# Graph API with Client Credentials Grant (Application access) ## Registering an application ### Step 1 - Finding Azure Active Directory to manage your account Visit the following link in your Microsoft Azure account (within your Azure Active Directory):\ ### Step 2 - Initiating an app registration Click on **+ New registration**
### Step 3 - Account (tenant) type selection Register your application as illustrated: ![Registering an application](/files/-Mf8I46hRP96dRDkZIAr) Make sure to add the following content to the fields: * **Name**: An easily identifiable name. * **Account type**: Select the account type to indicate whether it should be available for accounts outside your organization or not. * Single tenant: choose this if the app is accessible for your organizational directory * Multitenant: choose this if you want to allow any organizations to use this app * **Redirect URI**: In the Redirect URI section, do the following: * Leave the Web as selected. * Copy and paste the Redirect URI from the **OAuth2 Client Credentials** screen as the URI value. As this URL is specific to your Jira instance, it is essential to copy the URL from the Email This Issue app into this page.

Redirect URI

{% hint style="warning" %} Important: As of now the OAuth2 for SMTP/IMAP is not supported for personal Microsoft accounts. {% endhint %} ### Step 4 - Define API permissions API Permissions (scopes) need to be granted for the application. The following permissions are required for the Grant flow: * Mail.ReadWrite * Mail.Send * User.Read.All 1\. On the overview page of your newly created app select the **API permissions / Security -> Permission** menu. Click on the **Add a permission** button and select the *Microsoft Graph* group: ![Navigating to the API permission manager](/files/-Mf8I46nHQeNIzuQIqTx) 2. Select **Application permissions** then find and select the permissions. Depending on your actual use case (i.e. the used messaging/communication protocol), the following permissions shall be added: **2.1. General permissions (required for both incoming and outgoing connections)**\ General permissions are needed to acquire a refresh token and then manage access tokens (i.e. these are required in each and every use case). * **User.Read.All**
**2.2. Graph API permission to fetch messages** * **Mail.ReadWrite**
**2.3. Graph API permissions to send messages** * **Mail.Send**
3. **Grant admin consent** after adding permissions.

Full List of Permissions with Admin Consent Granted

### Step 5 - Generating a client secret Generate a client secret to be used in [client credentials](/email-this-issue/administration/email-this-issue-for-jira-cloud-oauth2-credentials.md). 1\. Select the **Certificates & secrets** menu. ![Azure Active Directory: Certificates & secrets](/files/-Mf8I46qc4tEOcqhp-yV) 2\. Click on the **New client secret** button to create a new client secret. ![Adding a new client secret](/files/-Mf8I46rd2z_0uBQMB_7) 3\. Add a description. 4\. Select the expiration date that fits your needs 5\. Click **Add**. Copy the Client Secret Value, as you need to enter it into the Email This Issue app, and it will not be visible in the Azure UI later.Copy the **Client Secret Value** as you need to enter it into the Email This Issue app and it will not be visible in the Azure UI later. ### Step 6 - Copying data into Email This Issue In Email This Issue go to OAuth2 credentials and click to create new credentials.
1. **Name**: a custom name for this entry. 2. **OAuht2 Service Provider**: Microsoft 0365 3. **Grant type**: Client Credentials 4. **Client ID**: the Application (client) ID - you can find it on the **Overview** screen ![The location of Client ID (aka Application ID) to copy from](/files/-Mf8I46jKxaum88dGrdC) 5. **Client Secret**: this needs to be the Client Secret **Value**

Location of the Client Secet Value to copy from

6. **Auth Endpoint URL**: is NOT required for this type of connection
7. **Token Endpoint URL**: you can find this information on the Overview page of the registered application, selecting the Endpoint menu at the top. Ensure that you copy the **V2** endpoint

Location of the Token Endpoint URL to copy from

8. **You do NOT need to Authorize the connection.** Authorization was already completed on the Azure side at the end of Step 4.
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.meta-inf.hu/email-this-issue/administration/mail-server-connections/microsoft-with-oauth2/microsoft-graph-api-with-oauth2/graph-api-with-client-credentials-grant-application-access.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.