Channels Microsoft Office365 Benifits over Email Channel - Review Behide NAT/Firewall - Zammad

Infos:

  • Used Zammad version: This is Zammad version 3.6.x
  • Operating system: Ubuntu 20.04
  • Browser + version: Firefox

Questions

  • Is there much different/benefit between Microsoft Office 365 Channel to Email Channel from the same service? (Office 365)

  • Does Microsoft Office 365 Channel callback URL require accessible to the public web?

More Details Below

Been reviewing Microsoft Office 365 channel and if it is beneficial over the normal Email Channel (IMAP + App Password, Etc).

I have been trying to set up a Microsoft Office 365 channel following your documentation, but I think I have hit some basic issues beacause of my own setup.

Zammad is behide NAT/Firewall with Local DNS entries for Zammad.example.com.(hidden real domain)

I then VPN (wireguard) into network/server to access Zammad.

The main issue I think I am having is that you got to have the callback URL accessible to the public web? (might be wrong, I do not deal with API type setups much)

image

Is there much difference/benefit between Microsoft Office 365 Channel to Email Channel from the same service? (Office 365)

If it is beneficial enough then I have to set up a reverse proxy to try to solve the problem. (I understand this out of scope of the project)

If it is not that beneficial then I just use IMAP+App Password setup with Office 365 and review it again later when forced by Microsoft to review other methods. As I like the idea of just relying on a VPN to get access to my projects/systems.

I am happy to provide any additional information that might be required.

Thanks for taking the time to read this post

Kind Regards,
Paul

Stay Safe

1 Like

Just some additional notes on my research: (just encase anyone else asking same question)

On my research since this post I am now pretty sure it does require public access of some kind.

In my setup it would have to be reverse proxy.

I am still not sure about the Office 365 Channel and Email Channel differences, but I think it just a different method of getting information into Zammad.

So at the moment I am just going to be using IMAP with App password for my Office 365 account and hiding everything behide a VPN.

Bigger email providers are starting to try and move clients away from using IMAP/POP to protocols that can support 2FA like features. (Just worth thinking about on future plans/setups)

Any additional input is much appreciated / Hope this forum post also helps other people with similar questions.

Callback URLs are relevant to your browser not Microsoft.
So no, your Callback URL must not be available to Microsoft directly, as long as it is to the Browser that needs the Callback URL.

This is why you technically can also use “localhost” within an Callback URL.
The bigger benefit of Microsoft 365 channel over the email channel for microsoft users is very simple:
It’s future prove.

Why you may ask? Because Microsoft is going to disable basic authentication which will draw your email channel with an microsoft email account no longer being usable.


Zammad will always have to be able to contact the mail server in question, no matter if microsoft 365 or email channel. In the end both channels technically behave the same apart from the authentication mechanisms and attached mechanisms to keep login credentials “current”.