azureoauth-2.0smtp

Issues Adding SMTP.Send Permission to Azure Application for Office 365 SMTP


I am developing an application on the Azure portal to send emails via free Microsoft accounts using the SMTP server smtp.office365.com.

How can I add the permission https://outlook.office.com/SMTP.Send to an application on the Azure portal? I couldn't find this option, only https://outlook.office.com/Mail.Send.

The workaround is to add https://outlook.office.com/SMTP.Send in the "scope" when starting the authentication process, but I would like to use https://outlook.office.com/.default since there are other required permissions. In other words, https://outlook.office.com/SMTP.Send exists and works, but it is not available in the portal interface.

I tried using https://graph.microsoft.com/SMTP.Send instead, but I got an authorization error when attempting to send an email to the SMTP.


Solution

  • I agree with you, SMTP.Send API permission is not available in the API permissions blade of the Microsoft Entra ID application. Refer this SO Thread by Allen Wu.

    enter image description here

    Hence as a workaround you need to specify the scope name to generate the token like https://outlook.office.com/SMTP.Send

    For sample, I generated below API permissions:

    enter image description here

    And passed scope as https://outlook.office.com/SMTP.Send to generate access token:

    GET https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token 
    client_id=ClientID
    client_secret = ClientSecret
    redirect_uri= https://jwt.ms
    code=Code
    scope= https://outlook.office.com/SMTP.Send 
    grant_type = authorization_code
    

    And the access token contained all the Office 365 Exchange Online permissions granted to the Microsoft Entra ID application:

    enter image description here

    When decoded the scopes are present that is SMTP.Send and all other permissions granted to the Microsoft Entra ID application.

    enter image description here

    If still the issue persists, pass individual scopes like below:

    scope : https://outlook.office.com/SMTP.Send https://outlook.office.com/Mail.Send https://outlook.office.com/Calendars.Read.All
    

    enter image description here