I'm already going down the road of adding Outlook 365 specific settings (Tenant ID, App ID, client secret) to our email server setup window so we can verify it will work using the customer's own Tenant ID. Hopefully we will be able to test on Monday with a customer or two.

We host our own Exchange server on our domain and we don't have OAuth2 enabled on it so I can't test in our own domain!

On the DataFlex side, here are my notes on getting the Chilkat examples to work:

In the Chilkat code samples:

Set ComAuthorizationEndpoint and set ComTokenEndpoint both use the "Directory (tenant) ID" GUID on the Azure Overview page.
Set ComClientId uses the "Application (client) ID" on the Azure Overview page.
Set ComClientSecret uses the Value of the secret you create on the "Certificates & secrets" page (obvious, perhaps)

On the "Authentication" page, you need to set up a "localhost" redirect URI that uses the same port as the ComListenPort in the Chilkat example (3017 is what they use).

However, to get this to work, I had to set up the Redirect URI under the "Single-page application" platform, rather than the "Mobile and desktop applications" platform (even though it's a Windows application I'm doing this for).

Using a Redirect URI under the "Mobile and desktop applications" resulted in an incomprehensible (at least to me) error message that I was able to Google. Someone mentioned the solution was to set up the redirect under "Single-page application" rather than a "Mobile and desktop application"

Once this was done I was able to get the "OAuth2 authorization granted!" message in the output window and the access token displayed.
Microsoft's quickstart instsructions for registering an application are here:

I'm planning on doing a short video showing the setup steps in the Azure Portal for our customers' IT personnel that will need to do this. I can post a link to that when it's done