# Microsoft Outlook Setup (OAuth2) ## Settings in Microsoft Entra ### Application Registration 1. Sign in to the [Microsoft Entra admin center.](https://entra.microsoft.com/)

2. Go to "**Entra ID**" -> "**App registrations**". Then click "**New registration**" to register a new application.

3. Select the following parameters for your application: * **Name** - enter a name for your application. * **Supported account types** - select "**Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)**".

4. Specify the Redirect URL: * **Select a platform** — select "**Web**". * **URL**: ``` https://192.168.100.71/pbxcore/api/v3/mail-settings/oauth2-callback ``` Replace 192.168.100.71 with your MikoPBX address. Then click "**Register**".

5. The application will be created. Save the Client ID — you will need it in the future for configuration inside the MikoPBX web interface.

### Granting Permissions and Creating a Client Secret 1. From the application's main page, go to "**Manage**" -> "**API permissions**".

2. Click "**Add a permission**".

3. In the "**Microsoft Graph**" section, select "**Delegated Permissions**". Enter "**SMTP**" in the search bar. Check the box next to "**SMTP.Send**".

4. Also enter "**offline**" in the search bar. Check the box next to "**offline\_access**". Click "**Add permissions**".

Granting the "offline_access" permission

5. Next, go to "**Certificates & secrets**" -> "**Client secrets**". Click "**New client secret**".

6. Set the required parameters: * **Description** - an arbitrary description. * **Expires** - the duration for which you are issuing this client secret. It will be needed for application authentication in MikoPBX. {% hint style="info" %} After expiration, the created client secret will stop functioning and you will need to repeat the process of creating a new key and connecting to MikoPBX. {% endhint %} {% hint style="danger" %} After creation, the Client Secret value will be shown only once. Do not forget to copy it into the MikoPBX web interface. {% endhint %} Click "**Add**".

Parameters for creating a new client secret

7. Copy the "**Value**" (**not the Secret ID!**). It will be needed for configuration in the MikoPBX web interface.

Copying the Value of the previously created Client Secret

#### Granting Permissions to a User For the application to work correctly, you need to grant permission to use the SMTP protocol for the user whose mailbox you are authorizing during this setup. To do this, follow these steps: 1. Go to the organization's admin center ([link](https://admin.microsoft.com/)).

2. Go to "**Users**" -> "**Active Users**". Click on the name of the user account under which the application is being created.

"Active Users" section in Microsoft Admin Center

3. In the account, go to the "**Mail**" section and select "**Manage email apps**".

4. Make sure that "**Authenticated SMTP**" is allowed. Save the changes by clicking "**Save changes**".

Allowing Authenticated SMTP for the selected user

### Settings in MikoPBX 1. Go to the MikoPBX web interface. Then "**System**" -> "**Mail and Notifications**" -> "**SMTP Settings**". Fill in all the required fields: * **Sender address, Sender name** — your email and the name from which the emails will be sent. * **Authentication type** — OAuth2. * **SMTP login** — your email. * **OAuth2 Provider** — Microsoft/Outlook. * **Application ID (Client ID), Secret key (Client Secret)** — data from Microsoft Entra. Leave all other settings at their default values. A more detailed description can be found in the main article about mail parameters ([link](https://docs.mikopbx.com/mikopbx/manual/system/mail-settings-1)). After that, click "**Save**"! 2. Click "**Connect via OAuth2**". Sign in to your Microsoft account. Then confirm granting all requested permissions. Upon successful authorization, you will see the corresponding window.