> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Microsoft 365 Exchange Online as an Email Provider

> Instructions on how to configure Microsoft 365 Exchange Online as an email provider with Auth0.

## Prerequisites

* You must have a [Microsoft 365](https://www.microsoft.com/en-us/microsoft-365) account with an active subscription.

* Your Microsoft 365 subscription must be licensed to send emails through Exchange Online. You need at a minimum a paid subscription to Microsoft Business Basic plan to use the Microsoft Graph API for Exchange Online.

* You must configure your provider to allow inbound connections from specific [Auth0 IP addresses](/docs/secure/security-guidance/data-security/allowlist).

## Configure Microsoft 365 Exchange Online

1. Log in to [Microsoft Azure](https://azure.microsoft.com/) account with your Microsoft 365 account.
2. Register a [Microsoft Entra ID Application](https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application) resource if you currently do not have one.
3. Navigate to your Active Directory Application resource. Select **Services > App registrations**, and then select the application you will be using to send emails.
4. Configure the required application permissions by navigating to **Manage > API permissions**.
5. Add the `Mail.Send` [permission](https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application#api-permissions) by selecting **Add a permission > Microsoft Graph > Application permissions** selector.

   <Callout icon="file-lines" color="#0EA5E9" iconType="regular">
     Before you configure **Application permissions**, you need administrative consent.
   </Callout>

   <Callout icon="file-lines" color="#0EA5E9" iconType="regular">
     By default, `Mail.Send` grants permission to send as any user in your tenant. To restrict access to a specific mailbox, use [RBAC for Applications in Exchange Online](https://learn.microsoft.com/en-us/exchange/permissions-exo/application-rbac) to scope the permission to a specific service principal.
   </Callout>
6. Retrieve required provider configurations:

   1. Navigate to the **Application Overview** to retrieve your application [Client ID and Tenant ID](https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application#application-id-client-id).
   2. Navigate to **Manage > Certificates & secrets** and collect the **Value** to create an application [secret](https://learn.microsoft.com/en-us/azure/healthcare-apis/register-application#certificates--secrets).
   3. Retrieve the organization **User Email** that sends emails through the application. Navigate to **Users > Active users**, select your authorized user, and collect their **User Email** from their properties.
7. Navigate to Auth0 [Dashboard > Branding > Email Provider](https://manage.auth0.com/#/branding/email_provider).
8. Activate the **Use my own email provider** toggle.
9. Click the **Microsoft 365** logo.
10. Provide the **From** email address. Then, enter the **Tenant ID**, **Client ID**, and **Client Secret** from step 6, and then click **Save**.

## Send a test email

Send a test email using the **Send Test Email** button. If the configuration is correct, you receive a confirmation email. If you do not receive an email after a few minutes, check your [Auth0 logs](https://manage.auth0.com/#/logs) for error codes.

Once configured, the Microsoft Exchange [Email Usage](https://admin.microsoft.com/#/reportsUsage/EmailActivity) page displays delivery insights for all emails that have been sent to your users.