Share via


How to create an Outlook profile for Office 365

I had another case involving creating a profile to an Office 365 mailbox.  However, this time it was for Outlook’s MAPI, not Exchange's MAPI as previously documented.  After discussing this with the Outlook product team they agreed to document the minimum number of properties to create a profile using MFCMAPI.  Here are the steps.  For the non-developers this is not the recommended way to create profiles.  It is recommended that you use Outlook to create the profile as the logic for this is all built-in.  However, you can use these steps for troubleshooting purposes.

  1. Open up MFCMAPI, go to Profile > Show Profiles
  2. Click Actions > Create Profile
  3. Give the new profile a name and click OK.
  4. Select the new profile
  5. Right-Click the newly created profile and choose Services > Add Service…
  6. Enter MSEMS for the service name
  7. Uncheck the box which says ‘Display Service UI’
  8. Click OK
  9. Double-Click the newly created profile.
  10. Single-Click the MSEMS service.
  11. Find the Exchange Profile section.  This is a little difficult in Outlook’s MAPI since in 2010 and above we no longer have the global profile section.  To find the Exchange Profile Section find the property PR_EMSMDB_SECTION_UID (0x3D150102) in the properties for the service.  The value will be the GUID of the profile section persisted in binary form which will be used in the subsequent steps.  You will need to remember this value.
  12. Double-Click the MSEMS service.
  13. Find the Exchange profile section by using the UID gathered from Step 11 and single-click it to select the row.
  14. Go to Property > Additional Properties
  15. Click Add and add the following properties PR_PROFILE_UNRESOLVED_NAME, PR_PROFILE_UNRESOLVED_SERVER, PR_ROH_PROXY_SERVER, PR_ROH_FLAGS, PR_ROH_PROXY_AUTH_SCHEME, and PR_PROFILE_AUTH_PACKAGE
  16. Click OK.
  17. Configure each property using the guidance below.
Property: PR_PROFILE_UNRESOLVED_NAME 1
Value: mailbox alias
The alias for the target mailbox. For example, Administrator
Autodiscover Node: N/A
Property: PR_PROFILE_UNRESOLVED_SERVER 1
Value: The personalized server id
This is the value retrieved from Autodiscover. It will be in the format <guid>@tenant.onmicrosoft.com. For example, F5FA2827-5978-43cd-8FA8-E07BC3BB5591@contoso.onmicrosoft.com
Autodiscover Node: Response/Account/Protocol/Server (EXCH)
Property: PR_ROH_PROXY_SERVER
Value: outlook.office365.com
Autodiscover Node: Response/Account/Protocol/Server (EXPR) 2
Property: PR_ROH_FLAGS
Value: ROHFLAGS_USE_ROH (0x1) | ROH_FLAGS_USE_SSL (0x2) | ROHFLAGS_MUTUAL_AUTH (0x4) | ROHFLAGS_HTTP_FIRST_ON_FAST (0x8) | ROHFLAGS_HTTP_FIRST_ON_SLOW (0x20)
Contains the settings in a profile used by Microsoft Office Outlook to connect to Microsoft Exchange Server by using a remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP).
Autodiscover Node: Response/Account/Protocol/SSL (EXPR) 2
Property: PR_ROH_PROXY_AUTH_SCHEME
Value: RPC_C_HTTP_AUTHN_SCHEME_BASIC (0x1)
Represents the authentication protocol to be used for this profile.
Autodiscover Node: Response/Account/Protocol/AuthPackage (EXPR) 2
Property: PR_PROFILE_AUTH_PACKAGE
Value: RPC_C_AUTHN_NONE (0x0)
Describes the authentication scheme to use for RPC
Autodiscover Node: Response/Account/Protocol/AuthPackage (EXCH) 3
Property: PR_ROH_PROXY_PRINCIPAL_NAME
Value: The value contained in the CertPrincipalName element.  It will most likely be msstd:outlook.com
Used to support mutual authentication
Autodiscover Node: Response/Account/Protocol/CertPrincipalName (EXPR) 2
  1. Select Session > Logon and display store, and select the profile if it is not already selected.

More Information

Notes for Developers

In the canonical example of creating a profile, Microsoft shows how to create the service then call IMsgServiceAdmin::ConfigureMsgService() to set the PR_PROFILE_UNRESOLVED_NAME and PR_PROFILE_UNRESOLVED_SERVER properties.  However, since Outlook 2010 no longer uses the Global Profile Section this didn’t work for me.  What I had to do was to call IMAPIProp::SetProps() on the Exchange Profile Section with the properties above to get the profile to properly connect.

Setting the properties on the profile SHOULD be done before calling MAPILogonEx()

You can avoid being authenticated as well as querying the directory server by not using the “unresolved” properties (e.g. PR_PROFILE_UNRESOLVED_NAME).  You can get the information from Autodiscover yourself and populate the values for the following properties.

Property: PR_DISPLAY_NAME
Value: The display name of the mailbox
Autodiscover Node: Response/User/DisplayName
Property: PR_PROFILE_HOME_SERVER
Value: The server name for the mailbox
Autodiscover Node: Response/Account/Protocol/Server (EXCH)
Property: PR_PROFILE_USER
Value: The Legacy Distinguished Name (DN) of the user
Autodiscover Node: Response/User/LegacyDN

If you have questions, just add a comment and I will approve them and respond as time permits.

Comments

  • Anonymous
    May 11, 2015
    I have followed all steps for exchange2013, with NTLM as authentication scheme it works fine, Now with office365, it is required to set authentication scheme as Basic, then windows credential popup come up, how to set username and password credentials for creating an Outlook profile for Office 365, does mapi supports any attribute to set them?

  • Anonymous
    June 04, 2015
    Can you please elaborated on : "What I had to do was to call IMAPIProp::SetProps() on the Exchange Profile Section with the properties above to get the profile to properly connect." How to retrieve IMAPIProp interface pointer for "Exchange Profile Section"? Any rough code snippet would be very helpful.

  • Anonymous
    June 04, 2015
    I got the answer. I think I need to call "OpenProfileSection" method to get lpProfSect and set the properties in profile section.

  • Anonymous
    June 18, 2015
    After struggling for several hours, I could not make it work. Can somebody help me what is wrong? Here is my code snippet : http://pastebin.com/ZH4UPrZt

  • Anonymous
    October 29, 2015
    @Manisha18 - No, Outlook pulls the credentials from the Windows Credential Cache.  Microsoft doesn't document the schema for how the credentials are stored.  I have asked the PG for a way to do this programmatically but at this time there is no way.