TABLE OF CONTENTS

• Introduction
• Azure Enterprise Application Configuration 
  • 1. Graph API Method
  • 2. SMTP Method
    • SMTP Configuration Steps
  • 3. Special Notes on Authentication Methods
    • Summary Table
• ManagementStudio Admin Configuration
• Further Support

Introduction

ManagementStudio supports sending emails through Microsoft Azure / Office 365 using two different methods:

1. Microsoft Graph API (recommended for simplicity)

2. Exchange Online SMTP (recommended when you need more granular control over sending identities)

Both methods rely on an Azure Enterprise Application for authentication using OAuth2. The authentication can be performed using one of the following mechanisms:

• Username/Password (not recommended — limited functionality, cannot be used with MFA)

• Client Secret

• Certificate

Azure Enterprise Application Configuration 

1. Graph API Method

Overview
This is the simpler option to configure. It allows ManagementStudio to send emails on behalf of any user within your organisation. This requires granting the application a higher level of trust, as it will be able to send as any account in the tenant.

Required Permissions

2. SMTP Method

Overview
The SMTP method is more complex to configure, but it gives you more granular control. With this method, ManagementStudio can be restricted to sending emails only from specific accounts rather than having global “send as” privileges.

Required Permissions

These are Exchange Online Application permissions, not Microsoft Graph permissions.

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

Connect-ExchangeOnline -Organization {TENANT_ID}

New-ServicePrincipal -AppId {APPLICATION_ID} -ServiceId {OBJECT_ID}

Add-MailboxPermission -Identity "{YourMailboxAddress}" -User {OBJECT_ID} -AccessRights FullAcces

3. Special Notes on Authentication Methods

If you choose to authenticate using Username/Password:

• The account must not have Multi-Factor Authentication (MFA) enabled.

• In Azure AD, under the Enterprise Application’s Authentication settings, you must enable:
  “Allow public client flows”

This setting allows ManagementStudio to use the resource owner password credentials flow. However, because this is considered less secure, client secret or certificate authentication is strongly recommended.

Summary Table

ManagementStudio Admin Configuration

To configure email settings within ManagementStudio, follow the steps below:

1. Navigate to the Email Settings Page
   In the ManagementStudio application, go to:

   • Administration → Global Settings → Email Settings


2. Select the Email Server Type
   Choose the type of email server you want ManagementStudio to connect to. There are two primary options:

   • Traditional SMTP

   • Azure (with one of the following authentication methods: Username/Password, Client Secret, or Certificate)

3. For Azure Email: Choose the Connection Method
   If you selected Azure as your server type, you must further specify how ManagementStudio will connect:

   • Graph API – Recommended for simplicity and broader permissions

   • Exchange Online (SMTP) – Recommended when you want to limit sending to specific accounts

4. Enter the Required Email Settings
   Based on your chosen connection type and authentication method, fill in all the required configuration fields. These typically include:

   • Tenant ID

   • Client ID (Application ID)

   • Client Secret or Certificate details (if applicable)

   • Sender email address

   • SMTP server and port (for traditional SMTP)

   • Any other relevant connection details

5. Save Your Configuration
   After entering the required details, save the configuration. It’s recommended to use the “Test Connection” or “Send Test Email” feature (if available) to verify that the setup works correctly before deploying it in a production environment.

Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket