
1. Apri **Certificates & secrets** e crea un nuovo client secret.
|
||||
|
||||
1. Copia subito il `Value` del secret. Microsoft mostra questo valore una sola volta.
|
||||
|
||||
1. Apri **API permissions** e aggiungi il permesso applicativo SMTP di Microsoft 365 Exchange Online.
|
||||
1. Seleziona **Add a permission**.
|
||||
1. Seleziona **APIs my organization uses** e cerca **Office 365 Exchange Online**.
|
||||
1. Seleziona **Application permissions**.
|
||||
1. Seleziona **SMTP.SendAsApp** e salva la modifica.
|
||||
|
||||
|
||||
|
||||
1. Concedi l'admin consent per il permesso appena aggiunto.
|
||||
|
||||
|
||||
|
||||
### 2. Configurare in PowerShell
|
||||
|
||||
In questa parte ti connetti a Exchange Online, crei il service principal, prepari la mailbox e concedi i permessi.
|
||||
|
||||
1. Apri PowerShell come amministratore locale.
|
||||
|
||||
1. Installa il modulo Exchange Online e connettiti con l'account amministratore del tenant.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Se vuoi specificare esplicitamente l'account amministratore, puoi anche usare:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. In Microsoft Entra **Enterprise applications**, trova l'app e annota il suo `Object ID`. Ti servira quando creerai il service principal di Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
L'`OBJECT_ID` qui deve essere l'object ID dell'app in **Enterprise applications**, non l'object ID mostrato nella panoramica di **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Esegui questo comando per creare il service principal di Exchange Online per la registrazione dell'app. La documentazione Microsoft descrive questo passaggio come la registrazione del service principal di un'applicazione Microsoft Entra in Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Se questo comando fallisce anche se la connessione a Exchange e riuscita, verifica che l'account amministratore abbia il permesso di gestire i service principal di Exchange Online.
|
||||
|
||||
|
||||
1. Conferma che Exchange abbia creato il service principal e annota il suo valore `Identity` per i passaggi successivi.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Usa il valore `Identity` restituito qui come `<SERVICE_PRINCIPAL_ID>` nei due comandi di autorizzazione successivi.
|
||||
|
||||
1. Se la mailbox di invio non esiste ancora, puoi prima creare una shared mailbox, ad esempio:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Se hai gia una mailbox per l'invio, puoi saltare questo passaggio.
|
||||
|
||||
|
||||
1. Controlla se `Authenticated SMTP` e abilitato per il tenant e per la mailbox di invio.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Se non e abilitato, le e-mail di test possono fallire con questo errore:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Per l'impostazione a livello di mailbox, esegui questo comando se necessario:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Se l'impostazione a livello di tenant restituisce `True`, decidi in base alla policy della tua organizzazione se eseguire:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Se le impostazioni del tenant e della mailbox sembrano corrette ma lo stesso errore `535 5.7.139` continua a comparire, controlla anche se il tenant usa Microsoft Entra `Security defaults`. Microsoft Learn indica che SMTP AUTH e disabilitato in Exchange Online quando `Security defaults` e abilitato.
|
||||
|
||||
Per i dettagli dei comandi, vedi Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Concedi al service principal di Exchange `FullAccess` alla mailbox che RustDesk usera per inviare posta.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Usa qui la mailbox che prevedi di inserire in `Mail Account` in RustDesk.
|
||||
|
||||
Se questo comando restituisce un errore come questo:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
significa che il valore passato a `-Identity` non e stato risolto in un vero oggetto mailbox in Exchange Online.
|
||||
|
||||
Per prima cosa verifica che la mailbox esista davvero in Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Se non viene restituita alcuna mailbox, crea o conferma prima quella mailbox. Per un indirizzo mittente `no-reply`, puoi creare una shared mailbox, ad esempio:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Se la mailbox esiste gia, assicurati che il valore usato in `Add-MailboxPermission -Identity ...` sia l'indirizzo reale della mailbox, il suo alias oppure un'altra mailbox identity che Exchange possa risolvere.
|
||||
|
||||
|
||||
1. Concedi allo stesso service principal anche il permesso `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Anche questo passaggio fa parte della configurazione SMTP app-only ufficiale di Microsoft.
|
||||
|
||||
### 3. Configurare in RustDesk
|
||||
|
||||
A questo punto dovresti gia avere:
|
||||
|
||||
- l'indirizzo mittente da usare in `From`
|
||||
- l'indirizzo della mailbox da usare in `Mail Account`
|
||||
- il `Directory (tenant) ID`
|
||||
- l'`Application (client) ID`
|
||||
- il `Value` del client secret
|
||||
- un service principal di Exchange Online confermato che abbia gia `FullAccess` e `SendAs` sulla mailbox usata in `Mail Account`
|
||||
|
||||
RustDesk non richiede l'`Identity` del service principal di Exchange, ma i passaggi di autorizzazione sopra devono essere gia completati prima di testare l'invio.
|
||||
|
||||
1. Nella [console web](../../console/) di RustDesk, vai in **Settings** -> **SMTP**.
|
||||
1. Abilita OAuth2 e seleziona **Microsoft 365** come provider.
|
||||
1. Compila questi campi:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Fai clic su **Check** per salvare la configurazione e inviare una e-mail di test.
|
||||
|
||||
|
||||
|
||||
Se la e-mail di test continua a fallire, torna alla sezione PowerShell e ricontrolla il service principal di Exchange Online, `Authenticated SMTP` e i permessi della mailbox usata in `Mail Account`.
|
||||
|
||||
## Riferimenti
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Usato per i passaggi relativi ai permessi applicativi Exchange Online e ai service principal.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Usato per controllare e abilitare `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Usato per creare una shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "RustDesk Server Pro で SMTP OAuth2(Microsoft 365)を設定し、Exchange Online 経由でメールを送信します。"
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
このガイドでは、RustDesk Server Pro から Microsoft 365 Exchange Online を使って OAuth2 でメールを送信するための設定を説明します。
|
||||
|
||||
この構成は、招待メール、ログイン確認メール、接続アラーム通知に適しています。
|
||||
|
||||
一般的な SMTP 設定については [SMTP](../) を参照してください。
|
||||
|
||||
## RustDesk Pro に入力する値
|
||||
|
||||
| RustDesk Pro の項目 | 入力する値 |
|
||||
| --- | --- |
|
||||
| From | 送信メールに表示される送信元アドレス。 |
|
||||
| Mail Account | RustDesk が XOAUTH2 SMTP のユーザー名として使用するメールボックスのアドレス。 |
|
||||
| OAuth2 Tenant ID | アプリの概要にある `Directory (tenant) ID` |
|
||||
| OAuth2 Client ID | アプリの概要にある `Application (client) ID` |
|
||||
| OAuth2 Client secret | `Certificates & secrets` で作成した secret の `Value` |
|
||||
|
||||
次のスクリーンショットは、RustDesk でこれらの値をどこに入力するかを示しています。
|
||||
|
||||
|
||||
## 設定
|
||||
|
||||
この設定を始める前に、次を用意してください。
|
||||
|
||||
- RustDesk Server Pro `1.8.1` 以降
|
||||
- 既存の Microsoft 365 メールボックス、または送信用にこれから作成するメールボックス。例: `no-reply@contoso.com`
|
||||
- Microsoft Entra で管理者同意を付与でき、Exchange Online の service principal を管理できる Microsoft 365 管理者アカウント
|
||||
|
||||
この設定は 3 つのパートに分かれます。
|
||||
|
||||
- Azure でアプリ登録、client secret、API 権限、管理者同意を設定する
