Problem:


Outlook redoes the negotiation each time I open outlook with spamreporter for my credentials instead of remembering each session.


Reason:


Clients (especially MSPs) are starting to harden Office365 tenants by enforcing strict client policies that only allow certain types of clients to access EWS (Exchange Web Services).  Exchange Web Services (EWS) is an API that enables client applications to communicate with exchange online.  


Solution:


The spamreporter plugin needs to have permission to access EWS.


You can tell if a tenant is hardened using powershell with an O365 organisation admin account.


1)    Open command prompt in administrator

2)    Type Powershell and <enter>

3)    Set-ExecutionPolicy -RemoteSigned

4)    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

5)    install-module -name exchangeonlinemanagement  (if you get a warning, choose Y)

6)    Import-Module ExchangeOnlineManagement

7)    Connect-ExchangeOnline

8)    Get-OrganizationConfig | Format-List Ews*

9)    You should see the following:


 


10)    Get-CASMailbox the+mailbox+to+check@yourdomain.com| Format-List Ews*




This is what an unhardened mailbox looks like (above)


We had a client that implemented hardening.  This is what it looked like:



As you can see, the EWSAllowList required specific applications that could access EWS for this tenant.


To add spamreporter to the EwsAllowList:


Set-OrganizationConfig -EwsAllowList @{add="SpamReporter"}