Register the Application in Microsoft Entra ID

1. Go to Entra portal → App registrations → New registration

   
   

   Name the app (e.g., MyService-Mailer)

2. Supported account types: Single tenant

3. Redirect URI: Not required

4. Click Register

Copy:

• Directory (tenant) ID

• Application (client) ID

These will be used by your service to request OAuth tokens.

Create a Client Secret

1. In your app → Certificates & secrets

2. Click New client secret

3. Set an expiration period (1–2 years recommended)

4. Copy the VALUE immediately — you cannot retrieve it later

You now have:

• Client ID

• Client Secret

• Tenant ID

Then

Assign API Permissions (Application Permissions)

You need Mail.Send (Application) — NOT delegated.

1. App → API permissions

   

2. Add a permission → Microsoft Graph → Application permissions

3. Add Mail.Send

   

   Click Grant admin consent