|
||||
- PowerShell で Exchange Online service principal、メールボックス、権限を設定する
|
||||
- RustDesk で SMTP OAuth2 を設定し、テストメールを送信する
|
||||
|
||||
### 1. Azure で設定
|
||||
|
||||
1. [Azure portal](https://portal.azure.com) にサインインします。
|
||||
1. **App registrations** を検索して選択します。
|
||||
1. 左側メニューで [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps) を選択し、**New registration** をクリックします。
|
||||
|
||||
1. アプリ登録を作成します。
|
||||
|
||||
|
||||
1. `Directory (tenant) ID` と `Application (client) ID` を控えます。これらは後で RustDesk に入力します。
|
||||
|
||||
1. **Certificates & secrets** を開き、新しい client secret を作成します。
|
||||
|
||||
1. secret の `Value` をすぐにコピーします。Microsoft はこの値を 1 回しか表示しません。
|
||||
|
||||
1. **API permissions** を開き、Microsoft 365 Exchange Online の SMTP アプリケーション権限を追加します。
|
||||
1. **Add a permission** を選択します。
|
||||
1. **APIs my organization uses** を選択し、**Office 365 Exchange Online** を検索します。
|
||||
1. **Application permissions** を選択します。
|
||||
1. **SMTP.SendAsApp** を選択して変更を保存します。
|
||||
|
||||
|
||||
|
||||
1. 追加した権限に対して管理者同意を付与します。
|
||||
|
||||
|
||||
|
||||
### 2. PowerShell で設定
|
||||
|
||||
このパートでは、Exchange Online に接続し、service principal を作成し、送信メールボックスを準備して権限を付与します。
|
||||
|
||||
1. PowerShell をローカル管理者として開きます。
|
||||
|
||||
1. Exchange Online モジュールをインストールし、テナント管理者アカウントで接続します。
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
管理者アカウントを明示したい場合は、次のようにも実行できます。
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. Microsoft Entra の **Enterprise applications** で対象アプリを探し、その `Object ID` を控えます。これは Exchange Online service principal の作成時に必要です。
|
||||
|
||||
{{% notice note %}}
|
||||
ここで使う `OBJECT_ID` は **Enterprise applications** に表示される object ID であり、**App registrations** の概要ページに表示される object ID ではありません。
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. 次のコマンドを実行して、アプリ登録用の Exchange Online service principal を作成します。Microsoft はこの手順を "Registration of a Microsoft Entra application's service principal in Exchange Online" と説明しています。
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Exchange への接続が成功しているのにこのコマンドが失敗する場合は、管理者アカウントに Exchange Online service principal を管理する権限があるか確認してください。
|
||||
|
||||
|
||||
1. Exchange で service principal が作成されたことを確認し、次の手順で使う `Identity` の値を控えます。
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
後続の 2 つの権限コマンドで使う `<SERVICE_PRINCIPAL_ID>` には、ここで返された `Identity` の値を使ってください。
|
||||
|
||||
1. 送信用メールボックスがまだ存在しない場合は、先に shared mailbox を作成できます。例:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
すでに送信用メールボックスがある場合は、この手順は省略できます。
|
||||
|
||||
|
||||
1. テナントと送信メールボックスで `Authenticated SMTP` が有効か確認します。
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
有効になっていない場合、テストメールは次のエラーで失敗することがあります。
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
メールボックス単位の設定が必要な場合は、次を実行します。
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
テナント単位の設定が `True` を返した場合は、組織のポリシーに従って次を実行するか判断してください。
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
上記のテナント側とメールボックス側の設定が正しそうなのに同じ `535 5.7.139` エラーが続く場合は、テナントで Microsoft Entra `Security defaults` を使っているかも確認してください。Microsoft Learn では、`Security defaults` が有効なとき Exchange Online の SMTP AUTH は無効になると説明されています。
|
||||
|
||||
コマンドの詳細は Microsoft Learn の [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission) を参照してください。
|
||||
|
||||
1. RustDesk が送信に使うメールボックスに対して、Exchange service principal に `FullAccess` を付与します。
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
ここでは、RustDesk の `Mail Account` に入力する予定のメールボックスを指定してください。
|
||||
|
||||
このコマンドが次のようなエラーを返す場合:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
`-Identity` に渡した値が Exchange Online で実際のメールボックス オブジェクトとして解決されていません。
|
||||
|
||||
まず、そのメールボックスが Exchange Online に本当に存在するか確認してください。
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
何も返らない場合は、先にそのメールボックスを作成するか、存在を確認してください。`no-reply` のような送信用アドレスには、例えば次のように shared mailbox を作成できます。
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
すでにメールボックスが存在する場合は、`Add-MailboxPermission -Identity ...` に指定した値が、そのメールボックスの実際のアドレス、エイリアス、または Exchange が解決できる別の mailbox identity であることを確認してください。
|
||||
|
||||
|
||||
1. 同じ service principal に `SendAs` 権限も付与します。
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
この手順も、Microsoft の公式 app-only SMTP 構成の一部です。
|
||||
|
||||
### 3. RustDesk で設定
|
||||
|
||||
この時点で、次がそろっているはずです。
|
||||
|
||||
- `From` に使う送信元アドレス
|
||||
- `Mail Account` に使うメールボックスのアドレス
|
||||
- `Directory (tenant) ID`
|
||||
- `Application (client) ID`
|
||||
- client secret の `Value`
|
||||
- `Mail Account` に使うメールボックスに対して、すでに `FullAccess` と `SendAs` が付与されていることを確認済みの Exchange Online service principal
|
||||
|
||||
RustDesk には Exchange service principal の `Identity` を入力しませんが、メールテストの前に上記の権限設定は完了している必要があります。
|
||||
|
||||
1. RustDesk の [Web コンソール](../../console/) で **Settings** -> **SMTP** を開きます。
|
||||
1. OAuth2 を有効にし、プロバイダーとして **Microsoft 365** を選択します。
|
||||
1. 次の項目を入力します。
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. **Check** をクリックして設定を保存し、テストメールを送信します。
|
||||
|
||||
|
||||
|
||||
テストメールがまだ失敗する場合は、PowerShell のセクションに戻り、Exchange Online service principal、`Authenticated SMTP`、および `Mail Account` に使うメールボックスの権限をもう一度確認してください。
|
||||
|
||||
## 参考資料
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Exchange Online のアプリ権限と service principal の手順に使用。
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). `Authenticated SMTP` の確認と有効化に使用。
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). shared mailbox の作成に使用。
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Skonfiguruj SMTP OAuth2 (Microsoft 365) w RustDesk Server Pro, aby wysylac e-maile przez Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Skorzystaj z tego przewodnika, aby skonfigurowac RustDesk Server Pro do wysylania e-maili przez Microsoft 365 Exchange Online z OAuth2.
|
||||
|
||||
Ta konfiguracja nadaje sie do wiadomosci z zaproszeniami, e-maili weryfikacji logowania i powiadomien o alarmach polaczenia.
|
||||
|
||||
Ogolna konfiguracja SMTP jest opisana w [SMTP](../).
|
||||
|
||||
## Jakie Wartosci Wpisac w RustDesk Pro?
|
||||
|
||||
| Pole RustDesk Pro | Co wpisac |
|
||||
| --- | --- |
|
||||
| From | Adres nadawcy wyswietlany w wychodzacych e-mailach. |
|
||||
| Mail Account | Adres skrzynki pocztowej, ktorego RustDesk uzywa jako nazwy uzytkownika XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` z przegladu aplikacji |
|
||||
| OAuth2 Client ID | `Application (client) ID` z przegladu aplikacji |
|
||||
| OAuth2 Client secret | `Value` secretu utworzonego w `Certificates & secrets` |
|
||||
|
||||
Ten zrzut ekranu pokazuje, gdzie wpisac te wartosci w RustDesk:
|
||||
|
||||
|
||||
## Konfiguracja
|
||||
|
||||
Przed rozpoczeciem tej konfiguracji upewnij sie, ze masz:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` lub nowszy
|
||||
- Istniejaca skrzynke Microsoft 365 albo skrzynke, ktora planujesz utworzyc do wysylania poczty, na przyklad `no-reply@contoso.com`
|
||||
- Konto administratora Microsoft 365, ktore moze nadac admin consent w Microsoft Entra i zarzadzac service principal w Exchange Online
|
||||
|
||||
Ta konfiguracja ma trzy czesci:
|
||||
|
||||
- Skonfigurowanie w Azure rejestracji aplikacji, client secret, uprawnienia API i admin consent
|
||||
- Skonfigurowanie w PowerShell service principal Exchange Online, skrzynki i uprawnien
|
||||
- Skonfigurowanie SMTP OAuth2 w RustDesk i wyslanie testowego e-maila
|
||||
|
||||
### 1. Konfiguracja w Azure
|
||||
|
||||
1. Zaloguj sie do [portalu Azure](https://portal.azure.com).
|
||||
1. Wyszukaj i wybierz **App registrations**.
|
||||
1. W lewym menu wybierz [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), a nastepnie kliknij **New registration**.
