IMAP OAuth2 Error: "User is Authenticated but Not Connected" in Microsoft Exchange / Office 365
This article explains the cause of the IMAP error "BAD User is authenticated but not connected" that can appear when connecting a Microsoft Exchange or Office 365 (Outlook.com) mailbox to LiveAgent using OAuth2 / XOAUTH2 authentication, and describes the steps to resolve it.
Understanding the Error
When LiveAgent connects to a Microsoft mailbox via IMAP using OAuth2 (XOAUTH2), the authentication handshake may succeed, but the subsequent SELECT "INBOX" command can return the following server response:
BAD User is authenticated but not connected.
This means that while the OAuth2 token was accepted and authentication completed successfully, the IMAP session itself could not be established. The error originates on the Microsoft Exchange / Office 365 server side, not within LiveAgent.
Common Causes
- IMAP access is disabled on the mailbox — Microsoft disables IMAP by default for Outlook.com and some Office 365 accounts.
- Insufficient permissions — the OAuth2 application may not have the required mailbox access permissions granted.
- Backend service issues on Microsoft's side — transient server-side problems can prevent the session from being fully established even after a successful authentication.
- Multiple simultaneous IMAP connections — configuring the same Outlook.com account as IMAP in multiple email clients can trigger connection errors.
How to Fix the Error
Step 1: Enable IMAP Access on Your Microsoft Account
IMAP access is disabled by default for Outlook.com accounts. To enable it:
- Sign in to your Outlook.com account.
- Go to Settings > Mail > Forwarding and IMAP.
- Under POP and IMAP, toggle Let devices and apps use IMAP to ON.
- Click Save.
For Office 365 accounts managed by an organisation, an administrator may need to enable IMAP access at the tenant or mailbox level via the Microsoft 365 Admin Center or Exchange Admin Center.
Step 2: Re-authenticate the Account in LiveAgent
After enabling IMAP, re-connect the email account in LiveAgent to obtain a fresh OAuth2 token and re-establish the IMAP session:
- In LiveAgent, navigate to Configuration > Email > Incoming Mail Accounts.
- Locate the affected Microsoft account and open its settings.
- Disconnect and reconnect the account using the Microsoft OAuth connector.
- Follow the Microsoft authorization pop-up to grant the required permissions.
Step 3: Verify OAuth2 Permissions
Make sure the LiveAgent application has been granted the necessary permissions on your Microsoft account. If your organisation enforces admin approval for third-party app integrations, an administrator must grant consent. Refer to the Microsoft documentation on granting admin consent for details.
Step 4: Resolve Multiple IMAP Client Conflicts (Outlook.com)
If the same Outlook.com account is configured as IMAP in multiple email clients, connection errors can occur. To resolve this:
- Go to account.live.com/activity and sign in.
- Under Recent activity, find the Session Type event matching the time of the error and expand it.
- Select This was me to authorise the IMAP connection.
- Attempt to reconnect the account in LiveAgent.
Microsoft IMAP Server Settings (for Reference)
When connecting a Microsoft / Office 365 account via IMAP, ensure the following server settings are used:
- IMAP server: outlook.office365.com
- IMAP port: 993
- Encryption: SSL/TLS
- Authentication method: OAuth2 / Modern Auth
Still Having Issues?
If the problem persists after following the steps above, it may be caused by a transient backend issue on Microsoft's side. In that case:
- Wait a few minutes and try reconnecting the account again.
- Check the Microsoft 365 Service Status page for any ongoing incidents.
- Contact LiveAgent support for further assistance with your specific account configuration.