Configure the Email Export Service to use Office 365 with OAuth2

The Email Export Service is configured to use Office 365 (or Microsoft 365) as its SMTP server for sending emails.

To set this up correctly, the following SMTP server settings are required:

Host: smtp.office365.com Port: 587 (recommended) or 25

Why OAuth2 Authentication?

Due to the Deprecation of Basic authentication in Exchange Online, our current implementation of the Email Export Service uses OAuth2 authentication to connect to smtp.office365.com.

OAuth2 provides a more secure method for authentication, using tokens instead of passwords, aligning with modern security practices.

Setting Up OAuth2 Authentication

To authenticate with the Office 365 SMTP server using OAuth2, users must set up an application with Microsoft Entra (formerly Azure Active Directory) for the client credentials grant flow following these guidelines:

• How to set up an application to send emails using Microsoft 365 or Office 365

• Authenticate an IMAP, POP or SMTP connection using OAuth

The summarized steps to complete the setup:

• Register an Application with Microsoft Entra: Create a new application registration in Microsoft Entra to represent your Email Export Service.

• Add Application Permission: Grant the SMTP.SendAsApp permission under API Permissions to allow the application to send emails as itself.

• Get Tenant Admin Consent: Ensure that tenant-wide admin consent is obtained for the required permissions to allow the application to access the necessary resources.

• Register Service Principals in Exchange: Register the service principal in Exchange Online and assign the appropriate mailbox permissions to the sender email for the service principal.

After you complete the setup, enter the Client ID, Tenant ID, and Client Secret in the Email Export configuration settings.