Documentation forWeb Help Desk

Access a Microsoft 365 email account on a GCC High/Azure Government tenant

Microsoft deprecated the Exchange Web Services (EWS) API that was previously used to access and receive email from a Microsoft Exchange or Microsoft 365 (previously called Office 365) mailbox.

To access your Microsoft 365 mailbox and receive your WHD email, do the following:

  1. Register WHD in Microsoft Azure as an application.

  2. Modify the WHD configuration file to access your mailbox on a Microsoft Government Community Cloud (GCC) High/Azure Government tenant.

  3. Configure your incoming email account for Microsoft 365.

The GCC High and Azure Government cloud platforms provide additional security to prevent unauthorized access to your WHD email. See the Microsoft Learn website for more information about these platforms.

Register WHD in Microsoft Azure as an application

  1. Log in to WHD as an administrator.

  2. Click Setup > General > Options.

  3. In the General Options page, locate the Server DNS Name field.

  4. Update the field with your server DNS name.

    For example:

    helpdesk.mydomain.com

    Do not enter localhost, as this server DNS name does not resolve outside of the WHD server.

  5. Record the new server DNS name and SSL port number for a future step.

  6. Open a web browser and navigate to:

    https://portal.zaure.com/#home

    Do not close WHD.

  7. On the Home page under Azure services, click Azure Active Directory.

  8. In the navigation pane under Manage, click App registrations.

  9. Click the New registration tab.

    (Screenshot property of ©2021 Microsoft Corporation)

  10. Under Name, enter a display name for WHD.

    For example, you can enter Web Help Desk, as shown below.

    (Screenshot property of ©2021 Microsoft Corporation)

  11. Under Supported account types, select the Single tenant option.

    (Screenshot property of ©2021 Microsoft Corporation)

  12. Under Redirect URI (optional), create a redirect URI in the following format using the WHD server DNS name and port number you retrieved in a previous step:

    https://<Server_DNS_Name>:<Port>/helpdesk/oauth-redirect

    For example, if the WHD server DNS name is localhost and a port number is required, enter:

    https://localhost:8443/helpdesk/oauth-redirect

    If the WHD server DNS name is localhost and a port number is not required, enter:

    https://localhost/helpdesk/oauth-redirect

    (Screenshot property of ©2021 Microsoft Corporation)

  13. Save the application.

  14. In the navigation pane, click App registrations.

  15. Under Display name, click the Web Help Desk application.

    The Web Help Desk application details display.

    (Screenshot property of ©2021 Microsoft Corporation)

  16. Record the client and tenant ID values and save them to a text file.

  17. In the navigation menu, click API Permissions.

  18. Click Add a new permission > Microsoft APIs > Microsoft Graph > Delegated Permission to access the following screen:

    (Screenshot property of ©2021 Microsoft Corporation)

  19. In the Request API permissions screen, locate and enable the required permissions.

    (Screenshot property of ©2021 Microsoft Corporation)

    The following table lists the permissions to enable in this screen.

    Permission Access Description
    Mail.ReadWrite Read and write access to user mail Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.
    email View the user's email address Allows the app to read your users' primary email address.
    offline_access Access the user's data anytime Allows the app to read and update the user date, even when they are not currently using the application.
    User.Read Sign-in and read user profile

    Allows users to sign in to the app, and allows the app to read the profile of signed-in users.

    It also allows the app to read basic company information of signed-in users.

    When you are finished, the WHD API permissions screen displays, as shown below.

    (Screenshot property of ©2021 Microsoft Corporation)

  20. Remove any other pre-existing permissions from the remaining permission drop-down menus.

  21. In the navigation pane, click Certificates & Secrets.

  22. In the WHD Certificates & secrets screen, click New client secret.

    (Screenshot property of ©2023 Microsoft Corporation)

  23. Under Add a client secret, select an expiration date.

  24. (Optional) Enter a description.

  25. Click Add.

  26. At the bottom of the screen, locate the Client Secret with the new client secret code.

  27. Copy the client secret code Value ID to a text file.

    Store this text file in a safe location. This code is unique and cannot be retrieved when you close the window.

  28. If prompted, provide the Office365 Admin consent to the above registered application.

  29. Log out of Microsoft Azure.

Update the WHD configuration file

Update the configuration file in your Windows Server, macOS, or Linux server deployment to access the GCC High/Azure Government tenant.

WHD running Windows Server

  1. Log in to your WHD server as an administrator.

  2. Navigate to:

    <WebHelpDesk>\bin\wrapper\conf

    where <WebHelpDesk> represents the WHD home folder.

  3. Open the wrapper_template.conf file in a text editor (such as Notepad).

  4. Locate the Java Additional Parameters section.

  5. At the bottom of this section, add the following lines where 19 is the next proceeding number:

    wrapper.java.additional.19=-DExchangeServiceURL="https://outlook.office365.us/"
    wrapper.java.additional.20=-DAzureTokenURL="https://login.microsoftonline.us/"
    wrapper.java.additional.21=-DAzureAuthorizationURL="https://login.microsoftonline.us/"
    wrapper.java.additional.22=-DIsGcchAzureAccount=true
    wrapper.java.additional.23=-DAzureAuthorizationScope="offline_access%20https://graph.microsoft.us/.default"

  6. Save and close the file.

  7. Restart WHD.

  8. Configure your incoming email account for Office365.

WHD running macOS or Linux server

  1. Log in to your WHD server as an administrator.

  2. Navigate to:

    <WebHelpDesk>/conf

    where <WebHelpDesk> represents the WHD home folder.

  3. Open the whd.conf file in a text editor (such as Notepad).

  4. At the end of the file, add the following lines:

    JAVA_OPTS="-DExchangeServiceURL=https://outlook.office365.us/"
    JAVA_OPTS="-DAzureTokenURL=https://login.microsoftonline.us/"
    JAVA_OPTS="-DAzureAuthorizationURL=https://login.microsoftonline.us/"
    JAVA_OPTS="-DIsGcchAzureAccount=true"
    JAVA_OPTS="-DAzureAuthorizationScope=offline_access%20https://graph.microsoft.us/.default"

  5. Save and close the file.

  6. Restart WHD.

  7. Configure your incoming email account for Office365.