Help Center

    Configuring Azure AD to allow SureCloud to use API mailbox authentication

    Step 1 - Create an Azure Application

    • Go to your Azure AD portal → “App registrations”

    • New registration → give it a name → select option “Accounts in this organizational directory only (your tenant name)”

    • Leave Redirect URI blank

    • Register


    Step 2 - Set a Client Secret

    • Select the newly created Application -> “Certificates & secrets” → “New client secret”

    • Provide a name and set an expiration of “Never”


    Step 3 - Add the required permissions to send email

    • “API permissions” → “Add a permission”

      • Ensure this is of type "Application". "Delegated" will not give sufficient access for SureCloud to send emails as required.
    • Add the permission “Mail.Send”

    • “Grant admin consent for SureCloud”


    Step 4 - Lock down the Application to only allow sending of the specified mailbox


    You will need:

    • AppId/ClientId of the newly created application

    • A mail-enabled security group containing the mailbox and the ID of this group

    • Powershell & ability to use CmdLet Connect-ExchangeOnline

    Run the following cmd to restrict access replacing the value with your appid and mail-enabled security group:

    New-ApplicationAccessPolicy -AppId e8f4eefc-046g-4084-9b4b-2ab8f144b59f -PolicyScopeGroupId -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group EvenUsers."

    Run the following cmd to test the access policy:

    Test-ApplicationAccessPolicy -Identity -AppId e8f4eefc-046g-4084-9b4b-2ab8f144b59f

    Step 5 - Provide SureCloud with the following details:

    • TenantID → Can be found in AzureAD ( → Properties → “DirectoryID”

    • Client Id/Application Id → Can be found in your application overview section

    • Client Secret (see above)

    • UUID of the mailbox to be used (Directory ObjectID UUID)


    Was this article helpful?
    0 out of 0 found this helpful


    Further Questions?