|
||||
|
||||
1. Utworz rejestracje aplikacji.
|
||||
|
||||
|
||||
1. Zanotuj `Directory (tenant) ID` i `Application (client) ID`. Wprowadzisz je pozniej w RustDesk.
|
||||
|
||||
1. Otworz **Certificates & secrets** i utworz nowy client secret.
|
||||
|
||||
1. Od razu skopiuj `Value` secretu. Microsoft pokazuje te wartosc tylko raz.
|
||||
|
||||
1. Otworz **API permissions** i dodaj uprawnienie aplikacyjne SMTP dla Microsoft 365 Exchange Online.
|
||||
1. Wybierz **Add a permission**.
|
||||
1. Wybierz **APIs my organization uses** i wyszukaj **Office 365 Exchange Online**.
|
||||
1. Wybierz **Application permissions**.
|
||||
1. Wybierz **SMTP.SendAsApp** i zapisz zmiane.
|
||||
|
||||
|
||||
|
||||
1. Nadaj admin consent dla dodanego przed chwila uprawnienia.
|
||||
|
||||
|
||||
|
||||
### 2. Konfiguracja w PowerShell
|
||||
|
||||
W tej czesci polaczysz sie z Exchange Online, utworzysz service principal, przygotujesz skrzynke i nadasz uprawnienia.
|
||||
|
||||
1. Otworz PowerShell jako lokalny administrator.
|
||||
|
||||
1. Zainstaluj modul Exchange Online i polacz sie przy uzyciu konta administratora tenanta.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Jesli chcesz jawnie wskazac konto administratora, mozesz takze uzyc:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. W Microsoft Entra **Enterprise applications** znajdz aplikacje i zanotuj jej `Object ID`. Bedzie potrzebny przy tworzeniu service principal Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
`OBJECT_ID` uzywany tutaj musi byc object ID aplikacji z **Enterprise applications**, a nie object ID widocznym na stronie przegladu **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Uruchom to polecenie, aby utworzyc service principal Exchange Online dla rejestracji aplikacji. Microsoft opisuje ten krok jako rejestracje service principal aplikacji Microsoft Entra w Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Jesli to polecenie nie powiedzie sie mimo poprawnego polaczenia z Exchange, sprawdz, czy konto administratora ma uprawnienia do zarzadzania service principal w Exchange Online.
|
||||
|
||||
|
||||
1. Potwierdz, ze Exchange utworzyl service principal, i zanotuj jego wartosc `Identity` do kolejnych krokow.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Uzyj zwroconej tutaj wartosci `Identity` jako `<SERVICE_PRINCIPAL_ID>` w dwoch kolejnych poleceniach nadawania uprawnien.
|
||||
|
||||
1. Jesli skrzynka nadawcza jeszcze nie istnieje, mozesz najpierw utworzyc shared mailbox, na przyklad:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Jesli masz juz skrzynke do wysylki, mozesz pominac ten krok.
|
||||
|
||||
|
||||
1. Sprawdz, czy `Authenticated SMTP` jest wlaczone dla tenanta i skrzynki nadawczej.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Jesli nie jest wlaczone, testowe e-maile moga konczyc sie takim bledem:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
W razie potrzeby dla ustawienia na poziomie skrzynki uruchom:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Jesli ustawienie na poziomie tenanta zwroci `True`, zdecyduj zgodnie z polityka organizacji, czy uruchomic:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Jesli ustawienia na poziomie tenanta i skrzynki wygladaja poprawnie, ale ten sam blad `535 5.7.139` nadal wystepuje, sprawdz tez, czy tenant korzysta z Microsoft Entra `Security defaults`. Microsoft Learn podaje, ze gdy `Security defaults` jest wlaczone, SMTP AUTH w Exchange Online jest wylaczone.
|
||||
|
||||
Szczegoly polecen znajduja sie w Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Nadaj Exchange service principal uprawnienie `FullAccess` do skrzynki, ktorej RustDesk bedzie uzywac do wysylania poczty.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Tutaj uzyj skrzynki, ktora planujesz wpisac w `Mail Account` w RustDesk.
|
||||
|
||||
Jesli to polecenie zwroci blad taki jak ponizej:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
oznacza to, ze wartosc przekazana do `-Identity` nie zostala rozpoznana w Exchange Online jako rzeczywisty obiekt skrzynki pocztowej.
|
||||
|
||||
Najpierw potwierdz, ze ta skrzynka rzeczywiscie istnieje w Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Jesli nie zostanie zwrocona zadna skrzynka, najpierw ja utworz lub potwierdz jej istnienie. Dla adresu nadawcy `no-reply` mozesz utworzyc shared mailbox, na przyklad:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Jesli skrzynka juz istnieje, upewnij sie, ze wartosc uzyta w `Add-MailboxPermission -Identity ...` to rzeczywisty adres skrzynki, alias albo inna mailbox identity, ktora Exchange potrafi rozpoznac.
|
||||
|
||||
|
||||
1. Nadaj temu samemu service principal rowniez uprawnienie `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Ten krok rowniez nalezy do oficjalnej konfiguracji SMTP app-only firmy Microsoft.
|
||||
|
||||
### 3. Konfiguracja w RustDesk
|
||||
|
||||
Na tym etapie powinienes juz miec:
|
||||
|
||||
- adres nadawcy dla `From`
|
||||
- adres skrzynki dla `Mail Account`
|
||||
- `Directory (tenant) ID`
|
||||
- `Application (client) ID`
|
||||
- `Value` client secret
|
||||
- potwierdzony service principal Exchange Online, ktory ma juz `FullAccess` i `SendAs` do skrzynki uzywanej w `Mail Account`
|
||||
|
||||
RustDesk nie wymaga wpisania `Identity` service principal Exchange, ale przed testem wysylki powyzsze kroki nadawania uprawnien musza byc juz zakonczone.
|
||||
|
||||
1. W [konsoli web](../../console/) RustDesk przejdz do **Settings** -> **SMTP**.
|
||||
1. Wlacz OAuth2 i wybierz **Microsoft 365** jako dostawce.
|
||||
1. Uzupelnij te pola:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Kliknij **Check**, aby zapisac konfiguracje i wyslac testowy e-mail.
|
||||
|
||||
|
||||
|
||||
Jesli testowy e-mail nadal nie dziala, wroc do sekcji PowerShell i ponownie sprawdz Exchange Online service principal, `Authenticated SMTP` oraz uprawnienia skrzynki uzywanej w `Mail Account`.
|
||||
|
||||
## Zrodla
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Zrodlo krokow dotyczacych uprawnien aplikacji Exchange Online i service principal.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Zrodlo sprawdzania i wlaczania `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Zrodlo tworzenia shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configure SMTP OAuth2 (Microsoft 365) no RustDesk Server Pro para enviar e-mails pelo Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Use este guia para configurar o RustDesk Server Pro para enviar e-mails pelo Microsoft 365 Exchange Online com OAuth2.
|
||||
|
||||
Esta configuracao e adequada para e-mails de convite, e-mails de verificacao de login e notificacoes de alerta de conexao.
|
||||
|
||||
Para a configuracao SMTP geral, consulte [SMTP](../).
|
||||
|
||||
## Quais Valores Inserir no RustDesk Pro?
|
||||
|
||||
| Campo do RustDesk Pro | O que inserir |
|
||||
| --- | --- |
|
||||
| From | O endereco do remetente exibido nos e-mails enviados. |
|
||||
| Mail Account | O endereco da caixa de correio que o RustDesk usa como nome de usuario XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` na visao geral do aplicativo |
|
||||
| OAuth2 Client ID | `Application (client) ID` na visao geral do aplicativo |
|
||||
| OAuth2 Client secret | O `Value` do secret criado em `Certificates & secrets` |
|
||||
|
||||
Esta captura mostra onde esses valores sao inseridos no RustDesk:
|
||||
|
||||
|
||||
## Configuracao
|
||||
|
||||
Antes de iniciar esta configuracao, verifique se voce tem:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` ou posterior
|
||||
- Uma caixa de correio Microsoft 365 existente, ou uma que voce pretende criar para envio, por exemplo `no-reply@contoso.com`
|
||||
- Uma conta de administrador do Microsoft 365 que possa conceder admin consent no Microsoft Entra e gerenciar service principals do Exchange Online
|
||||
|
||||
Esta configuracao tem tres partes:
|
||||
|
||||
- Configurar no Azure o registro do aplicativo, o client secret, a permissao de API e o admin consent
|
||||
- Configurar no PowerShell o service principal do Exchange Online, a caixa de correio e as permissoes
|
||||
- Configurar SMTP OAuth2 no RustDesk e enviar um e-mail de teste
|
||||
|
||||
### 1. Configuracao no Azure
|
||||
|
||||
1. Entre no [portal do Azure](https://portal.azure.com).
|
||||
1. Procure e selecione **App registrations**.
|
||||
1. No menu esquerdo, selecione [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps) e clique em **New registration**.
