To allow our applications to send e-mails as a given user or service account, we need to configure an Azure AD application with the appropriate permission. Additionally, we need to ensure that the user or service account has a license assigned for sending e-mails.
To allow our app to send e-mails using our user or service account, we need to configure an Azure AD application with the appropriate permissions.
You can do these steps using Azure PowerShell, the Azure CLI, or the Azure Portal that I'm doing for demonstration purposes.
Head over to Azure AD and create a new App Registration.
Here's how you can set that up your applications to rely on the traditional Client ID / Client Secret approach for authenticating to the application.
We then need to create a new secret and securely store the value of the said secret, along with the Tenant ID and the app's Client ID.
From the App page:
Next, make sure you copy the Application ID (Client ID) and the Tenant ID for your application. You can find these on the Overview page of your app.
At this point you should have stored these values for use later in our code:
Looking at the official docs for SendMail, we can see a few ways we can configure our apps to allow sending e-mails. Depending on your scenario, you may want to adjust the permissions between delegated or application permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | Mail.Send |
| Delegated (personal Microsoft account) | Mail.Send |
| Application | Mail.Send |
From the app page in the Azure Portal: