Beginning in early 2021, Microsoft began to disable BASIC authentication to Microsoft 365.

This affects Service Desk Manager users as some organizations leverage mailboxes located in Azure/Microsoft 365.

Broadcom has enabled OAuth 2.0 support to allow connections to Microsoft365 mailboxes.

OAuth2.0 documentation exists in many locations and this KB will serve as a central hub to find necessary KBs

Service Desk Manager 17.3 RU4 and Higher

Microsoft365/Azure

OAuth 2.0 support is announced in 17.3 RU4

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/Release-Information/CA-Service-Management-17-3-0-4-Release-Notes.html

MANDATORY post installation steps:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/installing/Installing-CA-Service-Management-17-3-0-4/Post-Installation-Tasks-for-CA-Service-Management-17-3-0-4.html

Note: Each RU patch has these steps as post installation steps. Please check the appropriate post installation for your RU version.

Configuration TechDocs

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-ca-service-desk-manager/how-to-configure-the-mailbox-to-handle-inbound-emails/define-a-mailbox.html

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-ca-service-desk-manager/how-to-configure-the-mailbox-to-handle-inbound-emails/connecting-maileater-to-office-365-mail.html

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/administering/configure-ca-service-desk-manager/how-to-configure-the-mailbox-to-handle-inbound-emails/how-to-connect-ca-sdm-to-the-office365-servers-using-ssl.html

Configuration KB

https://knowledge.broadcom.com/external/article?articleId=216187

Administrative Consent

Some user environments do not want to give security permissions to the mailbox users in Azure.

In response, we have enabled support for Administrative Consent where an administrator is allowed to consent to generate an OAuth token 

This feature was introduced in RU11

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/Release-Information/CA-Service-Management-17-3-0-11-Release-Notes.html

If the environment is configured as above and the functionality still doesn't work, please check the Knowledge Base and RU patch releases to see if you are running into an already resolved defect

Single Tenant Applications in Azure are now supported in RU21 and higher

https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-3/Release-Information/CASM-17-3-0-21-Release-Notes.html

Microsoft Announces Deprecation of BASIC authentication to Azure/Microsoft365:

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online

Required Allowed URLs and IP Address Ranges 

https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

OAuth Code Flow

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow