Issues Adding SMTP.Send Permission to Azure Application for Office 365 SMTP

Question

I am developing an application on the Azure portal to send emails via free Microsoft accounts using the SMTP server smtp.office365.com.

How can I add the permission https://outlook.office.com/SMTP.Send to an application on the Azure portal? I couldn't find this option, only https://outlook.office.com/Mail.Send.

The workaround is to add https://outlook.office.com/SMTP.Send in the "scope" when starting the authentication process, but I would like to use https://outlook.office.com/.default since there are other required permissions. In other words, https://outlook.office.com/SMTP.Send exists and works, but it is not available in the portal interface.

I tried using https://graph.microsoft.com/SMTP.Send instead, but I got an authorization error when attempting to send an email to the SMTP.

Answer 1

I agree with you, SMTP.Send API permission is not available in the API permissions blade of the Microsoft Entra ID application. Refer this SO Thread by Allen Wu.

Hence as a workaround you need to specify the scope name to generate the token like https://outlook.office.com/SMTP.Send

For sample, I generated below API permissions:

And passed scope as https://outlook.office.com/SMTP.Send to generate access token:

GET https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token 
client_id=ClientID
client_secret = ClientSecret
redirect_uri= https://jwt.ms
code=Code
scope= https://outlook.office.com/SMTP.Send 
grant_type = authorization_code

And the access token contained all the Office 365 Exchange Online permissions granted to the Microsoft Entra ID application:

When decoded the scopes are present that is SMTP.Send and all other permissions granted to the Microsoft Entra ID application.

If still the issue persists, pass individual scopes like below:

scope : https://outlook.office.com/SMTP.Send https://outlook.office.com/Mail.Send https://outlook.office.com/Calendars.Read.All