Email setup using Token-based authentication with Microsoft 365

Prerequisites 
 Before proceeding with the setup, ensure the following: 
 1. Microsoft 365 Admin Access 
 
 You must have Global Administrator or Application Administrator rights to:
 
 Register an app in Microsoft Entra ID (formerly Azure AD). 
 Grant admin consent for API permissions. 
 
 
 
 2. Exchange Online License 
 
 The tenant must, at minimum, have an active Exchange Online subscription for sending emails via SMTP. 
 
 3. SMTP Authentication Enabled (If Required) 
 
 Modern authentication (OAuth2) is used, but ensure that SMTP AUTH is not disabled for the tenant if needed.
 
 You can check this in Microsoft Entra ID under Security → Authentication Policies. 
 
 
 
 4. Microsoft Graph API Access 
 
 The Mail.Send permission must be enabled in Microsoft Graph API. 
 Ensure that admin consent is granted. 
 
 5. Service Account (Optional but Recommended) 
 
 It is best practice to create a dedicated service account for email sending.
 
 This prevents access issues if an employee leaves or credentials change. 
 
 
 
 6. Firewall and Network Rules 
 
 Allow outbound traffic on port 587 (SMTP with STARTTLS). 
 Ensure no outbound filtering that blocks Microsoft’s SMTP servers. 
 
 
 Microsoft 365 App Registration and Setup 
 Step 1: Open the Microsoft Entra Admin Portal 
 
 Navigate to the Microsoft Entra admin center . 
 Go to Applications → App Registrations → Owned Applications . 
 
 
 Step 2: Register a New Application 
 
 Click New App Registration . 
 Open the newly created app registration. 
 Navigate to API Permissions in the menu. 
 
 
 
 Step 3: Configure API Permissions 
 
 If an SMTP exchange does not exist, set up a new one. 
 Click Add a Permission . 
 Select Microsoft Graph → Application Permissions . 
 Search for Mail.Send and select it. 
 Click Add Permission . 
 
 
 Step 4: Grant Admin Consent 
 
 Under API Permissions , locate the Mail.Send permission. 
 Click Grant Admin Consent . 
 Confirm by clicking Yes . 
 The interface will confirm that consent has been granted. 
 
 Step 5: Generate Client Secret 
 
 Navigate to Certificates & Secrets → Client Secrets. 
 Click New Client Secret . 
 Enter a description and set an expiration period (24 months recommended). 
 Click Add . 
 Copy and store the Client Secret Value immediately (it will not be available later). 
 
 Step 6: Retrieve App Credentials 
 
 Go to the Overview section of your app registration. 
 Copy the following details:
 
 Application (Client) ID 
 Directory (Tenant) ID 
 
 
 
 
 
 Signify Email Setup Using Token-Based Authentication 
 
 
 Open Signify System . 
 
 
 Navigate to Gear → Ruleset → Notifications . 
 
 
 Enable Use Own SMTP Details . 
 
 
 Activate Credentials Required | Token-Based Authentication . 
 
 
 Enter the details obtained from Microsoft Entra: 
 
 
 
 Field 
 Value 
 
 
 
 
 Server Name 
 Any logical name 
 
 
 Port 
 587 
 
 
 Timeout 
 120 
 
 
 Batch Size 
 Medium (Recommended) 
 
 
 From Email 
 Any user within the tenant 
 
 
 Client ID 
 Application (Client) ID (Step 6) 
 
 
 Client Secret 
 Token Secret Value (Step 5) 
 
 
 Tenant ID 
 Directory (Tenant) ID (Step 6) 
 
 
 
 
 
 Click Save to store and validate credentials. 
 
 
 If validation fails, review your configuration settings.