0

Our service is connecting to https://outlook.office365.com using EWS on behalf of an @outlook.com user. We're getting status 403 and the header X-BackEndHttpStatus : 403.

What does it mean?

EWS connections seem to work for other @outlook.com users just fine.

Thank you.

Update Apr'19: What we see is that EWS for @Outlook.com accounts is refusing connections from Heroku/AWS IP addresses. Not sure why.

Alexey
  • 556
  • 1
  • 5
  • 18
  • Did you ever find out what was causing this? We are hitting the same problem – Matt Apr 16 '19 at 12:44
  • From our tests everything points at Microsoft/Outlook.com's blocking Heroku/AWS IP addresses. Whenever we connect from other clouds to the same accounts the connections succeed. I wish someone from Microsoft explained what is going on. – Alexey Apr 16 '19 at 21:07

1 Answers1

0

According to my search, do you have a Authentication with your EWS application.

You could make a authentication with the below link:

Authenticate an EWS application by using OAuth

EWS must have the "Full access to user's mailbox" permission.

If your Outlook account has multi-factor authentication, please refer to this link:

Set up multi-factor authentication for Office 365 users

Alina Li
  • 884
  • 1
  • 6
  • 5
  • We connect with BASIC right now (username+password). And after a bunch of tests it looks like Office 365 is blocking connections from Heroku IP addresses for this specific user as the same connections from our other dev. environments work just fine. How is this possible? Are there settings in @outlook.com that could enabled IP blocking? – Alexey Oct 24 '18 at 19:31
  • As I said, Is it possible that the Outlook account has multi-factor authentication. You could check this link: https://support.office.com/en-us/article/set-up-multi-factor-authentication-for-office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6 – Alina Li Oct 25 '18 at 05:48
  • Then we would not be able to connect from other locations either, right? But we do connect fine from our dev. environments. – Alexey Oct 26 '18 at 07:53
  • Yes, you can't use Basic Authentication connection to Office 365 if you use multi-factor authentication. – Alina Li Oct 26 '18 at 08:29
  • I understand that but I am saying that it's WORKING when connecting from non Heroku/AWS servers. Do you know why? – Alexey Oct 26 '18 at 18:43
  • The user does not have MFA enabled. – Alexey Jan 31 '19 at 22:28
  • Hello, @Alexey, did you find a reason for such behavior? – onestep.ua Feb 28 '19 at 13:22
  • No, unfortunately not. This user can't use our app because of this. – Alexey Mar 01 '19 at 21:53
  • Now we're using Bearer with OAuth2 access token and still getting 403. Any ideas? – Alexey Apr 05 '19 at 19:53
  • 1
    I'll file a separate question. It seems EWS with OAuth2 simply is not enabled/available for Outlook.com users. – Alexey Apr 05 '19 at 20:54
  • 1
    I'm having the same issue with EWS (https://outlook.office365.com/EWS/Exchange.asmx). I'm getting a 403 error on AWS servers but get a valid response locally and also from a server I have on Digital Ocean. What's up with that?? Did anyone found out how to workaround this? – Chen Alon Jun 30 '19 at 09:02
  • 1
    Yep, not sure why my Q is downvoted when clearly there is some IP fire walling happening. We're gradually switching to Graph API with OAuth2 for Outlook.com users. EWS with OAuth2 is not enabled for Outlook.com accounts it seems and EWS with username/password is blocked from certain IPs (like Heroku/AWS). -A – Alexey Sep 25 '19 at 19:50
  • We've finally switched to using Graph API for the Outlook.com accounts so OAuth2 can be used. By the way, various connectivity modes (EWS vs. Graph vs. IMAP) are incorporated into our Unified API Aurinko https://docs.aurinko.io/category/7-quickstart-guides – Alexey Aug 28 '21 at 16:20
  • Correction to the url I posted in 2021: https://docs.aurinko.io/unified-mailbox-api/email-api – Alexey Aug 18 '23 at 13:29