|
||||
|
||||
1. Crie o registro do aplicativo.
|
||||
|
||||
|
||||
1. Anote `Directory (tenant) ID` e `Application (client) ID`. Voce os informara depois no RustDesk.
|
||||
|
||||
1. Abra **Certificates & secrets** e crie um novo client secret.
|
||||
|
||||
1. Copie imediatamente o `Value` do secret. A Microsoft mostra esse valor apenas uma vez.
|
||||
|
||||
1. Abra **API permissions** e adicione a permissao de aplicativo SMTP do Microsoft 365 Exchange Online.
|
||||
1. Selecione **Add a permission**.
|
||||
1. Selecione **APIs my organization uses** e procure **Office 365 Exchange Online**.
|
||||
1. Selecione **Application permissions**.
|
||||
1. Selecione **SMTP.SendAsApp** e salve a alteracao.
|
||||
|
||||
|
||||
|
||||
1. Conceda admin consent para a permissao que voce acabou de adicionar.
|
||||
|
||||
|
||||
|
||||
### 2. Configuracao no PowerShell
|
||||
|
||||
Nesta parte, voce vai se conectar ao Exchange Online, criar o service principal, preparar a caixa de correio e conceder as permissoes.
|
||||
|
||||
1. Abra o PowerShell como administrador local.
|
||||
|
||||
1. Instale o modulo do Exchange Online e conecte-se com a conta de administrador do tenant.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Se quiser especificar explicitamente a conta de administrador, voce tambem pode usar:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. Em Microsoft Entra **Enterprise applications**, encontre o aplicativo e anote o `Object ID`. Voce precisara dele ao criar o service principal do Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
O `OBJECT_ID` aqui deve ser o object ID do aplicativo em **Enterprise applications**, e nao o object ID mostrado na pagina de visao geral de **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Execute este comando para criar o service principal do Exchange Online para o registro do aplicativo. A documentacao da Microsoft descreve esta etapa como o registro do service principal de um aplicativo do Microsoft Entra no Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Se este comando falhar mesmo com a conexao ao Exchange funcionando, verifique se a conta de administrador tem permissao para gerenciar service principals do Exchange Online.
|
||||
|
||||
|
||||
1. Confirme que o Exchange criou o service principal e anote o valor `Identity` para as proximas etapas.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Use o valor `Identity` retornado aqui como `<SERVICE_PRINCIPAL_ID>` nos dois comandos de permissao seguintes.
|
||||
|
||||
1. Se a caixa de correio de envio ainda nao existir, voce pode criar primeiro uma shared mailbox, por exemplo:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Se voce ja tiver uma caixa de correio para envio, pode pular esta etapa.
|
||||
|
||||
|
||||
1. Verifique se `Authenticated SMTP` esta habilitado para o tenant e para a caixa de correio de envio.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Se nao estiver habilitado, os e-mails de teste podem falhar com este erro:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Para a configuracao no nivel da caixa de correio, execute isto se necessario:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Se a configuracao no nivel do tenant retornar `True`, decida de acordo com a politica da sua organizacao se deve executar:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Se as configuracoes do tenant e da caixa de correio parecerem corretas, mas o mesmo erro `535 5.7.139` continuar, verifique tambem se o tenant usa Microsoft Entra `Security defaults`. O Microsoft Learn informa que o SMTP AUTH fica desabilitado no Exchange Online quando `Security defaults` esta habilitado.
|
||||
|
||||
Para detalhes dos comandos, consulte Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Conceda ao service principal do Exchange `FullAccess` a caixa de correio que o RustDesk usara para enviar e-mails.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Use aqui a caixa de correio que voce pretende informar em `Mail Account` no RustDesk.
|
||||
|
||||
Se este comando retornar um erro como este:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
isso significa que o valor passado para `-Identity` nao foi resolvido como um objeto real de caixa de correio no Exchange Online.
|
||||
|
||||
Primeiro confirme se a caixa de correio realmente existe no Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Se nenhuma caixa de correio for retornada, crie ou confirme essa caixa primeiro. Para um endereco remetente `no-reply`, voce pode criar uma shared mailbox, por exemplo:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Se a caixa de correio ja existir, verifique se o valor usado em `Add-MailboxPermission -Identity ...` e o endereco real da caixa, o alias ou outra mailbox identity que o Exchange consiga resolver.
|
||||
|
||||
|
||||
1. Conceda ao mesmo service principal a permissao `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Esta etapa tambem faz parte da configuracao oficial de SMTP app-only da Microsoft.
|
||||
|
||||
### 3. Configuracao no RustDesk
|
||||
|
||||
Neste ponto, voce ja deve ter:
|
||||
|
||||
- o endereco remetente que usara em `From`
|
||||
- o endereco da caixa de correio que usara em `Mail Account`
|
||||
- o `Directory (tenant) ID`
|
||||
- o `Application (client) ID`
|
||||
- o `Value` do client secret
|
||||
- um service principal do Exchange Online confirmado, que ja tenha `FullAccess` e `SendAs` sobre a caixa de correio usada em `Mail Account`
|
||||
|
||||
O RustDesk nao solicita a `Identity` do service principal do Exchange, mas as etapas de permissao acima ja precisam estar concluidas antes de testar o envio.
|
||||
|
||||
1. Na [console web](../../console/) do RustDesk, acesse **Settings** -> **SMTP**.
|
||||
1. Ative OAuth2 e selecione **Microsoft 365** como provedor.
|
||||
1. Preencha estes campos:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Clique em **Check** para salvar a configuracao e enviar um e-mail de teste.
|
||||
|
||||
|
||||
|
||||
Se o e-mail de teste ainda falhar, volte para a secao do PowerShell e confira novamente o service principal do Exchange Online, `Authenticated SMTP` e as permissoes da caixa de correio usada em `Mail Account`.
|
||||
|
||||
## Referencias
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Usado para as etapas de permissao de aplicativo do Exchange Online e de service principal.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Usado para verificar e habilitar `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Usado para criar uma shared mailbox.
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "Configureaza SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro pentru a trimite e-mailuri prin Exchange Online."
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
Foloseste acest ghid pentru a configura RustDesk Server Pro sa trimita e-mailuri prin Microsoft 365 Exchange Online cu OAuth2.
|
||||
|
||||
Aceasta configuratie este potrivita pentru e-mailuri de invitatie, e-mailuri de verificare a autentificarii si notificari de alarma pentru conexiuni.
|
||||
|
||||
Pentru configurarea SMTP generala, vezi [SMTP](../).
