Connectors

Email Server Configuration - OAuth (Graph API)

To be able to use the Email DataSet connector you need to start by configuring the connection details to your Email Server.

The following page covers how to connecting via OAuth using Microsoft Graph. You need to start by configuring the app in Azure Active Directory and then using those details connect in Data Sync.

Configure the App in Azure

In Azure AD go to App Registrations > New Registration. Then enter in a name for your app and decide which account types suits your need. In this example we have gone with the default which lets only accounts in the organisation use it. Then click Register to create the app.

App Registration

Permissions

You now need to set the permissions. This will require admin consent so if you are not an admin user, please be aware that you will need to request you active directory admin to grant the permissions.

The permission needed to send mail give access to all user accounts. This can be restricted to a single user account with powershell script. We will cover how to do this in a moment.

Go to API Permissions and click onto Add a permission. Then select Microsoft Graph > Application Permissions and look for the permission Mail.Send which is under the Mail header.

Click Add Permissions to add it, and then grant approval if you are an admin user or request approval from your administrator.

Add Graph API Send Email Permission

Permissions Approval Needed

Client Secret

We now need to generate a client secret. To do this go to Certificates & Secrets > New client secret, enter in a name and set the expiry length.

Note: You will need to create a new secret when this expires and update your connection with the new client secret.

Create Secret

Copy the value that is generated and make a note of this as you will not be able to view it again once you leave this page. You will need this to configure your connection in Data Sync.

Copy Secret

Overview & Gather Credentials

Now click onto Overview to gather the Client ID and Tenant ID.

App Overview

Restrict the Access

Using Powershell you can restrict the access this app has, so that emails can only be sent from a certain email address.

This needs admin level permissions so you will need to ask your administrator to configure this for you if you are not an admin user.

You will need the Client ID from your App gathered earlier.

Open Powershell and connect to Exchange Online PowerShell. You can find the full details on how to do this on Microsoft's Docs Site here.

Run the following statements, replacing the relevant emails and client ID where required:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName {ADMIN_EMAIL_ADDRESS}
New-ApplicationAccessPolicy -AppId {CLIENT_ID} -PolicyScopeGroupId {EMAIL_ADDRESS e.g.EvenUsers@contoso.com} -AccessRight RestrictAccess -Description "Restrict this app to members of distribution group EvenUsers."

To test the restriction has been applied you can run the following statement in Powershell:

Test-ApplicationAccessPolicy -Identity {EMAIL_ADDRESS} -AppId {CLIENT_ID}

The AccessCheckResult should return either Granted or Denied depending on the details you entered and the restrictions set.

The Microsoft documentation for limiting the application permissions to specific mailboxes can be seen here.

Data Sync Connection

With the app now created in Azure we can go back to Data Sync and finish configuring the connection.

If you haven't already, enter in the email address that messages should be sent from and a name for that email address. Set the Email Server Type to Azure Graph Email Send API and then enter in the main mailbox email address for your company.

You can now enter in the credentials we collected from the app earlier. This is the Tenant ID, the Client ID and the Client Secret.

Connection

Now move onto configuring the message. If you just want to connect without configuring anything further make sure to save the connection to the connection library by clicking Connect & Create Library Connection.