Configuring Microsoft 365 Server to work with Graph API

The following instructions guide you through configuring Azure Active Directory, Microsoft 365 server, and CygNet's GnsConfig utility to work together to send and receive email messages using Graph API.

How to get your Microsoft 365 server to work with Graph API

  1. Work with your IT organization to set up the Azure Active Directory (Azure AD) identity service for your enterprise.
  2. In Azure AD, create an App registration, for example, "CygNet GNS".
  3. In the Overview section, under Essentials, take note of the Application (Client) ID and Directory (Tenant) ID fields. The values in these two fields will be used later when configuring the Graph API settings in the GnsConfig utility.
  4. In the Certificates & secrets section, create a new "Client Secret" calling it whatever you want. The "Value" that is created is essentially the Graph API password. Note that the "Value" will disappear after a certain amount of time, so make note of it immediately. Once it disappears, it's gone for good. Take note of the "Value", as this will be used later as the "Client Secret" when configuring the Graph API settings in the GnsConfig utility.
  5. In the API permissions section, add the necessary Microsoft Graph permissions. We recommend that you add all of the following Microsoft Graph permissions and give Admin consent where required:

Microsoft Graph Permissions

Click the thumbnail to see
the Microsoft Graph Permissions

 

Note: See the following Microsoft topic for a list of the delegated and application permissions exposed by Microsoft Graph: Microsoft Graph permissions reference.
  1. In order to send delegated emails from a Microsoft 365 account in your directory, that account needs to have *at least* a Microsoft Business Standard License attached to it. You may need to purchase a Microsoft Business Standard License if you don't already have one.

    The Microsoft 365 account used for delegating emails via Graph API cannot be on the default onmicrosoft.com domain. The account must be associated with a custom domain. We recommend using Microsoft 365 Admin Center to create a custom domain.

    Create a new active user for the account created on the custom domain, then associated it with a Microsoft Business Standard License.

    In the Microsoft 365 Admin Center, use the Active users section to attach the Microsoft Business Standard License to the Microsoft 365 account.
  2. Open the GnsConfig utility (in CygNet\Utilities) and select the OAuth2 (Graph API) Authorization mode in the General section.
  3. Enter the following properties in the Graph API section:
    • "Authority URI": (https://login.microsoftonline.com)
    • "Tenant ID" from step 3
    • "Client ID" from step 3
    • "Client Secret" from step 4.
  4. Save the configuration and send a test message to see if it works.
  5. If the test fails, contact Microsoft 365 support for assistance.