Does ServiceDesk Support Modern Authentication?
Article ID: 206739
Updated On:
Products
Issue/Introduction
Customers are currently using an Exchange Online mailbox for Workflow's project capability to help ServiceDesk perform regular email monitoring using IMAP or POP.
Microsoft is planning to remove basic authentication for POP and IMAP for Exchange Online in October of 2020.
https://support.microsoft.com/en-ie/help/4521831/exchange-online-deprecating- basic-auth
https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892
We use the built-in Email Monitor workflow to monitor an Exchange Online mailbox and process incoming emails into ServiceDesk incidents. Microsoft has announced the deprecation of basic authentication and will soon require modern authentication. Modern authentication does not appear to work since the sign-in logs show that Email Monitor is using basic authentication.
You may see a similar error if those Microsoft changes were implemented in your environment:
The critical error failed execution on component Send Email: Error in processing. the server response was: 5.7.3 STARTTLS is required to send mail.
Do you know if we support Modern Authentication for ServiceDesk and Workflow Solutions?
Environment
ServiceDesk 8.5 RU4
Cause
The following changes were done to accommodate this requirement:
The client backing the Workflow Email component library was updated in a WF 8.1 RU7 pointfix. The new components became widely available in WF 8.5. The old email components remain available for to prevent breaking older projects, but the authentication mechanisms for said components are outdated. The new components (all suffixed with " New") support recent authentication standards including TLS 1.2.
As this relates to ServiceDesk, the SD.Email.Monitor project was updated with the newer email components which will effectively enable the requested authentication standards.
SD.Email.Monitor has been updated to include the new ASPOSE-backed email components which will support current authentication standards.
Within the Workflow code base, changes were made to Symantec.Workflow.RulesEngine.NotificationController which uses System.Net.Mail.SmtpClient.
The Workflow source code was also updated to disable insecure protocols and enable TLS 1.2 support for Rules Engine generated emails.
Resolution
FYI:
ServiceDesk has reached its End-of-Life. See ITMS End-of-Life (EOL) Schedule: KB 173849
Regarding Workflow Solution and modern authentication, please refer to:
Modern Authentication for Mail Monitoring Whitepaper
With ServiceDesk 8.5 RU4 release, Support for modern authentication was introduced in this version:
| Support for TLS 1.2. | Email Monitor project was updated to the newest Workflow email components, enabling authentication support for TLS 1.2. TLS 1.2 support was also added to the Workflow Rules Engine. |
You can see the SD Release Notes here mentioning TLS 1.2 support:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/it-management-suite/ITMS/Release-Notes/ServiceDesk-85-RU4-Release-Notes/what-s-new-in-servicedesk-v117615574-d843e87830.html
Note that the customer may need to switch to the new email components (suffixed with New) as modern authentication support was introduced there and old components left intact for backward compatibility.
Also, if you are just using WorkFlow 8.5 RU4 with no ServiceDesk implementation, there is a pointfix to be added for WF 8.5 RU4:
See our 8.5 RU4 Cumulative Pointfix KB 198337 (under "Pointfix request for enabling authentication support for TLS 1.2 on email components").
Feedback