|
||||
|
||||
## Ce Valori Se Introduc in RustDesk Pro?
|
||||
|
||||
| Camp RustDesk Pro | Ce se introduce |
|
||||
| --- | --- |
|
||||
| From | Adresa expeditorului afisata in e-mailurile trimise. |
|
||||
| Mail Account | Adresa casutei postale pe care RustDesk o foloseste ca nume de utilizator XOAUTH2 SMTP. |
|
||||
| OAuth2 Tenant ID | `Directory (tenant) ID` din pagina de prezentare a aplicatiei |
|
||||
| OAuth2 Client ID | `Application (client) ID` din pagina de prezentare a aplicatiei |
|
||||
| OAuth2 Client secret | `Value` al secretului creat in `Certificates & secrets` |
|
||||
|
||||
Aceasta captura arata unde se introduc aceste valori in RustDesk:
|
||||
|
||||
|
||||
## Configurare
|
||||
|
||||
Inainte sa incepi aceasta configurare, asigura-te ca ai:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` sau mai nou
|
||||
- O casuta postala Microsoft 365 existenta, sau una pe care intentionezi sa o creezi pentru trimitere, de exemplu `no-reply@contoso.com`
|
||||
- Un cont de administrator Microsoft 365 care poate acorda admin consent in Microsoft Entra si poate administra service principal in Exchange Online
|
||||
|
||||
Aceasta configurare are trei parti:
|
||||
|
||||
- Configurarea in Azure a inregistrarii aplicatiei, a client secret, a permisiunii API si a admin consent
|
||||
- Configurarea in PowerShell a service principal Exchange Online, a casutei postale si a permisiunilor
|
||||
- Configurarea SMTP OAuth2 in RustDesk si trimiterea unui e-mail de test
|
||||
|
||||
### 1. Configurare in Azure
|
||||
|
||||
1. Autentifica-te in [portalul Azure](https://portal.azure.com).
|
||||
1. Cauta si selecteaza **App registrations**.
|
||||
1. In meniul din stanga, selecteaza [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), apoi fa clic pe **New registration**.
|
||||
|
||||
1. Creeaza inregistrarea aplicatiei.
|
||||
|
||||
|
||||
1. Noteaza `Directory (tenant) ID` si `Application (client) ID`. Le vei introduce mai tarziu in RustDesk.
|
||||
|
||||
1. Deschide **Certificates & secrets** si creeaza un nou client secret.
|
||||
|
||||
1. Copiaza imediat `Value` al secretului. Microsoft afiseaza aceasta valoare o singura data.
|
||||
|
||||
1. Deschide **API permissions** si adauga permisiunea de aplicatie SMTP pentru Microsoft 365 Exchange Online.
|
||||
1. Selecteaza **Add a permission**.
|
||||
1. Selecteaza **APIs my organization uses** si cauta **Office 365 Exchange Online**.
|
||||
1. Selecteaza **Application permissions**.
|
||||
1. Selecteaza **SMTP.SendAsApp** si salveaza modificarea.
|
||||
|
||||
|
||||
|
||||
1. Acorda admin consent pentru permisiunea pe care tocmai ai adaugat-o.
|
||||
|
||||
|
||||
|
||||
### 2. Configurare in PowerShell
|
||||
|
||||
In aceasta parte te conectezi la Exchange Online, creezi service principal, pregatesti casuta postala si acorzi permisiunile.
|
||||
|
||||
1. Deschide PowerShell ca administrator local.
|
||||
|
||||
1. Instaleaza modulul Exchange Online si conecteaza-te cu contul de administrator al tenantului.
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
Daca vrei sa specifici explicit contul de administrator, poti folosi si:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. In Microsoft Entra **Enterprise applications**, gaseste aplicatia si noteaza `Object ID`. Vei avea nevoie de el cand creezi service principal Exchange Online.
|
||||
|
||||
{{% notice note %}}
|
||||
`OBJECT_ID` folosit aici trebuie sa fie object ID al aplicatiei din **Enterprise applications**, nu object ID afisat in pagina de prezentare din **App registrations**.
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. Ruleaza aceasta comanda pentru a crea service principal Exchange Online pentru inregistrarea aplicatiei. Documentatia Microsoft descrie acest pas ca inregistrarea service principal al unei aplicatii Microsoft Entra in Exchange Online.
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
Daca aceasta comanda esueaza chiar daca conexiunea la Exchange a reusit, verifica daca acel cont de administrator are permisiunea de a administra service principal in Exchange Online.
|
||||
|
||||
|
||||
1. Confirma ca Exchange a creat service principal si noteaza valoarea `Identity` pentru pasii urmatori.
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
Foloseste valoarea `Identity` returnata aici ca `<SERVICE_PRINCIPAL_ID>` in urmatoarele doua comenzi de acordare a permisiunilor.
|
||||
|
||||
1. Daca mailbox-ul de trimitere nu exista inca, poti crea mai intai un shared mailbox, de exemplu:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
Daca ai deja un mailbox pentru trimitere, poti sari peste acest pas.
|
||||
|
||||
|
||||
1. Verifica daca `Authenticated SMTP` este activat pentru tenant si pentru mailbox-ul de trimitere.
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
Daca nu este activat, e-mailurile de test pot esua cu aceasta eroare:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
Pentru setarea la nivel de mailbox, ruleaza aceasta comanda daca este necesar:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Daca setarea la nivel de tenant returneaza `True`, decide conform politicii organizatiei tale daca trebuie sa rulezi:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
Daca setarile de la nivelul tenantului si al mailbox-ului par corecte, dar aceeasi eroare `535 5.7.139` continua sa apara, verifica si daca tenantul foloseste Microsoft Entra `Security defaults`. Microsoft Learn spune ca SMTP AUTH este dezactivat in Exchange Online atunci cand `Security defaults` este activat.
|
||||
|
||||
Pentru detaliile comenzilor, vezi Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission).
|
||||
|
||||
1. Acorda service principal Exchange dreptul `FullAccess` asupra mailbox-ului pe care RustDesk il va folosi pentru trimiterea mesajelor.
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
Foloseste aici mailbox-ul pe care intentionezi sa il introduci in `Mail Account` in RustDesk.
|
||||
|
||||
Daca aceasta comanda returneaza o eroare ca aceasta:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
inseamna ca valoarea transmisa catre `-Identity` nu s-a rezolvat la un obiect real de mailbox in Exchange Online.
|
||||
|
||||
Mai intai confirma ca mailbox-ul exista cu adevarat in Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
Daca nu este returnat niciun mailbox, creeaza mai intai acel mailbox sau confirma existenta lui. Pentru o adresa de expeditor `no-reply`, poti crea un shared mailbox, de exemplu:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
Daca mailbox-ul exista deja, asigura-te ca valoarea folosita in `Add-MailboxPermission -Identity ...` este adresa reala a mailbox-ului, aliasul lui sau o alta mailbox identity pe care Exchange o poate rezolva.
|
||||
|
||||
|
||||
1. Acorda aceluiasi service principal si permisiunea `SendAs`.
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
Acest pas face parte si el din configuratia oficiala SMTP app-only a Microsoft.
|
||||
|
||||
### 3. Configurare in RustDesk
|
||||
|
||||
In acest punct ar trebui sa ai deja:
|
||||
|
||||
- adresa de expeditor pentru `From`
|
||||
- adresa mailbox-ului pentru `Mail Account`
|
||||
- `Directory (tenant) ID`
|
||||
- `Application (client) ID`
|
||||
- `Value` al client secret
|
||||
- un service principal Exchange Online confirmat, care are deja `FullAccess` si `SendAs` asupra mailbox-ului folosit in `Mail Account`
|
||||
|
||||
RustDesk nu cere `Identity` pentru service principal Exchange, dar pasii de acordare a permisiunilor de mai sus trebuie sa fie deja finalizati inainte de testarea trimiterii.
|
||||
|
||||
1. In [consola web](../../console/) RustDesk, mergi la **Settings** -> **SMTP**.
|
||||
1. Activeaza OAuth2 si selecteaza **Microsoft 365** ca provider.
|
||||
1. Completeaza aceste campuri:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. Fa clic pe **Check** pentru a salva configuratia si a trimite un e-mail de test.
|
||||
|
||||
|
||||
|
||||
Daca e-mailul de test tot esueaza, intoarce-te la sectiunea PowerShell si verifica din nou service principal Exchange Online, `Authenticated SMTP` si permisiunile mailbox-ului folosit in `Mail Account`.
|
||||
|
||||
## Referinte
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth). Folosit pentru pasii privind permisiunile aplicatiei Exchange Online si service principal.
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission). Folosit pentru verificarea si activarea `Authenticated SMTP`.
