Evolution, MS365, Conditional access and Device compliance

Hi.

I am currently in the process of introducing Evolution as standard email Client in an enterprise environment fow Linux users.
Our devices need to be compliant, so we (sadly) use MS intune. On linux, if you (are forced to) use intune, every access to MS365 needs to go through Microsoft Edge.

I use evolution since 2020. I use an own azure Application to connect Evolution to MS365 and Exchange Online. That worked just fine. - Until device compliance and conditional access was enforced.

After some debugging and digging into it, I found the problem, and could also provide a solution to get Evolution working again.

If I want to connect Evolution to Exchange Online via Azure Applications (EntraID), Evolution seems to use some sort of built in webinterface/webbrowser to show the authentication website. This internal “browser” does not send the needed “Device is compliant” variable.

Is it possible/would it be possible to make Evolution use a specific browser?
If I can make Evolution use MS Edge to authenticate towards MS365, the connection would work again.
As example: The OnDrive Application from abraunegg needs an access token to access the ondrive files. I used Edge to get a token and the onedrive client works since then without any problem.
Could this be a solution for Evolution too?

Thanks
Arsimael

1 Like

If I want to connect Evolution to Exchange Online via Azure
Applications (EntraID), Evolution seems to use some sort of built in
webinterface/webbrowser to show the authentication website. This
internal “browser” does not send the needed “Device is compliant”
variable.

Hi,

I’m missing an important information:
a) what your exact evolution version is, please? It can be found
in Help->About;
b) do you connect to it with Exchange Web Services or other protocol?
It’s what the Mail account type is.

The version is important, because there had been enabled some HTML5
features in the internal browser semi-recently.

Is it possible/would it be possible to make Evolution use a specific
browser?

It had been added a year ago or more. When you look above the OAuth2
wizard window, there’s shown a URL. There is a button to open the
wizard in the default browser on the right side of this URL. I agree
the button is rather hidden, easy to overlook.

Bye,
Milan
1 Like

Hi.
The hint with the “The button is rather hidden” was the key to success.
We are currently running on Ubuntu 18.04 LTS, 20.04 LTS and 22.04 LTS. Newest evolution is 3.44.4-0ubuntu2.

I installed the flatpak version (3.52.2) and on the authentication Window I had this small sign at the very end of the URL line. I clicked on it and the current default browser opened and did the authentication thing.

It worked. - Thanks for that hint.

But I still would like to make one suggestion: Is it possible to make that button bigger? Or to write “Open Link in Standard browser” or such?

Still, having the option to pick a browser would be awesome, because then I can put Microsoft Edge where it belongs, and thats NOT the default browser…

Again, thanks for helping me out.

Arsimael

Hi,
you are not the first asking this, thus I guess it would make sense,
even I consider it a corner-case thing, users may not usually need to
open the link in an “external” browser.

If you can, please open a bug in an evolution-data-server (that’s where
the code resides) [1], thus it’s not forgotten.

Thanks and bye,
Milan

[1] Issues · GNOME / evolution-data-server · GitLab

1 Like

Done.
Thanks for helping :slight_smile: