Configure mail settings

To configure the outgoing mail settings for an Adaxes service:

Launch Adaxes administration console.
How
- On the computer where Adaxes administration console is installed, open Windows Start menu.
- Click Adaxes Administration Console.
In the Console Tree, right-click the Adaxes service, for which you want to configure mail settings (the icon represents service nodes).
In the context menu, click Properties.
Activate the Mail Settings tab.
Specify the outgoing mail settings on the right.

Send mail via Exchange Online

Adaxes can use an Entra application account to securely authenticate with Exchange Online and send email notifications from a mailbox of your choice. To set up this feature, you'll need an account with at least the following roles:

Application Administrator role in Entra ID
Role Management role in Exchange Online

Choose which app to use

You can create a new app or use the app that you might have already registered for managing your Entra organization.

New application

Open the Microsoft Entra admin center.
Browse to Entra ID > App registrations and select New registration.
Enter the application name (e.g. Adaxes), and click Register.
Copy the Application (client) ID and paste it into the corresponding field in Adaxes administration console.
Copy the Directory (tenant) ID and paste it into the corresponding field in Adaxes administration console.
On the app Overview page in the Entra admin center, click Add a certificate or secret.
Click New client secret.
Specify a description for the new client secret, select its expiration period, and then click Add
Copy the client secret Value and paste it into the Client secret field in Adaxes administration console.

Do not click Next in the administration console yet, as you need to grant the newly registered app the required permissions first.

Existing application

Open the Microsoft Entra admin center.
Browse to Entra ID > App registrations and select All applications.
Locate the app you want to use and click it.
Copy the Application (client) ID and paste it into the corresponding field in Adaxes administration console.
Copy the Directory (tenant) ID and paste it into the corresponding field in Adaxes administration console.
On the app Overview page in the Entra admin center, click Add a certificate or secret.
Click New client secret.
Specify a description for the new client secret, select its expiration period, and then click Add
Copy the client secret Value and paste it into the Client secret field in Adaxes administration console.

Do not click Next in the administration console yet, as you need to grant the app additional permissions first.

Grant API permissions

On the app Overview page in the Entra admin center, click API permissions.
Click Add a permission.
Activate the APIs my organization uses tab.
Locate and click the Office 365 Exchange Online API.
Select Application permissions.
Select the following permissions.
- Permission
- Reason
- Exchange.ManageAsApp
- Connect to Exchange Online.
- SMTP.SendAs.App
- Send emails as an app.
Click Add permissions.
Click Grant admin consent for <tenant name> and then click Yes to confirm. Admin consent is required to make the added permissions effective.
Back in Adaxes administration console, click OK to save the app credentials.
Specify smtp.office365.com in the SMTP Server field and 587 in the Port field.
Specify the email address and the display name of the mailbox from which Adaxes will send emails in the From section.

Grant mailbox rights

The app requires Full access permissions to the mailbox from which it will send emails. We recommend creating a dedicated mailbox that will be used only by this app.

Unlike API permissions, mailbox rights cannot be granted directly to an app. Instead, you must create an Exchange service principal that corresponds to the Entra service principal of the registered application. This allows Exchange to recognize the app as a manageable identity.

This has to be done via the Exchange Online Powershell V3 module from Microsoft. Make sure you have it installed.

Obtain the service principal identifiers

You'll need the Application ID and Object ID of the app's Entra service principal.
- Open the Microsoft Entra admin center.
- Browse to Entra ID > Enterprise apps and select your application.
- The identifiers will be displayed in the Properties section, in the Application ID and Object ID fields respectively.

Run the PowerShell script

Launch Windows PowerShell and execute the following script. The script will create an Exchange service principal if one doesn't already exist, and grant it Full Access rights to the specified mailbox. In the script:

$applicationId – the Application ID of the Entra service principal.
$objectId – the Object ID of the Entra service principal.
$displayName – a user-friendly display name for the new Exchange service principal.
$mailboxId – the identifier of an Exchange Online mailbox.

$applicationId = "<appID>"
$objectId = "<objectID>"
$displayName = "<displayName>"
$mailboxId = "<mailboxID>"

Connect-ExchangeOnline

try {
    $servicePrincipal = Get-ServicePrincipal -Identity $applicationId -ErrorAction Stop
}
catch {
    # Create Exchange principal if it doesn't exist.
    $servicePrincipal = New-ServicePrincipal `
        -AppId $applicationId -ObjectId $objectId -DisplayName $displayName
}
Add-MailboxPermission `
    -Identity $mailboxId -User $servicePrincipal.Identity -AccessRights FullAccess

Disconnect-ExchangeOnline

Enable SMTP AUTH for the mailbox

Adaxes uses modern authentication via the SMTP AUTH protocol to send outgoing mail through Exchange Online. Ensure that SMTP AUTH is enabled for the mailbox Adaxes will use.