outlook.office.com in Vanadium - how to get notifications?

Fnordbert

The small company I work for has recently switched to Office 365.
I previously used the Nine email app with the company Exchange server, since it let me avoid giving away Device Administrator rights. To configure this with outlook.office.com requires MS Authenticator, which in turn requires Google Play Services, which is not something I want on my primary profile. (and I need my work email on my primary)

I guess I could have the admin make the required changes and try to set up Thunderbird, but I don't really have any extra favors to call in right now.

Consequently I'm trying out Vanadium.
I have logged in and saved it as "an app", and I think I could live with that user experience.
However I can't seem to be able to get any notifications like mentioned in this thread.

It would make sense if Vanadium does not permit background-web-workers just like that I guess..
So is it even possible?
Could somebody explain how to make it work?

Sigismund

Fnordbert outlook.office.com requires MS Authenticator, which in turn requires Google Play Services, which is not something I want on my primary profile

If the only thing you need is the auth app for MFA due to policy enforcement, MS have a doc describing how to use any TOTP MFA app instead of their own. Look it up, may be a better option for you as long as you just need MFA and not a "passwordless" sign-in option via Ms Authenticator

Oggyo

I use Nine and MS Authenticator. They work w/o Play Services if you manage to install them and get the Nine license transferred. I've tried many possible solutions, incl. the official Outlook mobile (terrible for me) and Outlook Lite. The last one seems and feels as PWA.

At the end, I went back to my preferred choice - Nine. Maybe because I used it for a really long time (dedicated Exch. server, then migrated to O365). I have email rules and folders, and I need different types of notifications only on specific folders, plus more control over email data pulling/syncing.

Fnordbert

Oggyo You seem to have exactly the same story as me, so this is very interesting!
You are saying I may have jumped to conclusions about MS Authenticator requiring Play Services?
( Installing them though Aurora, and transferring the license was painless IIRC. )

I seem to recall that Authenticatior without GPS did not work for the enforced second factor for logging into O365 / Azure, and that I had to install it in my GPS profile to make it work for that. I guess I will have to try again now!
(TOTP with Bitwarden was impossible to get working)

Although I have to say that Authenticator working as a "local broker" creeps me out a little. I thought I knew a bit about how Oauth2 works, having implemented several "flows" in a web context, and I don't recall anything about apps talking locally among themselves! I also notice that Authenticatior has registered my work account on the Android level as a "work account", and I hope that does not come with any form of device admin privileges! I may need to read up a bit more on how all this works!

Fnordbert

Sigismund I tried setting up TOTP with Bitwarden to access O365/Azure through a browser, but was not able to make that work at the time. Now that MS Authenticatior is configured, the option for: "I want to use a different app" is nowhere to be found. Some heavy handed "nudging" from MS I guess :-/

I think I could push our admin to allow TOTP if I did all the homework for him, and applied some pressure. (one of the perks of working for a small company :-) , however I suspect this would not help for Nine, if it depends on a "broker assisted login". I have contacted 9Folders support, and will report back if I learn anything interesting :-)

Sigismund

Fnordbert work account", and I hope that does not come with any form of device admin privileges! I may need to read up a bit more on how all this works!

No, it does not. But it helps 'broker' your sign-in. It basically tells which account is configured for SSO.

As for your situation it does indeed look like the MFA was configured in a way Ms app is required to sign-in. Another way you'd be able to try is a passkey sign-in via Fido key but it requires Play services..

Overall one of the reasons I refuse to use anything MS on personal phone is the level of invasion it brings..

Oggyo

Fnordbert TOTP with Bitwarden was impossible to get working

In addition to MS Auth. MFA I can use TOTP by Aegis, which is the same as Bitwarden's TOTP. So I guess your company enforces more policies, e.g., prohibits TOTP and any other MFA methods than MS Auth., sets conditional access, etc.

It can be a bit challenging for you to use 3rd party apps (e.g. Nine) for accessing your company email if the company's policies try to prefer/enforce the MS Outlook app.