diff --git a/machines/thinkpad/default.nix b/machines/thinkpad/default.nix
index 89bbf92..48225d4 100644
--- a/machines/thinkpad/default.nix
+++ b/machines/thinkpad/default.nix
@@ -13,10 +13,12 @@
   ];
 
   services.fprintd.enable = true;
+  services.gnome.gnome-keyring.enable = true;
   security.pam.services = {
     login.fprintAuth = true;
     sudo.fprintAuth = true;
     hyprlock.fprintAuth = true;
+    login.enableGnomeKeyring = true;
   };
 
   systemd.services.disable-thinkpad-leds = {
diff --git a/modules/tools/email/default.nix b/modules/tools/email/default.nix
index a41116a..49f404d 100644
--- a/modules/tools/email/default.nix
+++ b/modules/tools/email/default.nix
@@ -1,6 +1,35 @@
 { pkgs, ... }:
 {
-  home.packages = [ pkgs.oama ];
+  home.packages = [
+    pkgs.oama
+  ];
+
+  services.gnome-keyring = {
+    enable = true;
+    components = [ "secrets" ];
+  };
+
+  # Use Thunderbird's Client ID
+  xdg.configFile."oama/config.yaml".text = builtins.toJSON {
+    encryption = {
+      tag = "KEYRING";
+    };
+    services = {
+      microsoft = {
+        client_id = "9e5f94bc-e8a4-4e73-b8be-63364c29d753";
+        redirect_uri = "http://localhost:8080";
+        scopes = [
+          "offline_access"
+          "https://outlook.office.com/IMAP.AccessAsUser.All"
+          "https://outlook.office.com/SMTP.Send"
+        ];
+      };
+    };
+  };
+
+  home.sessionVariables = {
+    SASL_PATH = "${pkgs.cyrus-sasl-xoauth2}/lib/sasl2:${pkgs.cyrus_sasl}/lib/sasl2";
+  };
 
   programs = {
     mu.enable = true;
@@ -16,16 +45,36 @@
       realName = "Lars Tveito";
 
       imap.host = "outlook.office365.com";
-      smtp.host = "smtp.office365.com";
+
+      smtp = {
+        host = "smtp.office365.com";
+        port = 587;
+        tls = {
+          enable = true;
+          useStartTls = true;
+        };
+      };
 
       mbsync = {
         enable = true;
         create = "maildir";
+        expunge = "both";
+        extraConfig.account = {
+          AuthMechs = "XOAUTH2";
+        };
       };
 
-      passwordCommand = "oama access larstvei@ifi.uio.no";
+      msmtp = {
+        enable = true;
+        extraConfig = {
+          auth = "xoauth2";
+          user = "larstvei@uio.no";
+          from = "larstvei@ifi.uio.no";
+        };
+      };
+
+      passwordCommand = "${pkgs.oama}/bin/oama access larstvei@ifi.uio.no";
 
-      msmtp.enable = true;
       mu.enable = true;
     };
   };