MailStore 13.0 – Modern Authentication support for Office 365 and Google Gsuite

MailStore version 13.0 is now live and includes important new security features for archiving cloud services. This release focuses on the following features:

  • Improved usability of MailStore with cloud services
  • Support for Modern Authentication (Office 365 and Google Gsuite)
  • Increased security
  • Improved user experience

Why is the move to Modern Authentication so important?

MailStore currently utilises what Microsoft now term legacy authentication to both verify if MailStore users credentials match those within Office 365 and also to authenticate archive profiles when they run.  In some cases App Passwords are also used if a Microsoft account is configured to use Multi-Factor Authentication.

MailStore version 13 now fully supports Modern Authentication methods for users verification which uses OAuth 2.0. MailStore will request access tokens from Azure Active Directory rather than using username and password to connect. This also enables multi-factor authentication for all accounts and conditional access policies can be applied as well as other security features within Office 365.

To give some history on these changes, back in March 2018, Microsoft announced that it would require Modern Authentication for all Office 365 services including Exchange Online and that this would be enforced from October 2020.

Although the COVID pandemic looks to have delayed this deadline for existing tenants until the second half of 2020  this change is an important one and so we would strongly recommend that you plan to switch to using Modern Authentication in MailStore as soon as possible to prevent any service interruption. Our recommendation is to do so before October 2020.

Version 13 Release notes

For the Admin

OAuth2 & OpenID Connect: This feature offers much better integration of MailStore in the cloud environments of Microsoft 365 and Google G Suite. This improves the usability of MailStore in combination with these cloud services and increases security. The admin now benefits from a uniform login policy by using the settings of their Microsoft 365 or Google G Suite tenant also for MailStore Server, including
multi-factor authentication for example, without having to enable legacy authentication or less secure application access. The new two-step login process follows the login flow of modern web applications and MailStore does not need to handle passwords of remote users for authentication anymore.
(MailStore Server & SPE)

Dedicated Microsoft 365 profiles: With these new archiving and export profiles, admins benefit from a simplified profile configuration as well as from enhanced security and better Microsoft 365 integration through the support of modern OAuth2 authentication. (MailStore Server & SPE)

Improved management of network share settings: Admins benefit from a more comfortable and secure way to manage network share settings from within the MailStore Server Service Configuration tool, e.g. when using a NAS. (MailStore Server)

Group Policies: Since Group Policy templates are now bundled with MailStore Server and the SPE respectively, it is easier than ever before to configure Group Policies. In addition, they are now available in all languages which are supported by MailStore. (MailStore Server & SPE)

Removal of unencrypted connections: This release fully removes the support for establishing unencrypted connections to MailStore Server which have been marked as deprecated and warned about since V12. Therefore, in addition to new installations for which this has already been the default, admins can now be sure that also existing MailStore Server installations only accept encrypted connections to the archive which can be especially useful to admins that manage multiple installations (e.g. VARs).
(MailStore Server)

Unified handling of certificates: Certificate handling has been closer aligned to that of major web browsers, making it easier for admins to design and implement unified security and certificate policies that also affects all MailStore clients, i.e. MailStore Client, Outlook Add-in and Web Access. (MailStore Server & SPE)

Let’s Encrypt: To avoid port collisions (e.g. if MailStore Server runs along with other services on a computer or if there is a limited amount of external IP addresses), admins are now able to specify a port on which MailStore Server should listen for Let’s Encrypt validation requests. This makes using Let’s Encrypt certificates much easier. (MailStore Server)

MailStore Gateway: Now, administrators can immediately see how many messages exist in a MailStore Gateway mailbox. Moreover, non-empty mailboxes can be deleted with the new version. In addition, the port of the management web interface can be changed in case the default port is used by other applications or if the administrator wants to change it to the standard HTTPS port 443.

For the User

OpenID Connect: Users now get their familiar Microsoft 365 or Google G Suite login flow and can simply rely on their Microsoft 365 or Google G Suite credentials to log in to MailStore. By this, when accessing their archives, they can also benefit from the additional security features offered by these cloud services, for example, multi-factor authentication. (MailStore Server & SPE)

Removal of Mobile Web Access: Users who have previously used the Mobile Web Access benefit from a more modern and more secure responsive Web Access now. (MailStore Server & SPE)

Client-side improvements: Users benefit from several improvements in accessing and working with their archives. First of all, the loading time of the responsive Web Access has been significantly reduced. Various fixes as well as a major update of all web components have been applied for a much smoother browsing experience, especially on mobile devices. In addition, the responsive view on mobile devices is much better and offers more available reading space. Moreover, the new jump-to-folder feature makes it even easier to find emails which belong to the same project or public folder. The message list in the MailStore Client now also shows time information in addition to the date. (MailStore Server & SPE)

Removal of unencrypted connections: This release fully removes the support for establishing unencrypted connections to MailStore Server. Therefore, end users get fewer warnings when using any modern web browser to access the archive and also validate that their connection is safe through those browsers’ facilities (e.g. with the lock symbol in Chrome’s address bar) more easily. The latter is especially useful when using untrusted networks such as public WLANs. (MailStore Server)

Unified handling of certificates: Certificate handling has been closer aligned to that of major web browsers, making it easier for end-users to identify security policy violations across all MailStore clients, i.e. MailStore Client, Outlook Add-in and Web Access. (MailStore Server & SPE)

Existing customers can download MailStore version 13.0 here

Leave a Reply