Document toolboxDocument toolbox

(en) IMAP/POP3 access via OAuth2

Owned by Martin Hochreiter
Sept 27, 2022
2 min read

From 01.10.2022, Microsoft will require that mails which are retrieved via Imap or Pop3 can no longer be authenticated via username & password, but that a so-called "Modern Authentication" is necessary.

Note: This is about the method you use to retrieve mails from your FH mailbox. e.g:

  • PC, Mac, Ipad, Android smartphone or IPhone
  • and what programm/app is used - e.g. Apple Mail, Mozilla Thunderbird, Gmail, Microsoft Outlook

and how these programmes/apps access the mailbox. There are several very common variants that you had to choose when setting up a new mailbox:

  • Imap4
  • Pop3
  • ActiveSync
  • Exchange/Office365 protocol

Primarily Imap4, Pop3 and Active Sync are affected by the new type of login. An indication of whether 
your mail programme uses Imap4 or Pop3 is often given by whether the FH calendar is displayed in the mail programme and/or you can
can search in the FH address book. If this is not the case, Imap4 or Pop3 is usually in use.

Microsoft's recommendation is, of course, to use Exchange's own protocol if the mail client supports it.

Mail clients such as Thunderbird provide a different login process, the OAuth2 standard.

Step-by-step

  1. Check wether your mail client already supports the Exchange protocol.

    (Here as an example of an IPhone, which in the current IOS version supports Exchange directly)

    CAVEAT: If the account was set up on older IOS versions, it must be set up again to use the Exchange protocoll.

  2. Check if your mail client supports OAuth2 and configure it accordingly.


(General recommendation: Activate Two Factor Authentication (MFA) as additional security measure.
For configuring MFA, please address an E-Mail to support@fhstp.ac.at so the support team can activiate MFA for your User.
Afterwards, during the next logon you will be guided through the configuration: setup MFA)


To set up OAuth2, Imap/Pop3 and SMTP must be configured accordingly.
Here using Mozilla Thunderbird as an example::

After the configuration, the user name and password are requested once via "Modern Authentication"
and if activated as recommended, this would be verified by means of two-factor authentication.