Configure mail settings

To configure the outgoing mail settings for an Adaxes service:

1. Launch Adaxes administration console.

    How

   • On the computer where Adaxes administration console is installed, open Windows Start menu.

   • Click Adaxes Administration Console.

2. In the Console Tree, right-click the Adaxes service, for which you want to configure mail settings (the icon represents service nodes).

3. In the context menu, click Properties.

4. Activate the Mail Settings tab.

5. Specify the outgoing mail settings on the right.

Send mail via Exchange Online

Adaxes can use an Entra application account to securely authenticate to Exchange Online and send email notifications from a mailbox of your choice. You can create a new app or use the app that you might have already registered for managing your Entra organization.

 New application

1. Open the Microsoft Entra admin center.

2. Navigate to and open the App registrations service.

   To quickly locate the service, type App registrations in the Search field.

3. Click New registration.

4. Enter the application name (e.g. Adaxes), and click Register.

5. Copy the Application (client) ID and paste it into the Application (client) ID field in Adaxes administration console.

6. Copy the Directory (tenant) ID and paste it into the Directory (tenant) ID field in Adaxes administration console.

7. Back on the app page in the Microsoft Entra admin center, click Add a certificate or secret.

8. Click New client secret and then click Add.

9. Copy the client secret Value and paste it into the Client secret field in Adaxes administration console.

Do not click Next in the administration console yet, as you need to grant the newly registered app the required permissions first.

 Existing application

1. Open the Microsoft Entra admin center.

2. Navigate to and open the App registrations service.

   To quickly locate the service, type App registrations in the Search field.

3. Activate the All applications tab.

4. Locate the app you want to use and click it.

5. Copy the Application (client) ID and paste it into the Application (client) ID field in Adaxes administration console.

6. Copy the Directory (tenant) ID and paste it into the Directory (tenant) ID field in Adaxes administration console.

7. Back on the app page in the Microsoft Entra admin center, click Add a certificate or secret.

8. Click New client secret and then click Add. Alternatively, you can use an existing client secret if you have it written down somewhere.

9. Copy the client secret Value and paste it into the Client secret field in Adaxes administration console.

Do not click Next in the administration console yet, as you need to grant the app additional permissions first.

The app needs the following API permissions.

Add these API permissions via the app manifest:

1. On the app page in the Microsoft Entra admin center, click Manifest to open up an editor that allows you to directly edit the attributes of the app registration.

2. Locate the requiredResourceAccess key in the manifest.

3. Set the key to one of the values below, depending on the function that your Entra app will perform.

    Sending emails and domain / tenant management

   Select one of these values if you will use the app to send emails and manage your domain or tenant.

   Entra domain and Microsoft 365 tenant

   "requiredResourceAccess": [
       {
           "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
           "resourceAccess": [
               {
                   "id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
                   "type": "Role"
               },
               {
                   "id": "7146a1f0-8703-45b3-9eae-527a64c00995",
                   "type": "Role"
               }
           ]
       },
       {
           "resourceAppId": "00000003-0000-0000-c000-000000000000",
           "resourceAccess": [
               {
                   "id": "b0afded3-3588-46d8-8b3d-9842eff778da",
                   "type": "Role"
               },
               {
                   "id": "62a82d76-70ea-41e2-9197-370581804d09",
                   "type": "Role"
               },
               {
                   "id": "5facf0c1-8979-4e95-abcf-ff3d079771c0",
                   "type": "Role"
               },
               {
                   "id": "9e3f62cf-ca93-4989-b6ce-bf83c28f9fe8",
                   "type": "Role"
               },
               {
                   "id": "9492366f-7969-46a4-8d15-ed1a20078fff",
                   "type": "Role"
               },
               {
                   "id": "cc117bb9-00cf-4eb8-b580-ea2a878fe8f7",
                   "type": "Role"
               },
               {
                   "id": "741f803b-c850-494e-b5df-cde7c675a1ca",
                   "type": "Role"
               },
               {
                   "id": "50483e42-d915-4231-9639-7fdb7fd190e5",
                   "type": "Role"
               },
               {
                   "id": "3011c876-62b7-4ada-afa2-506cbbecc68c",
                   "type": "Role"
   		    }
           ]
       }
   ]
   