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes). Folosit pentru crearea unui shared mailbox.
|
||||
@@ -0,0 +1,222 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "在 RustDesk Server Pro 中配置 SMTP OAuth2(Microsoft 365),通过 Exchange Online 发送邮件。"
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
使用本指南为 RustDesk Server Pro 配置通过 Microsoft 365 Exchange Online 发送 OAuth2 邮件。
|
||||
|
||||
该配置适用于邀请邮件、登录验证邮件和连接告警通知。
|
||||
|
||||
通用 SMTP 配置可参考 [SMTP](../)。
|
||||
|
||||
## RustDesk Pro 中要填写哪些值?
|
||||
|
||||
| RustDesk Pro 字段 | 填写内容 |
|
||||
| --- | --- |
|
||||
| From | 出站邮件中显示的发件人地址。 |
|
||||
| Mail Account | RustDesk 用作 XOAUTH2 SMTP 用户名的邮箱地址。 |
|
||||
| OAuth2 Tenant ID | 应用概览中的 `Directory (tenant) ID` |
|
||||
| OAuth2 Client ID | 应用概览中的 `Application (client) ID` |
|
||||
| OAuth2 Client secret | `Certificates & secrets` 中创建的 secret `Value` |
|
||||
|
||||
下图可帮助你直接对应 RustDesk 中这些字段的位置:
|
||||
|
||||
|
||||
## 配置
|
||||
|
||||
开始前,请先确认你已具备:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` 或更高版本
|
||||
- 一个现有的,或准备创建用于发送邮件的 Microsoft 365 邮箱,例如 `no-reply@contoso.com`
|
||||
- 一个可在 Microsoft Entra 中授予管理员同意、并管理 Exchange Online service principal 的 Microsoft 365 管理员账号
|
||||
|
||||
本配置分为三个部分:
|
||||
|
||||
- 在 Azure 中完成应用注册、client secret、API 权限和管理员同意
|
||||
- 在 PowerShell 中完成 Exchange Online service principal、邮箱和权限配置
|
||||
- 在 RustDesk 中填写 SMTP OAuth2 配置并发送测试邮件
|
||||
|
||||
### 1. 在 Azure 中配置
|
||||
|
||||
1. 登录 [Azure 门户](https://portal.azure.com)。
|
||||
1. 搜索并选择 **App registrations**。
|
||||
1. 在左侧菜单中选择 [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps),然后点击 **New registration**。
|
||||
|
||||
1. 创建应用注册。
|
||||
|
||||
|
||||
1. 记录 `Directory (tenant) ID` 和 `Application (client) ID`,稍后要填写到 RustDesk 中。
|
||||
|
||||
1. 打开 **Certificates & secrets**,创建一个新的 client secret。
|
||||
|
||||
1. 立即复制 client secret 的 `Value`。Microsoft 只显示一次该值。
|
||||
|
||||
1. 打开 **API permissions**,添加 Microsoft 365 Exchange Online 的 SMTP 应用权限。
|
||||
1. 选择 **Add a permission**。
|
||||
1. 选择 **APIs my organization uses**,搜索 **Office 365 Exchange Online**。
|
||||
1. 选择 **Application permissions**。
|
||||
1. 选择 **SMTP.SendAsApp** 并保存更改。
|
||||
|
||||
|
||||
|
||||
1. 为刚刚添加的权限授予管理员同意。
|
||||
|
||||
|
||||
### 2. 在 PowerShell 中配置
|
||||
|
||||
这一部分连接 Exchange Online,创建 service principal,准备发信邮箱并授予权限。
|
||||
|
||||
1. 以本地管理员权限打开 PowerShell。
|
||||
|
||||
1. 安装 Exchange Online 模块,并使用租户管理员账号连接 Exchange Online。
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
如需指定管理员账号,也可以使用:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. 在 Microsoft Entra 的 **Enterprise applications** 中找到该应用,记录它的 `Object ID`。后面创建 Exchange Online service principal 时会用到这个值。
|
||||
|
||||
{{% notice note %}}
|
||||
这里使用的 `OBJECT_ID` 必须来自该应用在 **Enterprise applications** 中的 object ID,而不是 **App registrations** 概览页里的 object ID。
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. 运行以下命令,为该应用注册创建 Exchange Online service principal。Microsoft 官方文档将这一步称为 “Registration of a Microsoft Entra application's service principal in Exchange Online”。
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
如果 Exchange 连接成功但此命令仍失败,请检查当前管理员账号是否有权限管理 Exchange Online 的 service principal。
|
||||
|
||||
|
||||
1. 确认 Exchange 已创建该 service principal,并记录它的 `Identity` 值,后面会用到。
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
后面两个权限命令中的 `<SERVICE_PRINCIPAL_ID>`,就使用这里返回的 `Identity` 值。
|
||||
|
||||
1. 如果发信邮箱还不存在,可以先创建一个 shared mailbox,例如:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
如果你已经有现成的发信邮箱,可以跳过这一步。
|
||||
|
||||
|
||||
1. 检查租户和发信邮箱是否启用了 `Authenticated SMTP`。
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
如果这一项没有启用,测试邮件时可能遇到以下错误:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
对邮箱级设置,可按需执行:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
如果租户级返回 `True`,再根据组织策略决定是否执行:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
如果上面的租户级和邮箱级设置看起来都正确,但仍持续出现同一个 `535 5.7.139` 错误,也请检查租户是否启用了 Microsoft Entra `Security defaults`。Microsoft Learn 明确说明,启用 `Security defaults` 时,Exchange Online 中的 SMTP AUTH 会被禁用。
|
||||
|
||||
命令详情可参考 Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission)。
|
||||
|
||||
1. 为 RustDesk 将要用来发信的邮箱授予该 Exchange service principal `FullAccess` 权限。
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
这里请使用你计划在 RustDesk 的 `Mail Account` 中填写的邮箱。
|
||||
|
||||
如果这个命令返回类似错误:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
通常表示 `-Identity` 指定的值没有在 Exchange Online 中解析到实际邮箱对象。
|
||||
|
||||
先确认该邮箱是否真实存在于 Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
如果查询不到结果,请先创建或确认这个邮箱。对于 `no-reply` 一类发信地址,可以创建 shared mailbox,例如:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
如果邮箱已经存在,请确认你在 `Add-MailboxPermission -Identity ...` 中使用的是该邮箱的实际地址、别名或其他可解析的 mailbox identity。
|
||||
|
||||
|
||||
1. 再授予同一个 service principal `SendAs` 权限。
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
这一步同样是 Microsoft 官方 app-only SMTP 配置的一部分。
|
||||
|
||||
### 3. 在 RustDesk 中配置
|
||||
|
||||
到这一步,你应已经准备好:
|
||||
|
||||
- 准备用于 `From` 的发件人地址
|
||||
- 准备用于 `Mail Account` 的邮箱地址
|
||||
- `Directory (tenant) ID`
|
||||
- `Application (client) ID`
|
||||
- client secret 的 `Value`
|
||||
- 一个已确认存在且已对 `Mail Account` 所用邮箱授予 `FullAccess` 和 `SendAs` 的 Exchange Online service principal
|
||||
|
||||
RustDesk 不需要填写 Exchange service principal 的 `Identity`,但在测试发信前,上述权限步骤必须已经完成。
|
||||
|
||||
1. 在 RustDesk [Web 控制台](../../console/) 中,进入 **Settings** -> **SMTP**。
|
||||
1. 启用 OAuth2,并选择 **Microsoft 365** 作为提供商。
|
||||
1. 填写以下字段:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. 点击 **Check** 保存配置并发送测试邮件。
|
||||
|
||||
|
||||
|
||||
如果测试邮件仍失败,请回到上面的 PowerShell 部分,重新检查 Exchange Online service principal、`Authenticated SMTP` 设置,以及 `Mail Account` 对应邮箱的权限配置。
|
||||
|
||||
## 参考
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth)。用于 Exchange Online 应用权限和 service principal 相关步骤。
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission)。用于检查和启用 `Authenticated SMTP`。
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes)。用于创建 shared mailbox。
|
||||
@@ -0,0 +1,223 @@
|
||||
---
|
||||
title: Microsoft 365
|
||||
weight: 16
|
||||
description: "在 RustDesk Server Pro 中設定 SMTP OAuth2(Microsoft 365),透過 Exchange Online 傳送郵件。"
|
||||
keywords: ["rustdesk smtp oauth2", "rustdesk smtp microsoft 365", "rustdesk smtp m365", "rustdesk smtp oauth2 microsoft 365", "rustdesk smtp oauth2 m365", "rustdesk server pro smtp oauth2", "rustdesk server pro microsoft 365", "rustdesk server pro m365", "rustdesk server pro smtp oauth2 microsoft 365", "rustdesk server pro smtp oauth2 m365"]
