In order for the EWS in my organization to work properly from Linux a set of custom Oauth2 settings need to be defined/overriden from the defaults. It was possible to have this working from Evolution (using evolution-ews) when the following settings were defined to specific values:
* OAB URL: in the form of https://outlook.office365.com/OAB/<UUID here>/oab.xml
* Application ID (for example using Outlook's "d3590ed6-52b3-4102-aeff-aad2292ab01c"
* Redirect URI: urn:ietf:wg:oauth:2.0:oob
I do not see a way to setup these settings from KMail UI, but have read that I could modify the settings in ~/.config/akonadi_ews_resource_Xrc (X being 0 or above, depending on the configuration). I have modified this settings, adding an `Oauth2AppId` option, based on Chriss' blog entry , and tried to guess the names for the other settings, but to no avail. An example of how my configuration file is can be found below:
Linux/KDE Plasma: Debian 11 (sid)
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.85
Qt Version: 5.15.2
Sorry, forgot to add the URL to Chriss' blog  from where I got the Oauth2AppId setting name:
I have exactly the same issue as you. My organization only allows Evolution EWS. Here is how I changed the value of the Oauth2AppId usign qdbus:
qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_0 /Settings org.kde.Akonadi.Ews.Settings.setOAuth2AppId "751cf8be-ca07-484b-9308-fac4b9d85eff"
However, it did not work, because not only they check the app id but also how the app responses and if it not as expected, you will not be able to log in. In my case I got the following error:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '751cf8be-ca07-484b-9308-fac4b9d85eff'.
Try with the Outlook's appid. In my case, that didn't do the trick either. Hope you are more lucky than me.
thank you for your comments. I have tried changing this using qdbus as per your suggestions. I have managed to change both the oAuthAppId and oAuth2ReturnURI with
qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_10 /Settings org.kde.Akonadi.Ews.Settings.oAuth2AppId "d3590ed6-52b3-4102-aeff-aad2292ab01c"
qdbus org.freedesktop.Akonadi.Resource.akonadi_ews_resource_10 /Settings org.kde.Akonadi.Ews.Settings.setOAuth2ReturnUri urn:ietf:wg:oauth:2.0:oob
These settings are changed fine, but when I try to authenticate, I am taken through the journey just as before, so still not able to use Kmail here :( When access is not allowed because the device is not "configured properly", this is what I get from EWS in the error:
App id: 00000000-0000-0000-0000-000000000000
IP address: <REDACTED>
Device identifier: Not available
Device platform: Android
Device state: Unregistered
So, despite setting the Custom UserAgent to Microsoft Office 2016, and the OAuth2 App id to Outlook's, it seems that, for some reason, these are not being properly sent to EWS, or at least not in the way the server expects them.