Introduction

To allow applications to send e-mails as a given user or service account in Microsoft Entra, we need to configure an Microsoft Entra Active Directory application registration with the appropriate permissions.

Create an Azure AD App with Graph permissions

You can execute these steps using Azure PowerShell, the Azure CLI, or the Azure Portal. The steps required to enable Microsoft Graph SMTP authentication using the Azure Portal are described below. 

Create App Registration

In the Azure Active Directory of your Tenant, navigate to App registrations and create a New registration. Choose a name and select "Register".

Create a User with permissions to use the Application

Navigate to Azure Active Directory → Users and create a new User

Assign the User to the Application

Navigate to the registered App configuration and into the tab "Owners" and add the User.

Set up the application permissions

Looking at the official docs for SendMail, we can see a few ways we can configure our apps to allow sending e-mails. Depending on your scenario, you may want to adjust the permissions between delegated or application permissions.

From the app page in the Azure Portal:

• API permissions > Add a permission
• Microsoft Graph > Application Permissions > Mail.Send > click Add Permission

Your configured permissions should look something like this:

Configuring the jtel Portal

The newly created Directory ID (Tenant ID), as well as the Application ID (Client ID) and Client Secret (Secret Hash Value) are now configured in the jtel portal. The E-Mail Server and user also have to be changed, if you are switching to Office 365.

The configuration is added as Client Administrator in the Menu → Client Master Data in the email tab.