Help Center
    Follow

    Configuring Azure AD to allow SureCloud to use API mailbox authentication

    Step 1 - Create an Azure Application

    • Go to your Azure AD portal https://portal.azure.com → “App registrations”

    • New registration → give it a name → select option “Accounts in this organizational directory only (your tenant name)”

    • Leave Redirect URI blank

    • Register

    69b3be48-14cf-4065-868b-6ce6aa069001.png

    Step 2 - Set a Client Secret

    • Select the newly created Application -> “Certificates & secrets” → “New client secret”

    • Provide a name and set an expiration of “Never”

    2.png

    Step 3 - Add the required permissions to send email

    • “API permissions” → “Add a permission”

      • Ensure this is of type "Application". "Delegated" will not give sufficient access for SureCloud to send emails as required.
    • Add the permission “Mail.Send”

    • “Grant admin consent for SureCloud”

    3.png

    Step 4 - Lock down the Application to only allow sending of the specified mailbox

    (https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access)

    You will need:

    • AppId/ClientId of the newly created application

    • A mail-enabled security group containing the mailbox and the ID of this group

    • Powershell & ability to use CmdLet Connect-ExchangeOnline

    Run the following cmd to restrict access replacing the value with your appid and mail-enabled security group:

    New-ApplicationAccessPolicy -AppId e8f4eefc-046g-4084-9b4b-2ab8f144b59f -PolicyScopeGroupId EvenUsers@contoso.com -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group EvenUsers."

    Run the following cmd to test the access policy:

    Test-ApplicationAccessPolicy -Identity user1@contoso.com -AppId e8f4eefc-046g-4084-9b4b-2ab8f144b59f

    Step 5 - Provide SureCloud with the following details:

    • TenantID → Can be found in AzureAD (portal.azure.com) → Properties → “DirectoryID”

    • Client Id/Application Id → Can be found in your application overview section

    • Client Secret

    • UUID of the mailbox to be used

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments

    Further Questions?