|
||||
---
|
||||
|
||||
使用本指南為 RustDesk Server Pro 設定透過 Microsoft 365 Exchange Online 傳送 OAuth2 郵件。
|
||||
|
||||
此設定適用於邀請郵件、登入驗證郵件和連線警報通知。
|
||||
|
||||
一般 SMTP 設定可參考 [SMTP](../)。
|
||||
|
||||
## RustDesk Pro 中要填哪些值?
|
||||
|
||||
| RustDesk Pro 欄位 | 填寫內容 |
|
||||
| --- | --- |
|
||||
| From | 外寄郵件中顯示的寄件者位址。 |
|
||||
| Mail Account | RustDesk 用作 XOAUTH2 SMTP 使用者名稱的信箱位址。 |
|
||||
| OAuth2 Tenant ID | 應用程式總覽中的 `Directory (tenant) ID` |
|
||||
| OAuth2 Client ID | 應用程式總覽中的 `Application (client) ID` |
|
||||
| OAuth2 Client secret | `Certificates & secrets` 中建立的 secret `Value` |
|
||||
|
||||
下圖可幫助你直接對應 RustDesk 中這些欄位的位置:
|
||||
|
||||
|
||||
## 設定
|
||||
|
||||
開始這項設定前,請先確認你已具備:
|
||||
|
||||
- RustDesk Server Pro `1.8.1` 或更高版本
|
||||
- 一個現有的,或準備建立用於傳送郵件的 Microsoft 365 信箱,例如 `no-reply@contoso.com`
|
||||
- 一個可在 Microsoft Entra 中授與管理員同意,並管理 Exchange Online service principal 的 Microsoft 365 管理員帳號
|
||||
|
||||
本設定分為三個部分:
|
||||
|
||||
- 在 Azure 中完成應用程式註冊、client secret、API 權限和管理員同意
|
||||
- 在 PowerShell 中完成 Exchange Online service principal、信箱和權限設定
|
||||
- 在 RustDesk 中填寫 SMTP OAuth2 設定並傳送測試郵件
|
||||
|
||||
### 1. 在 Azure 中設定
|
||||
|
||||
1. 登入 [Azure 入口網站](https://portal.azure.com)。
|
||||
1. 搜尋並選擇 **App registrations**。
|
||||
1. 在左側選單中選擇 [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps),然後點擊 **New registration**。
|
||||
|
||||
1. 建立應用程式註冊。
|
||||
|
||||
|
||||
1. 記錄 `Directory (tenant) ID` 和 `Application (client) ID`,稍後要填入 RustDesk。
|
||||
|
||||
1. 開啟 **Certificates & secrets**,建立新的 client secret。
|
||||
|
||||
1. 立即複製 client secret 的 `Value`。Microsoft 只會顯示一次。
|
||||
|
||||
1. 開啟 **API permissions**,新增 Microsoft 365 Exchange Online 的 SMTP 應用程式權限。
|
||||
1. 選擇 **Add a permission**。
|
||||
1. 選擇 **APIs my organization uses**,搜尋 **Office 365 Exchange Online**。
|
||||
1. 選擇 **Application permissions**。
|
||||
1. 選擇 **SMTP.SendAsApp** 並儲存變更。
|
||||
|
||||
|
||||
|
||||
1. 為剛剛新增的權限授與管理員同意。
|
||||
|
||||
|
||||
|
||||
### 2. 在 PowerShell 中設定
|
||||
|
||||
這一部分連線 Exchange Online,建立 service principal,準備寄信用信箱並授與權限。
|
||||
|
||||
1. 以本機管理員權限開啟 PowerShell。
|
||||
|
||||
1. 安裝 Exchange Online 模組,並使用租戶管理員帳號連線。
|
||||
|
||||
```powershell
|
||||
Install-Module -Name ExchangeOnlineManagement
|
||||
Import-Module ExchangeOnlineManagement
|
||||
Connect-ExchangeOnline
|
||||
```
|
||||
|
||||
如需指定管理員帳號,也可以使用:
|
||||
|
||||
```powershell
|
||||
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
|
||||
```
|
||||
|
||||
1. 在 Microsoft Entra 的 **Enterprise applications** 中找到該應用程式,記錄它的 `Object ID`。後面建立 Exchange Online service principal 時會用到這個值。
|
||||
|
||||
{{% notice note %}}
|
||||
這裡使用的 `OBJECT_ID` 必須來自 **Enterprise applications**,而不是 **App registrations** 總覽頁中的 object ID。
|
||||
{{% /notice %}}
|
||||
|
||||
|
||||
|
||||
1. 執行以下命令,為該應用程式註冊建立 Exchange Online service principal。Microsoft 官方文件將這一步稱為「Registration of a Microsoft Entra application's service principal in Exchange Online」。
|
||||
|
||||
```powershell
|
||||
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
|
||||
```
|
||||
|
||||
如果 Exchange 連線成功但這個命令仍失敗,請檢查目前管理員帳號是否有權限管理 Exchange Online 的 service principal。
|
||||
|
||||
|
||||
1. 確認 Exchange 已建立該 service principal,並記錄它的 `Identity` 值,後面會用到。
|
||||
|
||||
```powershell
|
||||
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
|
||||
```
|
||||
|
||||
後面兩個權限命令中的 `<SERVICE_PRINCIPAL_ID>`,就使用這裡回傳的 `Identity` 值。
|
||||
|
||||
1. 如果寄信用信箱還不存在,可以先建立一個 shared mailbox,例如:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
|
||||
```
|
||||
|
||||
如果你已經有現成的寄信用信箱,可以跳過這一步。
|
||||
|
||||
|
||||
1. 檢查租戶和寄信用信箱是否已啟用 `Authenticated SMTP`。
|
||||
|
||||
```powershell
|
||||
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
|
||||
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
|
||||
```
|
||||
|
||||
如果沒有啟用,測試郵件時可能遇到以下錯誤:
|
||||
|
||||
```text
|
||||
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
|
||||
```
|
||||
|
||||
對信箱層級設定,可按需執行:
|
||||
|
||||
```powershell
|
||||
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
如果租戶層級回傳 `True`,再依組織政策決定是否執行:
|
||||
|
||||
```powershell
|
||||
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
|
||||
```
|
||||
|
||||
如果上面的租戶層級和信箱層級設定看起來都正確,但仍持續出現同一個 `535 5.7.139` 錯誤,也請檢查租戶是否啟用了 Microsoft Entra `Security defaults`。Microsoft Learn 明確說明,啟用 `Security defaults` 時,Exchange Online 中的 SMTP AUTH 會被停用。
|
||||
|
||||
命令詳情可參考 Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission)。
|
||||
|
||||
1. 為 RustDesk 將要用來寄信的信箱授予該 Exchange service principal `FullAccess` 權限。
|
||||
|
||||
```powershell
|
||||
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
|
||||
```
|
||||
|
||||
這裡請使用你準備在 RustDesk 的 `Mail Account` 中填寫的信箱。
|
||||
|
||||
如果這個命令回傳類似錯誤:
|
||||
|
||||
```text
|
||||
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
|
||||
```
|
||||
|
||||
通常表示 `-Identity` 指定的值沒有在 Exchange Online 中解析到實際信箱物件。
|
||||
|
||||
先確認該信箱是否真的存在於 Exchange Online:
|
||||
|
||||
```powershell
|
||||
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
|
||||
```
|
||||
|
||||
如果查不到結果,請先建立或確認這個信箱。對於 `no-reply` 這類寄件地址,可以建立 shared mailbox,例如:
|
||||
|
||||
```powershell
|
||||
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
|
||||
```
|
||||
|
||||
如果信箱已經存在,請確認你在 `Add-MailboxPermission -Identity ...` 中使用的是該信箱的實際地址、別名,或其他可解析的 mailbox identity。
|
||||
|
||||
|
||||
1. 再授予同一個 service principal `SendAs` 權限。
|
||||
|
||||
```powershell
|
||||
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
|
||||
```
|
||||
|
||||
這一步同樣是 Microsoft 官方 app-only SMTP 設定的一部分。
|
||||
|
||||
### 3. 在 RustDesk 中設定
|
||||
|
||||
到這一步,你應已經準備好:
|
||||
|
||||
- 準備用於 `From` 的寄件者地址
|
||||
- 準備用於 `Mail Account` 的信箱地址
|
||||
- `Directory (tenant) ID`
|
||||
- `Application (client) ID`
|
||||
- client secret 的 `Value`
|
||||
- 一個已確認存在且已對 `Mail Account` 所用信箱授予 `FullAccess` 和 `SendAs` 的 Exchange Online service principal
|
||||
|
||||
RustDesk 不需要填寫 Exchange service principal 的 `Identity`,但在測試寄信前,上述權限步驟必須已經完成。
|
||||
|
||||
1. 在 RustDesk [Web 控制台](../../console/) 中,進入 **Settings** -> **SMTP**。
|
||||
1. 啟用 OAuth2,並選擇 **Microsoft 365** 作為提供者。
|
||||
1. 填寫以下欄位:
|
||||
|
||||
- `From`
|
||||
- `Mail Account`
|
||||
- `OAuth2 Tenant ID`
|
||||
- `OAuth2 Client ID`
|
||||
- `OAuth2 Client secret`
|
||||
|
||||
1. 點擊 **Check** 儲存設定並傳送測試郵件。
|
||||
|
||||
|
||||
|
||||
如果測試郵件仍然失敗,請回到上面的 PowerShell 部分,重新檢查 Exchange Online service principal、`Authenticated SMTP` 設定,以及 `Mail Account` 對應信箱的權限設定。
|
||||
|
||||
## 參考資料
|
||||
|
||||
- Microsoft Learn: [Authenticate an IMAP, POP or SMTP connection using OAuth](https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth)。用於 Exchange Online 應用程式權限和 service principal 相關步驟。
