Skip to main content

Connect Microsoft 365 mail server

When you connect to Microsoft 365 mail server(that is Exchange Online), it is mandatory to use the OAuth v2.0 authentication scheme via SMTP.  LogicalDOC uses the client credential flow to obtain the OAuth Token.

Register LogicalDOC as application in the Azure Portal

Open your Azure Portal, here in the Services section, open the App registrations. Click on New registration and enter LogicalDOC as the new application name.

LogicalDOC app

Now that the application has been registered, please enter the API permissions to provide the following permissions:

Microsoft Graph
----------------------------------
Mail.Read
Mail.ReadBasic
Mail.ReadBasic.All
Mail.ReadWrite
Mail.Send
SMTP.Send
User.Read

Office 365 Exchange Online
----------------------------------
full_access_as_App
IMAP.AccessAsApp
Mail.Read
Mail.Send
Mail.Send.All
SMTP.SendAsApp

LogicalDOC grants

Grant admin consent

Make sure to grant admin consent for all the application permissions.

Create the service principal in Exchange Online

Once consent has been provided, the admin must register your application's service principal in Exchange using Power Shell.

Open the Power Shell and install the module ExchangeOnlineManagement with these commands:

Install-Module -Name AzureAD -SkipPublisherCheck
Import-Module AzureAD
Install-Module -Name ExchangeOnlineManagement -SkipPublisherCheck
Import-Module ExchangeOnlineManagement

 

Exchange Online - InstallModule

Now register the Service Principal in Exchange with these other commands:

Connect-AzureAD
Connect-ExchangeOnline
New-ServicePrincipal -AppId {Application ID} -ObjectId {Object ID}

Make sure to replace the {Application ID} and {Object ID} with those codes from Enterprise applications rather than object id of App registration.
For the same application you registered in App registration, a corresponding application has been created in Enterprise applications as well. You need to pass object id from there while registering service principal in Exchange: 

 

LogicalDOC Enterprise App

Obtain the principal ID with this command:

Get-ServicePrincipal | fl

 

Exchange Service Principal

Add full permissions to the mailbox you use to connect with this command:

Add-MailboxPermission -Identity {your email} -User {principal id} -AccessRights FullAccess

 

Exchange Service Principal

Enable the SMTP with this command:

Set-CASMailbox -Identity {your email} -SmtpClientAuthenticationDisabled $false

 

Exchange Service SMTP

Generate a client secret

In order to allow LogicalDOC to connect to your Microsoft 365 a secret must be generated, to do so open the details of your newly registered app.

 

App Details

Here, click the Client credentials link and generate your secret.

Save the secret

Make sure to save the secret in a secure place because it is visible only now, and you will not be able to get it anymore in the future from the Azure portal.

Configure LogicalDOC

  1. Enter in Administration > Settings > Outgoing Email
  2. In the Protocol field put: SMTP Microsoft 365
  3. Enable the option Use secure authentication
  4. In the Server field, put: smtp.office365.com
  5. In the Port field put: 587
  6. In the Username and Sender Email put the same mailbox you use to connect
  7. Disable the option Use user's email as sender
  8. In Client ID and Tenant ID put the values from the App details as you see in the Azure portal

    App Details

  9. In the Client Secret field, put the secret you previously saved

SMTP Settings

Save and test the connection.

Use user's email as sender

The settings described in this page make LogicalDOC to send all the emails as the same user that connects to your Exchange Online. If you want LogicalDOC to send the emails in the name of the other users(for instance, when a user sends a message from the interface), then enable the option Use user's email as sender. You also have to assign the Send As permission through the Power Shell as described in the Microsoft documentation.