Microsoft 365 Email Integration with OAuth 2.0
    • 28 Nov 2022
    • PDF

    Microsoft 365 Email Integration with OAuth 2.0

    • PDF

    Article summary

    You can set up email integration with the OAuth 2.0 protocol with Microsoft 365 or Google. The instructions below can be applied to incoming or outcoming email integration or both.



    We recommend that you limit the application's access to specific mailboxes by creating an application access policy. For more information see here.

    To set up outgoing/incoming email integration with the OAuth 2.0 protocol with Microsoft 365

    1. From the Protocol drop-down, select OAuth 2.0.
    2. Select Microsoft 365.
    3. Register your application in Azure:
      1. In your Microsoft 365 account, navigate to Azure Active Directory > App registrations.
      2. Click New registration.
      3. Enter a name for your application.
      4. In the supported account types, select the single tenant option.
      5. (Optional) Select a platform configuration.
      6. Click Register.
    4. Client secret:
      1. In App registrations, navigate to Certificates & secrets.
      2. Click New Client secret.
      3. Enter a description.
      4. In the Expires area, select 24 Months.
      5. Click Add.
      6. Copy the generated secret from the Value column.
      7. Back in the SysAid email integration form, paste the secret in the Client secret field.
    5. Setup API permission:
      1. Back in Azure, navigate to API permissions and click Add a permission
      2. Choose Microsoft Graph.
      3. Click Delegated Permissions.
      4. Check the User.Read permission.
      5. Click Add Permissions.
      6. Click Application Permissions.
      7. Check the following permission.
        - Calendars.ReadWrite
        - Mail.ReadWrite
        - Mail.Send
        - User.Read.All
      8. Click Application Permissions.
      9. Click Grant admin consent for <domain name>.
      10. Click Yes to confirm. 
    6. Copy the Tenant ID and Client ID:
      1. In Azure Active Directory, navigate to App registrations and select the app you just set up.
      2. Copy the Application (client) ID and paste it into the Client id field in the SysAid email integration form.
      3. Copy the Directory (tenant) ID and paste it into the Tenant id field in the SysAid email integration form.
    7. In your email inbox settings, navigate to General > Language and Time and ensure that the value of the Current Time Zone field reflects the appropriate time zone for your account.
    8. Follow the instructions in the relevant links below to fill out the rest of the email form. Be sure that the inbox that you set up for incoming email integration is dedicated specifically for incoming email integration with SysAid and not used for any other purposes.


    In Email Integration, all emails that are sent to the integrated email address, create a ticket and are deleted soon after. In Microsoft 365 OAuth 2.0, due to Microsoft policies, such emails are moved to the Recoverable Items folder, instead of the Deleted folder (as expected). This is per Microsoft 365 design - more details can be found here.
    To easily locate your incoming (deleted) emails, simply click the Recoverable Items link (at the top of the Deleted folder) and find all the relevant emails (which are kept there for 30 days, same as in the deleted folder). Another option to bypass this behavior is to define a dedicated folder for copies of all incoming emails. To do so, go to Settings > Integration > Email > Incoming Email tab, and fill in the Send a copy of the incoming emails to field (available for Enterprise editions only). See more details here.

    Related content
    Email list
    Required network access
    Email form
    Outgoing email
    Incoming email
    Google Email Integration with OAuth 2.0
    Email rules