|
||||
- Microsoft Learn: [Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online](https://learn.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission)。用於檢查和啟用 `Authenticated SMTP`。
|
||||
- Microsoft Learn: [Create shared mailboxes in the Exchange admin center](https://learn.microsoft.com/en-us/exchange/collaboration/shared-mailboxes/create-shared-mailboxes)。用於建立 shared mailbox。
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 256 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 275 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 211 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 253 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 14 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 16 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 43 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 92 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 130 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 123 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 113 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 283 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 175 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 203 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 199 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 207 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 247 KiB |
@@ -21,4 +21,6 @@ SMTP wird in RustDesk Server Pro für ausgehende E-Mails verwendet, etwa für Ve
|
||||
|
||||
Die SMTP-Einrichtung ermöglicht es Ihrem Server, E-Mail-Benachrichtigungen zu senden, wie z.B. Benutzereinladungen, Anmeldeverifizierungen und Verbindungsalarme.
|
||||
|
||||
[Video Tutorial](https://youtu.be/0LyQY1JS4Uc)
|
||||
Für die Microsoft-365-OAuth2-Einrichtung siehe [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Video Tutorial](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -27,4 +27,6 @@ SMTP is used for outgoing email from your RustDesk Server Pro deployment. In pra
|
||||
- Whether the `From` address is allowed by your mail provider
|
||||
- Whether TLS and the selected SMTP port match your mail provider requirements
|
||||
|
||||
For Microsoft 365 OAuth2 setup, see [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Video Tutorial](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP se usa en RustDesk Server Pro para el correo saliente, incluidos códigos d
|
||||
|
||||
La configuración SMTP permite que su servidor envíe notificaciones por correo electrónico, como invitaciones de usuarios, verificaciones de inicio de sesión y alarmas de conexión.
|
||||
|
||||
[Tutorial en Video](https://youtu.be/0LyQY1JS4Uc)
|
||||
Para configurar Microsoft 365 con OAuth2, consulte [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Tutorial en Video](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP sert dans RustDesk Server Pro pour les e-mails sortants, notamment les code
|
||||
|
||||
La configuration SMTP permet à votre serveur d'envoyer des notifications par email, telles que les invitations d'utilisateurs, les vérifications de connexion et les alarmes de connexion.
|
||||
|
||||
[Tutoriel Vidéo](https://youtu.be/0LyQY1JS4Uc)
|
||||
Pour configurer Microsoft 365 avec OAuth2, consultez [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Tutoriel Vidéo](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP viene usato in RustDesk Server Pro per le email in uscita, inclusi codici d
|
||||
|
||||
La configurazione SMTP consente al tuo server di inviare notifiche email, come inviti utente, verifiche di accesso e allarmi di connessione.
|
||||
|
||||
[Tutorial Video](https://youtu.be/0LyQY1JS4Uc)
|
||||
Per configurare Microsoft 365 con OAuth2, consulta [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Tutorial Video](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP は RustDesk Server Pro の送信メールに使われ、確認コード、
|
||||
|
||||
SMTP設定により、サーバーはユーザー招待、ログイン認証、接続アラームなどのメール通知を送信できるようになります。
|
||||
|
||||
[ビデオチュートリアル](https://youtu.be/0LyQY1JS4Uc)
|
||||
Microsoft 365 を OAuth2 で設定する場合は、[Microsoft 365](Microsoft 365/) を参照してください。
|
||||
|
||||
[ビデオチュートリアル](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -19,6 +19,8 @@ SMTP jest używany w RustDesk Server Pro do poczty wychodzącej, w tym kodów we
|
||||
|
||||
<!-- GEO-LOCALIZED-INTRO:END -->
|
||||
|
||||
Konfiguracja SMTP umożliwia twojemu serwerowi wysyłanie powiadomień e-mail, takich jak zaproszenia użytkowników, weryfikacje logowania oraz alarmy połączeń.
|
||||
Konfiguracja SMTP umożliwia twojemu serwerowi wysyłanie powiadomień e-mail, takich jak zaproszenia użytkowników, weryfikacje logowania oraz alarmy połączeń.
|
||||
|
||||
[Instrukcja wideo](https://youtu.be/0LyQY1JS4Uc)
|
||||
Aby skonfigurować Microsoft 365 z OAuth2, zobacz [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Instrukcja wideo](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP é usado no RustDesk Server Pro para email de saída, incluindo códigos de
|
||||
|
||||
A configuração SMTP permite que seu servidor envie notificações por email, como convites de usuários, verificações de login e alarmes de conexão.
|
||||
|
||||
[Tutorial em Vídeo](https://youtu.be/0LyQY1JS4Uc)
|
||||
Para configurar o Microsoft 365 com OAuth2, consulte [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Tutorial em Vídeo](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP este folosit în RustDesk Server Pro pentru emailul de ieșire, inclusiv co
|
||||
|
||||
Configurarea SMTP permite serverului dvs. să trimită notificări prin e‑mail, cum ar fi invitații pentru utilizatori, verificări la autentificare și alerte de conexiune.
|
||||
|
||||
[Tutorial video](https://youtu.be/0LyQY1JS4Uc)
|
||||
Pentru configurarea Microsoft 365 cu OAuth2, consultați [Microsoft 365](Microsoft 365/).
|
||||
|
||||
[Tutorial video](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP 在 RustDesk Server Pro 中用于发送外发邮件,包括验证码、通
|
||||
|
||||
SMTP设置使您的服务器能够发送电子邮件通知,例如用户邀请、登录验证和连接警报。
|
||||
|
||||
[视频教程](https://youtu.be/0LyQY1JS4Uc)
|
||||
如需配置 Microsoft 365 OAuth2,请参见 [Microsoft 365](Microsoft 365/)。
|
||||
|
||||
[视频教程](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
@@ -21,4 +21,6 @@ SMTP 在 RustDesk Server Pro 中用於寄送外發郵件,包括驗證碼、通
|
||||
|
||||
SMTP設定使您的伺服器能夠發送電子郵件通知,例如使用者邀請、登入驗證和連線警報。
|
||||
|
||||
[影片教學](https://youtu.be/0LyQY1JS4Uc)
|
||||
如需設定 Microsoft 365 OAuth2,請參見 [Microsoft 365](Microsoft 365/)。
|
||||
|
||||
[影片教學](https://youtu.be/0LyQY1JS4Uc)
|
||||
|
||||
Reference in New Issue
Block a user