TABLE OF CONTENTS
- Introduction
- Azure Enterprise Application Configuration
- ManagementStudio Admin Configuration
- Further Support
Introduction
ManagementStudio supports sending emails through Microsoft Azure / Office 365 using two different methods:
Microsoft Graph API (recommended for simplicity)
Exchange Online SMTP (recommended when you need more granular control over sending identities)
Both methods rely on an Azure Enterprise Application for authentication using OAuth2. The authentication can be performed using one of the following mechanisms:
Username/Password (not recommended — limited functionality, cannot be used with MFA)
Client Secret
Certificate
Azure Enterprise Application Configuration
1. Graph API Method
Overview
This is the simpler option to configure. It allows ManagementStudio to send emails on behalf of any user within your organisation. This requires granting the application a higher level of trust, as it will be able to send as any account in the tenant.
Required Permissions
API | Permission Type | Permission Name |
---|---|---|
Microsoft Graph | Application | Mail.Send |
2. SMTP Method
Overview
The SMTP method is more complex to configure, but it gives you more granular control. With this method, ManagementStudio can be restricted to sending emails only from specific accounts rather than having global “send as” privileges.
Required Permissions
API | Permission Type | Permission Name |
---|---|---|
Office 365 Exchange Online | Application | IMAP.AccessAsApp |
Office 365 Exchange Online | Application | SMTP.SendAsApp |
These are Exchange Online Application permissions, not Microsoft Graph permissions.
SMTP Configuration Steps
Install and Import PowerShell Modules
Launch Microsoft Windows PowerShell as an administrator, then run:
Install-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement
Connect to Exchange Online
Replace {TENANT_ID} with your actual tenant ID:
Connect-ExchangeOnline -Organization {TENANT_ID}
Create a Service Principal
Replace {APPLICATION_ID} and {OBJECT_ID} with the values from your Azure Enterprise Application:
New-ServicePrincipal -AppId {APPLICATION_ID} -ServiceId {OBJECT_ID}
Grant Mailbox Permissions
Assign the application full access to the mailbox from which it will send email. Replace {YourMailboxAddress} with the email address of the target mailbox:
Add-MailboxPermission -Identity "{YourMailboxAddress}" -User {OBJECT_ID} -AccessRights FullAcces
After these steps, the application will be authorised to send emails via SMTP as the specified account.
3. Special Notes on Authentication Methods
If you choose to authenticate using Username/Password:
The account must not have Multi-Factor Authentication (MFA) enabled.
In Azure AD, under the Enterprise Application’s Authentication settings, you must enable:
“Allow public client flows”
This setting allows ManagementStudio to use the resource owner password credentials flow. However, because this is considered less secure, client secret or certificate authentication is strongly recommended.
Summary Table
Feature | Graph API | SMTP |
---|---|---|
Setup complexity | Easy | More complex |
Permission scope | Tenant-wide (send as any) | Specific mailboxes only |
Recommended for | Simplicity, broad use cases | Controlled, restricted sending |
Required API | Microsoft Graph | Exchange Online |
ManagementStudio Admin Configuration
To configure email settings within ManagementStudio, follow the steps below:
Navigate to the Email Settings Page
In the ManagementStudio application, go to:Administration → Global Settings → Email Settings
Select the Email Server Type
Choose the type of email server you want ManagementStudio to connect to. There are two primary options:Traditional SMTP
Azure (with one of the following authentication methods: Username/Password, Client Secret, or Certificate)
For Azure Email: Choose the Connection Method
If you selected Azure as your server type, you must further specify how ManagementStudio will connect:Graph API – Recommended for simplicity and broader permissions
Exchange Online (SMTP) – Recommended when you want to limit sending to specific accounts
Enter the Required Email Settings
Based on your chosen connection type and authentication method, fill in all the required configuration fields. These typically include:Tenant ID
Client ID (Application ID)
Client Secret or Certificate details (if applicable)
Sender email address
SMTP server and port (for traditional SMTP)
Any other relevant connection details
Save Your Configuration
After entering the required details, save the configuration. It’s recommended to use the “Test Connection” or “Send Test Email” feature (if available) to verify that the setup works correctly before deploying it in a production environment.
Further Support
If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article