I am developing an application on the Azure portal to send emails via free Microsoft accounts using the SMTP server smtp.office365.com.
How can I add the permission https://outlook.office.com/SMTP.Send to an application on the Azure portal? I couldn't find this option, only https://outlook.office.com/Mail.Send.
The workaround is to add https://outlook.office.com/SMTP.Send in the "scope" when starting the authentication process, but I would like to use https://outlook.office.com/.default since there are other required permissions. In other words, https://outlook.office.com/SMTP.Send exists and works, but it is not available in the portal interface.
I tried using https://graph.microsoft.com/SMTP.Send instead, but I got an authorization error when attempting to send an email to the SMTP.
I agree with you, SMTP.Send
API permission is not available in the API permissions blade of the Microsoft Entra ID application. Refer this SO Thread by Allen Wu.
Hence as a workaround you need to specify the scope name to generate the token like https://outlook.office.com/SMTP.Send
For sample, I generated below API permissions:
And passed scope as https://outlook.office.com/SMTP.Send
to generate access token:
GET https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
client_id=ClientID
client_secret = ClientSecret
redirect_uri= https://jwt.ms
code=Code
scope= https://outlook.office.com/SMTP.Send
grant_type = authorization_code
And the access token contained all the Office 365 Exchange Online permissions granted to the Microsoft Entra ID application:
When decoded the scopes are present that is SMTP.Send
and all other permissions granted to the Microsoft Entra ID application.
If still the issue persists, pass individual scopes like below:
scope : https://outlook.office.com/SMTP.Send https://outlook.office.com/Mail.Send https://outlook.office.com/Calendars.Read.All