Administrative emails are sent by yuuvis RAD®’s core-service component. Since Microsoft stopped the support for basic authentication for Azure email accounts, yuuvis RAD® supports authenticating via OAuth2 protocol since version 9.12.
To enable OAuth2 authentication for the core-service, follow the instructions in the following sections:

1. Azure configurations for user and App Registration

2. Configurations for Exchange (Online) via Windows Powershell

3. yuuvis RAD® configuration in the management-studio

Azure Configurations for User and App Registration

1. Setup OAuth2 support for the desired user account:

   1. Go to Microsoft Entra admin center

   2. Create the desired user-account, if it not already exists.

   3. Go to https://admin.cloud.microsoft/

   4. Open the desired user-account

   5. Assign a Microsoft 365 Developer License to the user, if not already assigned.
      
      

      Open

      

   6. Save, and wait for the change to become effective. Click regulary on the reload icon at the top right until the “E-Mail” tab shows options

   7. Activate SMTP Auth for the user by navigating to E-Mail > Manage E-Mail-Apps and setting the check mark at Authenticated SMTP.
      
      

      Open

      

      
      
      

      Open

      

       

2. Create an app registration:

   1. Go to https://entra.microsoft.com/

   2. Navigate to App registrations and select +New registration.

   3. Select a descriptive name and set the Redirect URI to “Web“ and “http://localhost”.

      Open

      

       

3. Setup a secret for the App registration:

   1. In the App registration blade, navigate to Certificates & secrets.

   2. Select +New client secret.

   3. Enter a description, choose an expiration date and select Add (make a note of the Value – we refer to it as “Client Secret”).

      Open

      

4. Grant API permissions:

   1. Go to API permissions in the App registration blade and select Add a permission.

      Open

      

   2. Navigate to APIs my organization uses > Office 365 Exchange Online > Application permissions > SMTP and check SMTP.SendAsApp.

   3. Navigate to APIs my organization uses > Office 365 Exchange Online > Application permissions > Mail and check Mail.Send.

   4. Navigate to APIs my organization uses > Microsoft Graph > Application permissions > Mail and check Mail.Send.

   5. Navigate to APIs my organization uses > Microsoft Graph > Application permissions > User and check User.Read,
      
      

      Open

      

   6. Click on the “Grant admin consent for MSFT” check mark to allow the permissions.

   7. Go to Overview and make a note of Application (client) ID and Directory (tenant) ID.

5. Select enterprise application:

   1. Navigate to Identity > Applications > Enterprise applications and select the newly created application.

   2. Make a note of the Object ID displayed under Overview.
      
      

      Open

      

       

   3. Under Users and groups, add the desired user.

Configurations for Exchange (Online) via Windows Powershell

The below powershell commands are only necessary for the “Authenticated SMTP” flow. For apps using the Graph API this can be skipped.

1. Install the Exchange Online Management Module in Powershell (if not already installed):

   1. Open Windows Powershell

   2. Make sure the ExecutionPolicy is set to „RemoteSigned“:

      Get-ExecutionPolicy Set-ExecutionPolicy RemoteSigned

   3. Install PowerShellGet:

      Install-Module -Name PowerShellGet -Force

   4. Install Exchange Online Management cmdlet:

      Install-Module -Name ExchangeOnlineManagement #(for all users)

      OR

      Install-Module -Name ExchangeOnlineManagement -Scope CurrentUser #(for the currently logged in user)

   5. Create a ServicePrincipal and setup permissions in Exchange Online:

      1. Open Windows Powershell

      2. Connect to Exchange Online:

         Connect-ExchangeOnline -UserPrincipalName <USER@example.com>

      3. Create ServicePrincipal (Important! Use the ObjectID from the Enterprise Application):

         New-ServicePrincipal -AppId <ApplicationID> -ObjectId <ObjectID Enterprise Application> -DisplayName <Name>

      4. Set mailbox permissions:

         Add-MailboxPermission -Identity <Email@example.com> -User <ObjectID Enterprise Application> -AccessRights FullAccess

         
         
         

yuuvis RAD® Configuration in the management-studio

1. Navigate to the settings page: On the lower half the email configuration is shown.

2. Make the following changes in the SMTP authentication method section:

   1. Set the check mark at SMTP authorization enabled.

   2. Choose OAuth2 Microsoft Office in the Authentication method drop-down menu.

   3. Enter the Client-ID, the ClientSecret and the Tenant-ID (Directory-ID) in the corresponding text fields in the OAuth2 Microsoft Office section.

   4. The SMTP Server should be smtp.office365.com with Port 587 (recommended) or 25.

   5. Make sure Basic/Standard username and password fields are empty.
      
      

      Open

      

3. Click the save button. Configuration is complete.

4. You can test the configuration by starting the Test e-mail settings action from the menu at the top right.
   
   

   Open