Purpose
This Standard Operating Procedure (SOP) provides step-by-step instructions for registering an application in the Microsoft Azure Portal to send emails on behalf of users in FOIAXpress.
Prerequisites
Access to the Azure Portal.
Appropriate permissions in Azure AD
(e.g., Application Administrator or Global Administrator).
Registering App in Azure Portal
Open a web browser and navigate to portal.azure.com.
Sign in using your organizational credentials.
Click App registrations and then select + New registration.
Enter the application details:
Name: Enter a descriptive name
Supported account types: Select Single tenant 5. Click Register at the bottom of the page.
After registration, you will be redirected to the Application’s Overview page.
Record the Application (client) ID and Directory (tenant) ID for future use.
Create Client Secrets
Navigate to your application’s Overview page in the Azure Portal.
Select Certificates & Secrets from the left panel.
Click + New client secret from the Client Secrets section.
Enter a Description for the client secret.
Select an expiration period (such as 6 months, 12 months, or 24 months).
Use the Expires field to select an expiration period based on your organization’s security requirements (up to a maximum of 24 months).
NOTE: Record the expiration date. The client secret must be renewed before it expires to avoid service disruption.
Click Add to create the client secret.
After the secret is created, copy the Value immediately (it will not be shown again after you leave the page).
Store the client secret value securely for use in your application configuration.
NOTE: Client secrets and value are used by applications to authenticate securely with Azure AD. Make sure to safeguard the secret and avoid sharing it publicly.
How to Set API Permissions for Sending Email as Any User
Navigate to your application’s Overview page in the Azure Portal.
Select API permissions from the left navigation.
Click Add a permission at the top of the API permissions page.
Under Microsoft Graph, select Application permissions.
Expand the Mail drop-down, then check Mail.Send.
Click Add permissions to confirm.
Click Grant admin consent for [Your Organization] to enable the permission for all users.
Verify that the status for Mail.Send permission shows as Granted.
Review the list of permissions to ensure Mail.Send (Application) is included.
Save your changes and proceed to configure your application’s email functionality.
NOTE: Assigning the Mail.Send application permission allows the app to send emails on behalf of any user in the organization. This requires admin consent and should be granted only when necessary for your application's functionality. Ensure you follow organizational policies for access and security.
How to setup FOIAXpress application to use Microsoft OAuth to send emails
Navigate to the System Settings page in FOIAXpress.
Under Mail Server Address, select Authentication Mode as Microsoft 365 Email.
Select the OAuth Credentials.
Enter the Email Address you want to send emails on behalf of.
Enter the Secret Key (captured earlier).
Enter the Recipient Limit
When the Recipient Limit is configured, the system ensures that outgoing emails are automatically divided into smaller batches based on that specified limit. This helps maintain controlled distribution and prevents exceeding the allowed number of recipients per batch.
Enter the OAuth Client ID and Tenant ID (captured earlier).
Click Save.
If you encounter any issues, contact your CSM for assistance.