This method uses EWS to meet Microsoft's OAuth 2.0 authentication requirements. If possible, it is usually better to accomplish this using the OAuth 2 setup described in Configure the Email SMTP Server and Inbound Email Accounts, because that configuration is more secure and allows both inbound and outbound authentication. However, if you can't use that method for some reason, you can use this method to authenticate inbound email.
This authentication method requires an Azure account and an Azure AD tenant. The account must be a tenant administrator. |
Configuring as an application in Azure AD requires registering your system with Azure, identifying the application as an authentication tool in Azure, and adding access permissions.
First, you need to register your system with Azure. As you follow the steps, you can also refer to Microsoft's setup instructions if any of the options you see differ from those described here.
|
With the application registered, you can gather the necessary identifying information to use the application with Azure as an authentication tool.
Before you leave the portal, add access permission for the application:
Locate the requiredResourceAccess
property in the manifest, and add the following inside the square [] brackets:
{ "resourceAppId": "00000002-0000-0ff1-ce00-000000000000", "resourceAccess": [ { "id": "dc890d15-9560-4a4c-9b7f-a736ec74ec40", "type": "Role" } ] } |
full_access_as_app
permission is listed.With the application registered and configured in Azure, you can use it to authenticate inbound email addresses in . You must complete this setup for each inbound account that uses an Office 365 or Microsoft Exchange email address.
Refer to Inbound Email Accounts as you work. This article focuses on the settings that are unique to Azure authentication.
EWS:outlook.office365.com/ews/Exchange.asmx
for the address.email1@email.com; email2@email.com; email3@email.com
Related articles |