Introduction
To allow our applications to send e-mails as a given user or service account in Microsoft Entra, we need to configure an Azure AD application Microsoft Entra Active Directory application registration with the appropriate permission. Additionally, we need to ensure that the user or service account has a license assigned for sending e-mailspermissions.
Create an Azure AD App with Graph permissions
To allow our app to send e-mails using our user or service account, we need to configure an Azure AD application with the appropriate permissions.
You can do You can execute these steps using Azure PowerShell, the Azure CLI, or the Azure Portal that I'm doing for demonstration purposes.
Create a new App Registration Azure Portal
Head over to Azure AD and create a new App Registration.
- Azure Portal > Active Directory > App registrations > New registration
- Name: Whatever you want.
- Type: Accounts in this organizational directory only (Single tenant)
- Redirect URI: Not required.
Using a Client ID and Client Secret
Here's how you can set that up your applications to rely on the traditional Client ID / Client Secret approach for authenticating to the application.
We then need to create a new secret and securely store the value of the said secret, along with the Tenant ID and the app's Client ID.
From the App page:
- Certificates & Secrets > New client secret
- Copy the secret and store it in a safe location (password manager is a good idea).
...
. The steps required to enable Microsoft Graph SMTP authentication using the Azure Portal are described below.
Create App Registration
In the Azure Active Directory of your Tenant, navigate to App registrations and create a New registration. Choose a name and select "Register".
Create a User with permissions to use the Application
Navigate to Azure Active Directory → Users and create a new User
| Info |
|---|
If you already have a user which is used for the Microsoft Graph Teams Presence API App registration, you can use that user for this purpose again! |
Assign the User to the Application
Navigate to the registered App configuration and into the tab "Owners" and add the User.
Grant Permissions
The Microsoft Graph SMTP Authentication requires permissions to send emails. Configure the following permissions with "Add a permission" and grant the permssions by clicking on "Grant admin consent for <Tenant Name>". The permission "User.Read" is added by default and should not be removed.
Create a Client Secret
Navigate to Certificates and Secrets and click on "New client secret" to add a new secret.
| Info | ||
|---|---|---|
| ||
As this secret will expire after the configured amount of time, please make note of this because it must be changed in the Client Master Data settings in your jtel ACD after being renewed in the Microsoft Entra Active Directory. |
Configuring Client Master Data
The newly Tenant ID, as well as the Application ID (Client ID) and Client Secret (Secret Hash Value) are now configured in the jtel portal. The E-Mail Server and user also have to be changed, if you are switching to Office 365.
The configuration is added as Client Administrator in the Menu → Client Master Data in the email tab.
| E-Mail Sender | The E-Mail address which should be displayed as the sender |
| E-Mail Server | |
| Tenant ID | The Tenant ID of your Microsoft Entra AD |
| Client ID | The Client ID of the new registered Application |
| E-Mail User | The new user which is the owner of the registered Application |
| E-Mail Password | The Secret Hash Value |