Sending Emails via OAuth2 Authentication for Microsoft Office 365

Owned by Mr. Schmittberger
Last updated: Oct 24, 2023 by Technische Redaktion
4 min read

Administrative emails are sent by yuuvis RAD®’s core-service component. Since Microsoft stopped the support for basic authentication for Azure email accounts, yuuvis RAD® supports authenticating via OAuth2 protocol since version 9.12.
To enable OAuth2 authentication for the core-service, follow the instructions in the following sections:

  1. Azure configurations for user and App Registration

  2. Configurations for Exchange (Online) via Windows Powershell

  3. yuuvis RAD® configuration in the management-studio

Azure Configurations for User and App Registration

  1. Setup OAuth2 support for the desired user account:

    1. Go to https://portal.microsoft.com/

    2. Open or create desired user-account.

    3. Activate SMTP Auth for the user by navigating to E-Mail > Manage E-Mail-Apps and setting the check mark at Authenticated SMTP.



       

  2. Create an app registration:

    1. Go to https://entra.microsoft.com/

    2. Create a new app registration by navigating to Identity > Applications > App registrations and select +New registration.

    3. Select a descriptive name and set the Redirect URI to “Web“ and “http://localhost”.

       

  3. Setup a secret for the App registration:

    1. In the App registration blade, navigate to Certificates & secrets.

    2. Select +New client secret.

    3. Enter a description, choose an expiration date and select Add (make a note of the Value – we refer to it as “Client Secret”).

  4. Grant API permissions:

    1. Go to API permissions in the App registration blade and select Add a permission.

    2. Navigate to APIs my organization uses > Office 365 Exchange Online > Application permissions > SMTP and check SMTP.SendAsApp.

       

    3. Grant admin consent for the permission.

    4. Go to Overview and make a note of Application (client) ID and Directory (tenant) ID.

  5. Select enterprise application:

    1. Navigate to Identity > Applications > Enterprise applications and select the newly created application.

    2. Make a note of the Object ID displayed under Overview.

       

    3. Under Users and groups, add the desired user.

Configurations for Exchange (Online) via Windows Powershell

  1. Install the Exchange Online Management Module in Powershell (if not already installed):

    1. Open Windows Powershell

    2. Make sure the ExecutionPolicy is set to „RemoteSigned“:

      Get-ExecutionPolicy Set-ExecutionPolicy RemoteSigned

    3. Install PowerShellGet:

      Install-Module -Name PowerShellGet -Force

    4. Install Exchange Online Management cmdlet:

      Install-Module -Name ExchangeOnlineManagement #(for all users)

      OR

    5. Create a ServicePrincipal and setup permissions in Exchange Online:

      1. Open Windows Powershell

      2. Connect to Exchange Online:

      3. Create ServicePrincipal (Important! Use the ObjectID from the Enterprise Application):

      4. Set mailbox permissions:



yuuvis RAD® Configuration in the management-studio

  1. Navigate to the settings page: On the lower half the email configuration is shown.

  2. Make the following changes in the SMTP authentication method section:

    1. Set the check mark at SMTP authorization enabled.

    2. Choose OAuth2 Microsoft Office in the Authentication method drop-down menu.

    3. Enter the Client-ID, the ClientSecret and the Tenant-ID (Directory-ID) in the corresponding text fields in the OAuth2 Microsoft Office section.

  3. Click the save button. Configuration is complete.

  4. You can test the configuration by starting the Test e-mail settings action from the menu at the top right.