This guide outlines the steps to configure Axero to send emails using a Microsoft 365 account via the secure Microsoft Graph API with OAuth 2.0 authentication. This method is preferred over legacy SMTP basic authentication.
Ensure the following prerequisites are met:
Microsoft 365 License
Required License: Microsoft 365 Business Standard or higher with Exchange Online Plan 1 or Plan 2
Shared mailboxes cannot be used unless they are converted to licensed accounts
Administrative Access: You will need the following roles:
Microsoft Entra ID: Global Administrator or Application Administrator to register the application and grant API permissions (https://entra.microsoft.com)
Microsoft Exchange Online: Exchange Administrator to manage tenant-wide SMTP settings (https://admin.exchange.microsoft.com)
Microsoft 365 Admin Center: User Administrator or Global Administrator to manage user-specific SMTP settings (https://admin.microsoft.com)
Sign in to the Microsoft Entra portal at https://entra.microsoft.com with a Global Admin or Application Admin account.
In the left navigation, select Entra ID > App registrations, then click New registration.
Enter a descriptive name for the app (e.g., "Axero Email Integration").
Set Supported account types to Accounts in this organizational directory only (single tenant).
Click Register.
After registration, record the following values (you'll need them later):
β Validation checkpoint: Confirm you have successfully recorded both the Directory (tenant) ID and Application (client) ID before proceeding.
In the registered app, click Authentication.
Click Add Redirect URI, and then Web.
Under Redirect URI, enter https://YOUR_AXERO_URL/oauth2/sharepoint/callback
Replace YOUR_AXERO_URL with your Axero site address.
Click Configure.
β Validation checkpoint: Verify the redirect URI is correctly formatted with your actual Axero URL.
In the registered app, open Certificates & secrets and click New client secret.
Provide a descriptive description (e.g., "Axero Email Secret") and choose an expiry period.
Click Add.
Copy the Value of the newly created client secret. This value is shown only once. Store it securely alongside the Client ID and Tenant ID obtained in Step 2.
β Validation checkpoint: Confirm you have securely stored all three values: Tenant ID, Client ID, and Client Secret.
In the registered app, open API permissions.
Click Add a permission and select Microsoft Graph.
Choose Delegated permissions. Axero will send email as the configured user, requiring delegated access.
Search for Mail.Send and select it. This scope allows Axero to send emails on behalf of the configured user.
Search for offline_access and select it. This scope enables automatic token refresh without requiring user re-authentication.
Click Add permissions.
β Validation checkpoint: Confirm the required permissions (Mail.Send and offline_access) are listed in your API permissions.
Even though you are using the modern Graph API method, Microsoft requires the underlying SMTP AUTH protocol to be enabled for the mailbox being used.
Go to the Exchange admin center: https://admin.exchange.microsoft.com.
Sign in with an Exchange Administrator account.
Go to Settings > Mail flow.
Ensure Turn off SMTP AUTH protocol for your organization is unchecked (disabled).
Click Save.
β Validation checkpoint: Confirm that SMTP AUTH is enabled at the tenant level before proceeding to user-specific settings.
Go to the Microsoft 365 admin center: https://admin.microsoft.com.
Sign in with appropriate admin credentials (User Admin, Global Admin).
Go to Users > Active users.
Find and click on the specific licensed user account that will be used to send emails from Axero.
In the user's details pane that opens, select the Mail tab.
Click on the Manage email apps link.
Ensure the Authenticated SMTP option is checked (enabled).
Click Save changes.
β Validation checkpoint: Verify that SMTP AUTH is enabled for the specific user account that will send emails from Axero.
Open a new browser window and sign in to your Axero site as a Site Administrator.
Go to Control Panel > System > General Settings > Email Settings.
Under SMTP server, enable Office 365.
Click Settings and enter the following configuration:
Click Save Settings.
Click Connect. You will be redirected to the Microsoft sign-in page.
β οΈ Critical: Log out of any Microsoft admin accounts first, then sign in as the user who owns the licensed mailbox specified in the "From Email Address" field.
β When prompted, accept the requested permissions to complete the authorization.
Upon successful authorization, scroll down and click Save System Settings.
β Validation checkpoint: Verify that the connection was successful and no error messages are displayed in Axero.
In Axero, go to People > Manage People.
Select Send Email or Options > Mass Email.
Select a test recipient (preferably yourself) and compose a test message with a clear subject line (e.g., "Axero Email Test - [Current Date]").
Send the email and verify delivery:
π‘ Success indicator: If the test email is delivered successfully, your Microsoft 365 integration is working correctly.
Monitor the client secret expiry date and generate a new secret before it expires. Update the value in Axero whenever you rotate the secret.
If your organization uses SPF, DKIM, and DMARC, ensure the domainβs DNS records are correctly configured to avoid spam filtering.
Periodically review API permissions and remove any that are no longer needed to follow the principle of least privilege.
For additional assistance, contact Axero Support or consult your Microsoft 365 administrator.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/axero-documentation/wiki/view/109152/microsoft-365-email-configuration
Your session has expired. You are being logged out.