TABLE OF CONTENTS

When your email connection expires, or your credentials change, Freshdesk displays a Please reauthorize your Email settings banner on the Email Settings page. This article explains the most common reasons the banner appears and walks you through the steps to restore your connection for each scenario.

Scenario 1: Microsoft Basic Authentication deprecation and migration to OAuth

Microsoft has deprecated Basic Authentication on online Exchange servers. OAuth (Open Authorization) replaces it by securing access through authorization tokens rather than passwords, which significantly improves security. If your Freshdesk account uses Microsoft with Basic Authentication, you will see the reauthorization banner and must migrate to OAuth.

 

Reauthorize an existing Microsoft mailbox

Follow these steps to migrate your existing Basic Authentication mailbox to OAuth:

  1. Go to Admin > Channels > Email. The page lists all email addresses configured for your account.
  2. Click the Re-authorize link next to the Microsoft Office 365 email address.
  3. Enter your Microsoft credentials (username and password) to complete the process.
  4. Freshdesk replaces the existing Basic Authentication configuration with an OAuth-based one and confirms the change with a success message.

 

Note: This migration does not affect your helpdesk activities or ongoing email operations.


Troubleshoot connection errors

If you encounter errors verifying the server name, port, or credentials, complete both of the following:

  • Enable IMAP and Authenticated SMTP for authentication.
  • For custom mail server setups, confirm your port settings: use IMAP port 993 and SMTP port 465. Incorrect port settings are a common cause of connection failures.

 

Set up a new Microsoft OAuth mailbox

To configure a brand-new Microsoft Office 365 support email using OAuth:

  1. Go to Admin > Channels > Email > New support email.
  2. Select Microsoft Office 365 and choose whether to use the mail server for Incoming only, Outgoing only, or Both.
  3. (Optional) For Incoming only and Both configurations, select the option to delete emails from the server after fetching them to Freshdesk.
  4. Authenticate using OAuth 2.0 with your Microsoft credentials. Freshdesk confirms successful authentication with a message.

 

Switch or modify a Microsoft account

Use the guidance below if you need to change the account associated with your mailbox:

  • Switch to a new Microsoft account: Enter the new account credentials and follow the standard setup procedure.
  • Switch from a Gmail account to a Microsoft account: Select Microsoft Office 365, sign in with Microsoft, and follow the standard procedure.

You can refer to the using custom mail servers for incoming and outgoing emails to learn more.

 

Note: View existing Basic Authentication details in the Others section. If you use a shared mailbox, provide the primary email address in the Your support email field. OAuth is also supported for personal Microsoft accounts such as Outlook.com and Hotmail.com.

Scenario 2: Reauthorization Required for Other and Gmail Mailbox

If you see the Reauthorization required message while using a Gmail or Other mailbox type, your password has most likely expired or been changed. Re-entering your credentials restores the connection.

To reauthorize:

  1. Verify your username and re-enter your current password in the email settings.
  2. If the Re-authorize link is not visible, click the pencil (edit) icon next to the incoming settings for the affected email address and sign in again.
Note: Any emails sent during the disconnection period are automatically resent once reauthorization succeeds.


Scenario 3: Reauthorization required for Microsoft Office 365 OAuth mailbox

Microsoft OAuth credentials can expire for several reasons, including a password change, a caching conflict, account inactivity, or account closure. If you still see the banner after confirming your migration to OAuth, follow these steps.

First, confirm you have already migrated to OAuth. If you have not, complete Scenario 1 before continuing. If the banner persists after migration, proceed as follows:

  1. Go to Admin > Channels > Email.
  2. On the email list page, click the edit icon next to the Microsoft Office 365 email address.
  3. Select Sign in with Microsoft to complete the reauthorization.
  4. Click Save after each step to apply the changes.


Note:  
If only outgoing emails are failing with an "Unexpected error" message, this also indicates an expired OAuth token. Follow the same reauthorization steps above to resolve it. 
If a support mailbox cannot send outgoing emails, Freshdesk automatically uses the next available connected mailbox for agent replies. Once the affected mailbox is reauthorized, review any tickets handled during the outage to confirm responses were sent from the correct address.



Scenario 4: Accounts with multiple support smails

On accounts with multiple support emails, the reauthorization banner appears for all users if even one mailbox is unauthorized. If the standard reauthorization steps do not resolve the issue, use the following process.

Reauthorize a primary email address

Complete these steps in order:

  1. Go to Admin > Email.
  2. Set the primary email address to non-primary.
  3. Reauthorize the email.
  4. Set the email back to primary.

 

Confirm the banner is cleared

After completing reauthorization, verify the banner has been removed:

  • Refresh your Freshdesk account, or clear your browser's cache and cookies. You can also open an incognito window to confirm the banner is gone.
  • If your agent email address was updated during the reauthorization process, correct it by clicking the edit icon next to the email address and selecting the right account.
  • If the banner persists, check all configured support emails — including secondary addresses and team inboxes — since a single unauthorized mailbox triggers the banner for everyone on the account.

 

Address persistent connection drops

If your mailbox reconnects but keeps dropping the connection, your IT team may need to allowlist Freshdesk IP addresses on your mail server. Ask them to add the following addresses:

13.232.159.149, 13.127.147.204, 13.232.27.234, 13.233.170.242, 13.126.102.179, 13.127.126.68, 52.66.154.99, 43.204.166.208, 43.204.166.209, 43.204.166.210, 43.204.166.211, 13.127.153.86, 13.127.210.61, 13.126.228.113, 13.127.236.188, 13.233.78.192, 13.234.254.220, 65.1.183.201

 

Fix automatic sign-in to the wrong Microsoft account

If the reauthorization flow automatically signs you into the wrong Microsoft account, open an incognito window, fully sign out of all Microsoft sessions, and then retry reauthorization.

 

Understand automated retry behavior

When Freshdesk detects a mailbox connection failure, it automatically retries the connection up to 8 times over approximately 12 minutes. If all retries fail, the mailbox is marked as disconnected and requires manual reauthorization. If emails are still being sent and received normally, the connection was already restored automatically, and no action is needed.