Outlook and MS365

Use OAuth2 to authenticate Outlook and MS365 IMAP and SMTP accounts for secure email access through EmailEngine.

Click here to see other types of OAuth2 configurations, or follow this tutorial for a detailed step-by-step guide.

Setting up MS Graph API integration with EmailEngine

Follow these steps to integrate Outlook and MS365 email accounts with EmailEngine using OAuth2 and Microsoft Graph API:

  1. Open Azure Portal
    Go to the Azure Portal, where you will manage all settings and configurations for your Microsoft Graph API integration.

  2. Navigate to Microsoft Entra ID → App Registrations
    This is where you will register your app in Azure. App registration allows your app to access Microsoft services like MS Graph for email accounts.

  3. Create a new app registration
    Registering a new application creates a unique identity for your app, enabling it to access MS Graph API securely and interact with users' email accounts.

  4. Select a suitable Supported accounts type
    Choose the appropriate account type based on your needs. To allow broader access, choose Accounts in any org and personal accounts, which supports both Microsoft 365 and personal Outlook accounts.

  5. Set the Redirect URI
    Select Web as the platform and use your EmailEngine URL with the /oauth path (e.g., https://your-emailengine-url.com/oauth). This allows Azure to send the OAuth2 response back to EmailEngine after successful authentication.

  6. Copy the Application (client) ID
    In the application's overview page, find the Application (client) ID. This ID will be used as the Azure Application Id in EmailEngine’s OAuth form when configuring the Outlook integration.

  7. Add API Permissions
    Navigate to API Permissions and click Add a permission. This step grants your app the necessary access to interact with users' Outlook and MS365 email accounts.

  8. Enable Microsoft Graph Permissions

    • Select Microsoft GraphDelegated permissions.
    • Search for and enable the following permissions to allow your app to interact with the user's email:
      • IMAP.AccessAsUser.All (for IMAP access)
      • SMTP.Send (for sending emails via SMTP)
      • offline_access (for long-term access to accounts)

  9. Create a client secret
    Navigate to Certificates & Secrets and create a new client secret. The client secret is used by your app to authenticate with Azure. Choose an expiration period you are comfortable with. Note that once the secret expires, you'll need to generate a new one and update it in EmailEngine.

  10. Copy the client secret value
    Once the client secret is generated, make sure to copy the Value of the secret (not the Secret ID). This value will be used as the Client Secret in EmailEngine's OAuth configuration.

  11. Create a new Outlook application in EmailEngine
    Open EmailEngine and create a new Outlook OAuth2 application. This will establish the connection between EmailEngine and the Microsoft Graph API.

  12. Use the Application ID in EmailEngine
    In the OAuth2 application form in EmailEngine, use the Application ID (from Azure’s dashboard) as the Azure Application Id.

  13. Use the client secret in EmailEngine
    In the EmailEngine form, use the client secret value (the one you copied earlier) as the Client Secret. This allows EmailEngine to authenticate with Azure and access Outlook email accounts.

  14. Set the supported account types
    In EmailEngine, set the Supported account types value. The option Common corresponds to the Accounts in any org and personal accounts option you selected during the Azure app registration process.

  15. Register the app in EmailEngine
    Click Register app in EmailEngine to complete the integration. Your app is now configured to use the Microsoft Graph API for accessing Outlook and MS365 email accounts via IMAP and SMTP.