Skip to content
SuperMail docs

Outlook / Microsoft 365

OAuth sign-in for Outlook and Microsoft 365 is on our roadmap but not available today. Connect these accounts via IMAP + SMTP with an app password (Microsoft’s term is “application password”).

Before you start

You need one of:

  • An Outlook.com, Hotmail, or Live account with 2-step verification turned on.
  • A Microsoft 365 / work-or-school mailbox where your tenant allows IMAP + SMTP AUTH (see gotchas below).

2-step verification is required because Microsoft only issues app passwords to accounts that have it enabled. If it isn’t on yet, turn it on at account.microsoft.com/security first.

Create an app password

  1. Go to account.microsoft.com/security/app-passwords.
  2. Sign in and click Create a new app password.
  3. Copy the 16-character password. You won’t be able to see it again - paste it straight into SuperMail.

If the “App passwords” section isn’t visible, your tenant policy (work/school) has disabled it. See the M365 notes below.

Connect in SuperMail

  1. Settings → Accounts → Add account → Outlook / Microsoft 365.
  2. Enter your full email address and the app password you just created.
  3. Server settings are pre-filled for Outlook domains; for custom M365 domains we’ll autodetect if possible, otherwise enter:
    • IMAP: outlook.office365.com:993 (TLS)
    • SMTP: smtp.office365.com:587 (STARTTLS)
    • Username: full email address
  4. Click Connect.

Sync model

We use IMAP IDLE for real-time push. New messages typically appear in SuperMail within a few seconds of arriving in Outlook. If your server doesn’t support IDLE, we fall back to polling every 60 seconds.

Folders and categories

  • Outlook’s Folders (Inbox, Archive, Deleted Items, etc.) show up as standard SuperMail folders.
  • Categories are exposed as IMAP keywords and map to SuperMail tags where the server publishes them.
  • The Focused Inbox split isn’t exposed over IMAP, so the Focused / Other toggle lives only in the native Outlook apps. SuperMail treats everything as one inbox.

Microsoft 365 (work / school) notes

  • Some tenants disable SMTP AUTH and IMAP at the tenant level. If your admin has done this, app-password sign-in will fail with an authentication error. Ask them to allow SMTP AUTH and IMAP for your mailbox, or contact us once our M365 OAuth support ships.
  • Conditional Access policies that require device compliance may block app-password auth even if the admin has enabled it.
  • If your tenant enforces MFA on every sign-in, the app password is exempt (it’s the whole point) but only for the specific services listed when you created it.

Gotchas

  • Personal Outlook.com accounts and work M365 accounts are separate even if you sign in to Microsoft with the same primary identity. Add each one independently.
  • Shared mailboxes are not yet supported. That lands on the Business plan later in beta.
  • App-specific password rotation - Microsoft doesn’t auto-rotate these, but if you ever reset them you’ll need to update SuperMail under Settings → Accounts → [account] → Edit credentials.

Roadmap

  • Native Microsoft Graph OAuth with delta query sync and push notifications - planned.
  • Shared mailbox support - depends on OAuth, which is a prerequisite.