You’re offline. This is a read only version of the page.
We're using Dynamics GP 2016 and have Office 365 MFA enabled. We can't authenticate inside of GP to send email for any user with MFA enabled. We read that using an App Password works, but that we'll need to key it in each time a new GP session is started. That doesn't work because people will write it down which negates the security. How can we get around this? Is there an update to GP that allows it to save the Mail password across sessions? Is there an update that allows it to work with Modern Authentication/MFA? It seems like a big security issue that we can't enable MFA (an have it be user friendly) for users that arguably need it the most.
Thoughts?
*This post is locked for comments
I also wanted to add this blog that we just released. It is everything we've found to work and not work with O365 credentials when emailing in Dynamics GP as well as some ways to get information that is meaningful in troubleshooting why it doesn't work.
The blog is here:
community.dynamics.com/.../exchange-online-o365-emailing-inside-dynamics-gp
Thanks
Hi
I hadn't been able to get it working, but now do have it working in GP2016, GP2018. GP2015 is accepting my login but I didn't successfully send anything - but I think it is my template and I don't have time to troubleshoot that at the minute.
I used information on this post to update table DYNAMICS..SY04920 as per the screen shot: www.crestwood.com/.../dynamics-gp-exchange-email-not-working-moving-office-365
Then with Exchange set as the option, I logged into the Exchange prompt with my email address and machine password (not network password). This then seemed to work fine.
I did also update my laptop to the latest Windows update, but I can't say whether that was a factor or not.
This might help someone.
Cheers
Heather
Correct. With MFA, we haven't determined yet why some work and some do not work, when attempting to email through Dynamics GP using O365 credentials. Part of it is Dynamics GP is not designed to use an APP password, plus we've also seen where the passwords are over 15 characters, which is an issue until later versions of Dynamics GP 2018.
We plan on doing more testing with MFA and Dynamics GP as we have more customers moving to O365 email accounts, but currently the only thing we know for sure about O365 and Dynamics GP is that O365 now has 'modern' authentication enabled by default and Dynamics GP also requires a 'basic' authentication to also be enabled for the O365 accounts. If it is not, the email functionality in GP normally will not work until 'basic' authentication is enabled.
For MFA, however, we've seen it work and not work for different customers as well as our own testing, so we're wanting to do more thorough testing to try and determine exactly what the underlying difference is, so we can let customers know as well.
Thank you
Hi
I can confirm that the version of GP is irrelevant - I am having the same issues on my stand-alone install on my laptop and I have 2015, 2016 and 2018 all running - same issue in each one.
Cheers
Heather
I don't know that Dynamics GP 2018 R2 will have any change with the Exchange Log On prompting for credentials with MFA turned on or off, but you can definitely test again once you get on that version.
That being said, there wasn't/isn't anything that was added into GP 2018 R2 that made a change of any kind that would more readily accept exchange credentials for O365 accounts with or without MFA being enabled.
We've seen O365 accounts work with and without MFA being enabled, but haven't done any testing as to what the underlying difference is.
We do know that as O365 now uses 'modern' authentication, if the basic/legacy authentication is disabled, O365 accounts tend not to work.
Unfortunately, we don't have much more than this right now, hopefully we'll get more complete testing done in the near future, as more and more customers are making their way onto O365.
Thank you
Derek,
Rather than disabling MFA for my account, I configured an exclusion for the IP address of our GP client. Doing that allows me to enter my normal network password in the "Exchange Log On" box and get past that prompt. IT definitely seems like it's an MFA related issue. I need to remove that setting for now, but will explore adding it back more permanently. We plan to upgrade to GP 2018 R2 in a few weeks. Do you think that may help?
Thanks.
To verify, if you disable MFA, can the users then login to the Exchange Log On window and get through successfully, or do they continually get prompted for their credentials?
If continually prompted for credentials, even with MFA disabled, if you look in the SY04920 table, do you see a record for the GP login, email address being entered into the Exchange Log On window and failing, as well as the Exchange_Server_URL value of 'outlook.office365.com/.../Exchange.asmx&;?
If not, try inserting a record using this example script, replacing with the actual information, and insert a record in the SY04920 table, before having that GP user login and test emails again:
Insert SY04920
Values ('JohnDoe', 'JohnDoe@Outlook.com', 'outlook.office365.com/.../Exchange.asmx&;)
Another test we use, if the user enters a non-O365 email credentials into the Exchange Log On window, does it then go through, or do they still get prompted over and over for credentials, even though the SY04920 table record exists?
Let's see what this shows us and go from there...…
Thank you
Derek,
It's at that "Exchange Log On" screen that we're failing. Office 365 ProPlus Outlook is installed and working in the windows profile without any issues. But when we do anything with Email inside of GP, we get the "Exchange Log On" box, enter in our email address and password, and get a failure notification. That only works with an App Password and has to be re-keyed every session. If we disable MFA, they can authenticate using their normal password.
Regarding Modern authentication, are you referring to the EnableADAL setting in the Office section of the registry for each user? We have some experience with setting that to 0 to get around some issues. But when we did that, it required an app password. So we may be right back to where we are now.
Let me know if you have any other thoughts.
Thanks,
Alex.
Hello Alex,
Dynamics GP has not been tested with multi-factor authentication 'officially', so there is no update that allows GP to work with MFA or anything like that.
That being said, as we're seeing more and more customers using O365 accounts with emailing in Dynamics GP, as well as for the SMTP account and setup for the Workflow functionality in Dynamics GP, we've done some testing on our team, myself included, and we've actually gotten email in Dynamics GP to work fine with MFA enabled and disabled. This includes using the O365 account and SMTP server information to send out workflows.
From what we've seen, Dynamics GP does not prompt the users to authenticate, it just treats it like a regular Exchange account and only requires they enter their email address and password in the Exchange Login window once per session, if using EXCHANGE via System Preferences, and that will allow the emailing to continue.
That being said, if your O365 accounts are not able to email with MFA enabled, if you change the users to not have MFA enabled, then they log back into Dynamics GP, does the email then begin working?
I ask because, while we haven't been able to do conclusive tests as of yet, we're actually seeing bigger issues when the O365 accounts are setup to use 'modern' authentication and not 'basic' or 'legacy' authentication. In fact, we've seen cases where the GP email stopped working when switching O365 users to 'modern' authentication and then it begins working when changing back to the 'legacy' authentication.
Right now we're still testing Dynamics GP with O365 email accounts with both 'modern' and 'legacy' authentication, as well as MFA, to get more conclusive results so we can have GP Development do any updates or fixes we need for the use of O365, because obviously more and more customers are headed in that direction, so we want to be able to accommodate that functionality within Dynamics GP.
However, I would also recommend looking at the following blog if you haven't already done so. It isn't O365 specific, but it is regarding EXCHANGE email functionality in Dynamics GP and some troubleshooting information:
community.dynamics.com/.../exchange-emailing-inside-dynamics-gp
This is also most likely where any updates to Exchange email in Dynamics GP will be added, so we have all the information in one place.
Please let me know if you have any questions.
Thank you,
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
#1
André Arnaud de Cal...
291,253
Super User 2024 Season 2
#2
Martin Dráb
230,188
Most Valuable Professional
#3
nmaenpaa
101,156
Share
Report
All responses (
Answers (