Does ServiceDesk Support Modern Authentication?

book

Article ID: 206739

calendar_today

Updated On:

Products

ServiceDesk

Issue/Introduction

Customers are currently using an Exchange Online mailbox for Workflow's project capability to help ServiceDesk perform regular email monitoring using IMAP or POP.
Microsoft is planning to remove basic authentication for POP and IMAP for Exchange Online in October of 2020. 

https://support.microsoft.com/en-ie/help/4521831/exchange-online-deprecating- basic-auth

https://techcommunity.microsoft.com/t5/exchange-team-blog/upcoming-changes-to-exchange-web-services-ews-api-for-office-365/ba-p/608055

https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-auth-and-exchange-online-february-2020-update/ba-p/1191282

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163

We use the built-in Email Monitor workflow to monitor an Exchange Online mailbox and process incoming emails into ServiceDesk incidents. Microsoft has announced the deprecation of basic authentication and will soon require modern authentication. Modern authentication does not appear to work since the sign-in logs show that Email Monitor is using basic authentication. 

You may see a similar error if those Microsoft changes were implemented in your environment:

The critical error failed execution on component Send Email: Error in processing. the server response was: 5.7.3 STARTTLS is required to send mail.


 

Do you know if we support Modern Authentication for ServiceDesk and Workflow Solutions?

Cause

The following changes were done to accommodate this requirement:

The client backing the Workflow Email component library was updated in a WF 8.1 RU7 pointfix. The new components became widely available in WF 8.5. The old email components remain available for to prevent breaking older projects, but the authentication mechanisms for said components are outdated. The new components (all suffixed with " New") support recent authentication standards including TLS 1.2.

 

As this relates to ServiceDesk, the SD.Email.Monitor project was updated with the newer email components which will effectively enable the requested authentication standards.
SD.Email.Monitor has been updated to include the new ASPOSE-backed email components which will support current authentication standards.

 

Within the Workflow code base, changes were made to Symantec.Workflow.RulesEngine.NotificationController which uses System.Net.Mail.SmtpClient. 
The Workflow source code was also updated to disable insecure protocols and enable TLS 1.2 support for Rules Engine generated emails.

Environment

ServiceDesk 8.5 RU4

Resolution

With ServiceDesk 8.5 RU4 release, Support for modern authentication was introduced in this version:

Support for TLS 1.2. Email Monitor project was updated to the newest Workflow email components, enabling authentication support for TLS 1.2.
TLS 1.2 support was also added to the Workflow Rules Engine.


You can see the SD Release Notes here mentioning TLS 1.2 support:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/ITMS/Release-Notes/ServiceDesk-85-RU4-Release-Notes/what-s-new-in-servicedesk-v117615574-d843e87830.html

 

Note that the customer may need to switch to the new email components (suffixed with New) as modern authentication support was introduced there and old components left intact for backward compatibility.

Also, if you are just using WorkFlow 8.5 RU4 with no ServiceDesk implementation, there is a pointfix to be added for WF 8.5 RU4:
See our 8.5 RU4 Cumulative Pointfix KB 198337 (under "Pointfix request for enabling authentication support for TLS 1.2 on email components").

Attachments