Click HERE to see how Saviynt Intelligence is transforming the industry. |
09/19/2024 04:11 AM
Hi Team,
We have setup a SMTP in Azure AD while doing test connection we are getting below error. Client ID and secret are correct. Can you please let me know what should be the process to enable to connection.
Referred below document :
Registered an application in Azure. After registration what should be the process?
https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app?tabs=client-secret
Regards,
Gaurav
Solved! Go to Solution.
09/19/2024 05:08 AM - edited 09/19/2024 05:11 AM
Steps to resolve “MailboxNotEnabledForRESTAPI” error:
1. Ensure the User’s Mailbox is Active:
• Make sure that the user associated with the mailbox you’re trying to access has an active Exchange Online mailbox.
• This can happen if the mailbox is not yet fully provisioned, or if the user is missing an Exchange Online license.
Check Exchange Online License:
• Go to Microsoft 365 Admin Center.
• Ensure that the user has the appropriate Exchange Online license assigned.
2. Check that the mailbox is not disabled:
• If the mailbox is disabled, it won’t respond to REST API calls.
• Use PowerShell to check the mailbox status:
Get-Mailbox -Identity <user_email_address>
• Ensure that the mailbox is enabled.
3. Enable REST API for the Mailbox:
• In some cases, a mailbox may not have the required permissions to interact with REST APIs.
• To enable a mailbox for REST API access, run the following PowerShell command using the Exchange Online PowerShell module:
Set-CASMailbox -Identity <user_email_address> -EwsEnabled $true
4. Grant Required API Permissions to the Azure AD App:
• Go back to your Azure AD App Registration in the Azure portal.
• In the API permissions section, you need to add and grant the following permissions to your app:
• Microsoft Graph API or Exchange API.
• The necessary permissions for sending emails via SMTP include:
• Mail.Send
• Mail.ReadWrite
• Mail.Read
• Make sure these permissions are granted as Application Permissions (for service-to-service communication) and not as Delegated Permissions (unless you’re authenticating on behalf of a user).
After adding the permissions:
• Click on “Grant admin consent” for the permissions.
5. Configure Application Authentication for SMTP (OAuth2):
• For the SMTP connection, you need to ensure that OAuth2 authentication is set up properly.
• When using an application in Azure to authenticate with Microsoft 365 for SMTP, you should:
• Use Client ID and Client Secret from your registered app.
• Use the token endpoint to authenticate the app and retrieve an access token.
• The SMTP server address for Microsoft 365 is smtp.office365.com with port 587 (TLS).
6. Check the Permissions of the Service Account:
• The service account (or the mailbox being used to send the email) must have permissions to send mail on behalf of itself or another mailbox if needed.
• If you’re using a service account, make sure it has the Send As or Send on Behalf permissions if necessary.
• You can check or assign these permissions via Exchange Online PowerShell using:
Add-MailboxPermission -Identity <target_mailbox> -User <service_account> -AccessRights SendAs
7. Enable Modern Authentication (OAuth) for SMTP in Microsoft 365:
• SMTP with OAuth requires Modern Authentication to be enabled on your tenant.
• Verify if Modern Authentication is enabled by running the following PowerShell command:
Get-OrganizationConfig | ft OAuth2ClientProfileEnabled
• If it returns False, enable it:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
8. Use the Correct SMTP Settings:
• Ensure that the SMTP settings in your application match the correct ones for Microsoft 365:
• Server: smtp.office365.com
• Port: 587 (TLS)
• Authentication: OAuth2 with the token retrieved from Azure AD.
After Registration Process:
1. Add API Permissions in Azure Portal:
• Go to Azure Active Directory > App registrations > Your app.
• In the API Permissions tab, add Microsoft Graph or Exchange API permissions related to sending emails (as mentioned in Step 4).
2. Generate a Client Secret:
• Go to Certificates & Secrets in your app registration.
• Generate a Client Secret and note it down (you will need it to authenticate).
3. Set Up OAuth2 in Your Application:
• Your application must use the Client ID, Client Secret, and Tenant ID to authenticate via OAuth2.
• The SMTP service will authenticate using the access token retrieved via OAuth.
09/19/2024 10:51 PM
Hi Team,
Working now after license assignment.
Thanks,
Gaurav