   Microsoft 365 tenant

   "requiredResourceAccess": [
       {
           "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
           "resourceAccess": [
               {
                   "id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
                   "type": "Role"
               },
               {
                   "id": "7146a1f0-8703-45b3-9eae-527a64c00995",
                   "type": "Role"
               }
           ]
       },
       {
           "resourceAppId": "00000003-0000-0000-c000-000000000000",
           "resourceAccess": [
               {
                   "id": "cc117bb9-00cf-4eb8-b580-ea2a878fe8f7",
                   "type": "Role"
               },
               {
                   "id": "741f803b-c850-494e-b5df-cde7c675a1ca",
                   "type": "Role"
               },
               {
                   "id": "50483e42-d915-4231-9639-7fdb7fd190e5",
                   "type": "Role"
               },
               {
                   "id": "5facf0c1-8979-4e95-abcf-ff3d079771c0",
                   "type": "Role"
               },
               {
                   "id": "3011c876-62b7-4ada-afa2-506cbbecc68c",
                   "type": "Role"
   		    }
           ]
       }
   ]
   

    Only sending emails

   Select this value if the app will be used solely to send emails.

   "requiredResourceAccess": [
       {
           "resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
           "resourceAccess": [
               {
                   "id": "dc50a0fb-09a3-484d-be87-e023b12c6440",
                   "type": "Role"
               },
               {
                   "id": "7146a1f0-8703-45b3-9eae-527a64c00995",
                   "type": "Role"
               }
           ]
       }
   ]
   

4. Click Save.

5. Click API permissions.

6. Verify that the list contains the required permissions.

7. Click Grant admin consent for <tenant name> and then click Yes to confirm. Admin consent is required to make the added permissions effective.

8. Back in Adaxes administration console, click OK to save the app credentials.

9. Specify the email address and the display name of the mailbox from which Adaxes will send emails in the From section.

Grant mailbox rights to the app

The app will need Full access permissions to the mailbox from which it will send emails. We recommend to create a dedicated mailbox that will be used only by this app.

There is a slight caveat – you cannot grant Exchange permissions directly to an Entra app. You need to first create a corresponding Exchange service principal, and then grant the permissions to this principal. This can only be done via PowerShell.

1. Launch Windows PowerShell on the computer where the ExchangeOnlineManagement PowerShell module is installed.

2. Execute the following script. It will create an Exchange service principal for your app if there isn't already one, and will grant it full access rights to the specified mailbox. In the script:

   • $applicationId – the identifier of the app registration in Entra ID.

   • $entraServicePrincipalId – the identifier of the Entra service principal of the app.

      How to obtain the application and service principal identifiers

     1. Open the Microsoft Entra admin center.

     2. Navigate to and open the Enterprise applications service.

     3. Locate your application and click it.

     4. The app registration and service principal identifiers will be displayed in the Properties section, in the Application ID and Object ID fields respectively.

     Important

     Do not confuse these identifiers with the ones on the app page of the App registrations service. Those identifiers are different and will not work.

   • $displayName – a user-friendly display name for the new service principal.

   • $mailboxId – the identifier of an Exchange Online mailbox.

   $applicationId = "<appID>"
   $entraServicePrincipalId = "<objectID>"
   $displayName = "<displayName>"
   $mailboxId = "<mailboxID>"
   
   Connect-ExchangeOnline
   try {
       $servicePrincipal = Get-ServicePrincipal -Identity $applicationId -ErrorAction Stop
   }
   catch {
       $servicePrincipal = New-ServicePrincipal `
           -AppId $applicationId -ObjectId $entraServicePrincipalId -DisplayName $displayName
   }
   Add-MailboxPermission `
       -Identity $mailboxId -User $servicePrincipal.Identity -AccessRights FullAccess
   

Enable SMTP AUTH for the mailbox

Adaxes uses modern authentication via the SMTP AUTH protocol to submit outgoing mail to Exchange Online. Therefore, you need to enable SMTP AUTH for the mailbox from which Adaxes will send emails.

1. Open the Microsoft 365 admin center.

2. In the navigation menu, expand Users and then click Active users.

3. Locate and click the mailbox that the app will send emails from.

4. Activate the Mail tab.

5. In the Email apps section, click Manage email apps.

6. Enable the Authenticated SMTP checkbox.

7. Click Save changes.

See also

• Configure SMS settings
• Register Adaxes as an app in Entra ID

---