This article will help in setting up Outbound Email in PSA with Microsoft OAuth 2.0. SMTP settings may vary, please confirm with the service provider.
Setup on Azure
1) App Registration:
Log in to the Azure portal (https://portal.azure.com) using a global admin account. Refer to the below steps/screenshots to register for the app.
On your Home page, Under Azure services, Click on Azure Active Directory
Under Manage on the left-hand navigation menu, Choose App Registrations > New registration or Applications > App Registration.
Register an Application, provide a name
Supported account types: Option 2, Accounts in any organizational directory (Any Azure AD directory - Multitenant)
As we are not performing any Oauth authentication on the PSA interface we don’t need to fill in the redirect URL
Click Register
Copy the Application (client) ID and Directory (tenant) ID from the screen and save them on your notepad.
2) Authentication:
Under Manage on the left-hand navigation menu, Choose Authentication
Select Yes to Enable the following mobile and desktop flows and hit Save.
3) API Permissions:
On the left-hand side under Manage, Navigate to API Permissions
Add the permission
On the Request API permission screen Select Microsoft Graph
In Graph API choose Delegated permissions
Permissions needed here are
SMTP.Send
Click on Grant admin consent for a user and the status for all these permissions will be set to green.
Setup in PSA
Custom SMTP now supports OAuth 2.0 for Exchange Online.
Go to Admin > My company > Outbound email.
Use Custom SMTP Settings: Yes > Enable OAuth 2.0 Authentication: Yes
Fill in the below values from your account
Outgoing Mail Server: smtp.office365.com
Port Number: 587 or 25
Encryption Type: SSL
Application ID: enter the Application ID from Azure
Directory ID: enter the Directory ID from Azure
Important!
1. OAuth 2.0 does not support MFA-enabled accounts as Microsoft Graph API does not support either, hence disable the MFA for the user account.
2. Log in to the Microsoft 365 Admin Center and ensure SMTP is enabled for the user account mentioned on the Outbound email.
(https://learn.microsoft.com/en-us/microsoft-365/enterprise/connect-to-microsoft-365-powershell?view=o365-worldwide).
3. SMTP account must be a normal account, it cannot be a shared account.