Automatic user account configuration for Outlook



Microsoft Outlook 2007 supports autodiscovery of email account configuration settings. Earlier versions don't, but some mobile devices apparently use the same mechanism as Outlook 2007.

After far too much effort, we've finally got this working at Sussex - subject to the deployment of proper security certificates. 

The autodiscovery protocol is poorly documented at and Tony Finch has his rant at

I've little to add to Tony's rant, except to say that this all gets a lot harder when your login name isn't the left hand side of your email address. That's often the case here. In this event, the login name needs to be returned, so we can't just throw away the POST body. We need to parse it. Of course, MS can't do the simple thing and use regular HTML forms to send POST variables in the way that any HTML form would do. Not even when they're only passing a single variable - your email address.

No, instead they pass an XML document, that looks like this:


<?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="">

This PHP snippet will parse that input:

	$body = @file_get_contents('php://input');
	$xmlDoc = simplexml_load_string($body);
	$email = $xmlDoc->Request[0]->EMailAddress[0];

The really annoying thing though, is that MS still haven't got the TLS/SSL thing right. You can manually configure the ports 143 and 587 with TLS for IMAP and SMTP respectively. If there's no autoconfiguration file, then Outlook will correctly guess port 587 with TLS for SMTP, which is great. But, it still prefers 993 with SSL for IMAP. Infuriatingly, you can't use the autodiscover file to specify use of TLS at all. You can only specify SSL.

This post has been read 1463 times.

You must be logged in to comment on this post.