This page is not about davmail at all, as that does not work with OAuth2.

Settings for email at USyd

All USyd email is outsourced to Office365. To log in, use your email address with the unikey password and Okta MFA authentication.
Email clients tested to work with these settings:

OWA (web interface) e.g. at sydney.edu.au/email - works "as is"
Outlook 2016 (a.k.a. Office365) - works "as is"
Outlook 2013 - needs some some registry settings, see:
https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide
https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/modern-authentication-configuration
or maybe you should update to Outlook 2016.
The ICT HelpDesk are unwilling to help with any Outlook2013 issues.
Apple Mail - works "as is"
Thunderbird - works fine, with:
AccountSettings (right-click email account, Settings)
- Server Settings for IMAP:
  server outlook.office365.com, port 993, security SSL/TLS, method OAuth2
- Outgoing Server for SMTP, select, edit:
  server smtp.office365.com, port 587, security STARTTLS, method OAuth2
Thunderbird may not show OAuth2 for authentication. If so then select something else (but all other values correct), click Advanced Settings, then fix up both IMAP and SMTP settings.

Email clients not tested (please let me know if you need one of these, or any others):

Evolution
Seems to need Exchange (not IMAP) server URL https://outlook.office365.com/ews/exchange.asmx and authentication Oauth2.
Mutt
See maybe https://github.com/ork/mutt-office365/issues/28
Alpine
See maybe http://alpine.x10host.com/alpine/alpine-info/misc/SettingXOAUTH2Outlook.html
Other clients mentioned as maybe able to do O365 OAuth2:
mbsync (AKA isync)
offlineimap

See elsewhere about how to use (survive?) Okta MFA.

Notes, blurb

See also the older version about the initial transition to outsourced Office365.
See also the even older version about the transition to the Uni Exchange server.

Do not store old, long-term, or important messages on Office365, but keep in "local" folders.
BEWARE that when you leave the Uni, ICT will disable your unikey and you will lose access to Uni email.
BEWARE of Office365 Online Archive settings: they move messages older than some time into some "Online Archive". You can access this with Outlook or web interface, or via davmail and with Thunderbird (but maybe not other clients?), and not with IMAP as per Microsoft documentation, and not with Apple Mail. Maybe, change the archiving policy using the web interface: right-click on (each) email folder and choose Assign Policy > Achive Policy : Personal never move to archive (Never).
BEWARE of the Outlook recall function: messages recalled and still in your Inbox (or other Office365 folders?), will disappear.
BEWARE that ICT will sometimes delete some (bad? virus?) messages from your mail folders.

BEWARE of unikey password changes. There may be (was?) an enforced yearly change, and if you change then you may need to re-do the settings in your mail client (gmail or thunderbird or phone etc). (Or if you forget, then you may end up with your account locked after too many bad tries.) Best to leave your unikey password as it was: go through 5 or 10 changes, then back.

Note how "student" email on @uni.sydney.edu.au is outsourced to the same Office365 cloud, though (possibly) with a different login scheme.

Note that with IMAP you can copy messages (in either direction) between Office365 and other folders: try to take advantage of the unlimited storage offered by Office365.

The Uni wants to store data only on servers under trusted jurisdictions, and gmail/google has servers in some Asian countries. The Uni trusts Microsoft (both @sydney and @uni.sydney are really Office365), Mimecast (our spam filter), trusted Symantec (previous spam filter), and say Cloudstor and Dropbox; so far the Uni does not seem to worry about Google Drive. There is a push to have mobile devices (their data, and the passwords they remember) encrypted but that does not seem monitored or enforced.

BEWARE of the Uni Mimecast spam filter, noting that all @maths and @sydney messages received, and any sent by Office365, go through it.

The Mimecast filter sometimes alters the encoding of messages: dislikes "Content-Transfer-Encoding: 7bit" or 8bit, prefers quoted-printable, may leave base64; specifically for "Content-Type: multipart/xxx" messages, does not put in any (useless?) Content-Transfer-Encoding lines into the email header; and corrects the capitalization of those headers. Worse: with the "URL rewrite" feature it changes URL links on purpose, rewriting the content. These actions wreck any DKIM signatures, and may result in messages being rejected later on (by clients that use DMARC correctly).
The Mimecast filter "URL rewrite" feature checks all URL links when you click on them, in effect clicking just before you do. This wrecks single-use links, as often used e.g. for "password reset" functions: you receive "link expired" by the time you click.

No more use for davmail at USyd

You (probably?) could run davmail on your own machine, with the davmail.mode=O365Interactive setting, so it would handle the authentication prompts, and you could use any IMAP client, see e.g. galileo.phys.virginia.edu/compfac/faq/davmail.html or adamghanem.com/post/microsoft-davmail-guide/ (but this cannot be done with a davmail "server").

Apologies for the verbiage.

Paul Szabo psz@maths.usyd.edu.au 8 Oct 25