To allow our applications to send e-mails as a given user or service account, we need to configure an Azure AD application with the appropriate permission. Additionally, we need to ensure that the user or service account has a license assigned for sending e-mails.
Create an Azure AD App with Graph permissions
To allow our app to send e-mails using our user or service account, we need to configure an Azure AD application with the appropriate permissions.
You can do these steps using Azure PowerShell, the Azure CLI, or the Azure Portal that I'm doing for demonstration purposes.
Create a new App Registration Azure Portal
Head over to Azure AD and create a new App Registration.
- Azure Portal > Active Directory > App registrations > New registration
- Name: Whatever you want.
- Type: Accounts in this organizational directory only (Single tenant)
- Redirect URI: Not required.
Using a Client ID and Client Secret
Here's how you can set that up your applications to rely on the traditional Client ID / Client Secret approach for authenticating to the application.
We then need to create a new secret and securely store the value of the said secret, along with the Tenant ID and the app's Client ID.
From the App page:
- Certificates & Secrets > New client secret
- Copy the secret and store it in a safe location (password manager is a good idea).
Next, make sure you copy the Application ID (Client ID) and the Tenant ID for your application. You can find these on the Overview page of your app.