Hi all,

I have an unattended Automation Anywhere bot that uses Microsoft Outlook to download email attachments. The bot currently authenticates via Microsoft Identity Platform (MSIT tenant) using a client ID and client secret.

I recently received a notification that Microsoft will be disabling support for client secret-based authentication for Azure AD apps. This will likely break the current bot functionality.

Has anyone already updated their Outlook automation to support certificate-based authentication or OAuth 2.0 with PKCE as a workaround?

My Setup:

• Bot type: Unattended
• Outlook usage: Downloading email attachments
• Current auth method: MSIT tenant – client ID + client secret ( using rest api and python code no usage of email package )
• Platform: Automation Anywhere A360

What I Need:

• Step-by-step guidance to switch from client secret to automation anywhere email package
• Or, a working approach using OAuth with PKCE inside Automation Anywhere.
• Any best practices for securing and refreshing tokens in unattended bots.

Would really appreciate if someone can share documentation, GitHub samples, or instructions that worked for them.

Thanks in advance!

– Prem