Content
- Description
- App creation in Azure portal
- Register an App
- Grant API permissions
- Get the Client and Tenant IDs for the application
- Add public client flows
- Configure Zylinc mailbox user
- Enable SMTP AUTH authentication
- Configure Send-As permissions
- Alternative: Using Powershell
Description
In order to be able to authenticate Zylinc Cloud against Microsoft Exchange Online an Application
must be created in Azure.
App creation in Azure partal
Go to your Azure service 'Microsoft Entra ID' in the Azure portal and follow the steps below.
Register an App
Click App registrations, New registration.
Name it for example "Zylinc-Cloud-SMTP-Exchange-Connection"
Click the Register button.
Grant API permissions
When the registered application is created the following API permissions must be assigned, clicking the Add a permission :
- For Microsoft Graph Delegate permission
- SMTP.Send - Send emails from mailboxes using SMTP AUTH.
While we require a delegate permission from GraphAPI, it is used only used for acquiring permissionfor authentication token for delegate user. The acquired access token will be used to authenticate against Exchange Online server usingdelegate user.
Click on the "Grant admin consent for ..." button to grant admin consent for the API permissions.
The permissions are then as shown below
Get the Client and Tenant IDs for the application
Go to the Registered Application Overview page and copy the Application (client) ID and Directory(tenant) ID . You need to enter these in the Zylinc Cloud Configuration Manager Email Server Settings .
Get the Client and Tenant IDs for the application
Go to the Application Overview page and copy the Client ID and Tenant ID. You need to enter these in the
Zylinc Cloud Configuration Manager.
Add public client flows
In order to authenticate using the user mailbox we will send as, you need to enable the
public clientflow
.
Zylinc requires public flow to be enabled in order for the delegate user to be able to log in and acquire an access token (with defined application permissions).
See the following article from Microsoft: Desktop app that calls web APIs - Acquire a token
Configure Zylinc Mailbox User
Zylinc Cloud sends emails using a user's Mailbox with required permissions to send emails via the SMTP protocol.
The Zylinc mailbox User must be a User Mailbox (not a Shared Mailbox).
User Login
The User functions as service account and therefore Multifactor Authentication (MFA) must be disabled.
If MFA is applied as an organization policy this user must explicit be exclude from the policy.
Enable SMTP AUTH authentication
Since Zylinc uses the SMTP AUTH authentication method, the User must be enabled for SMTP AUTH for their Exchange Online.
See the following article from Microsoft: Enable or disable authenticated client SMTP submission(SMTP AUTH) in Exchange Online
PowerShell example:
Set-CASMailbox -Identity <mailbox_user> -SmtpClientAuthenticationDisabled $false
Configure Send-As permissions
In order for a Zylinc Agent to be able to send an email from it's own email address, you need to grant the Zylinc Mailbox User (default sender) permissions to send as the agent.
In Exchange Online, an Exchange Administrator, must follow the steps below for all Zylinc Agents thatmust be able to send from their own mail address, within the Zylinc Cloud Web agent.
These steps are optional and can be omitted if the Zylinc Mailbox user always should be the sender ofan email.
Find the user and access delegation
In Exchange Online Admin interface, find the desired user (agent mailbox) and enter the delegation tab on the user page
Add the default sender mailbox under "Send As" permissions
Click Edit under "Send As", and add the Zylinc Mailbox User. Then click save.
Alternative: Using Powershell
The same operation can be applied to multiple users using powershell, and the
ExchangeOnlineManagement package.