Applications can access Exchange Online Mailboxes without user interaction using OAuth 2.0 which is now supported by IMAP and POP protocols. While no user interaction is needed, Exchange Online admins will need to provide specific mailbox access (using Exchange Online PowerShell) for applications’ service principals to access the mailboxes.

If you’re not familiar with the OAuth 2.0 protocol, start by reading the OAuth 2.0 protocol on Microsoft identity platform overview

Authenticate an IMAP, POP or SMTP connection using OAuth 2.0 (Custom Application)

https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#get-an-access-token

Configure Thunderbird Mail Client using OAUTH 2.0 (IMAP)

Registering Thunderbird Application to the Azure AD

First we need to add application to Azure AD using the following link;

https://login.microsoftonline.com/<Your Tenant ID>/oauth2/authorize?client_id=08162f7c-0fd2-4200-a84a f25a4db0b584&response_type=code&prompt=admin_consent
ApplicationID
Thunderbird08162f7c-0fd2-4200-a84a-f25a4db0b584
Gmail app2cee05de-2b8f-45a2-8289-2a06ca32c4c8
iOS Accounts (Apple Mail app)f8d98a96-0999-43f5-8af3-69971c7bb423

Open up the link in your browser you will be prompted to accept it

Navigate to Azure AD Admin Center -> Enterprise Applications and Search for Thunderbird

This is the easiest way to add application to Azure AD Enterprise Applications.

  1. Open up Thunderbird Mail Client
  2. Add Email Account
  3. Click Manually and Configure as shown below;

Click Done and you are all set

Conclusion

This is how 3rd party applications can access mailbox using OAuth 2.0.

References;

https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth#get-an-access-token