Configuring Email in ManagementStudio (Azure/Office 365)

Modified on Thu, 2 Oct at 4:09 PM

TABLE OF CONTENTS


Introduction

ManagementStudio supports sending emails through Microsoft Azure / Office 365 using two different methods:

  1. Microsoft Graph API (recommended for simplicity)

  2. Exchange Online SMTP (recommended when you need more granular control over sending identities)

Both methods rely on an Azure Enterprise Application for authentication using OAuth2. The authentication can be performed using one of the following mechanisms:

  • Username/Password (not recommended — limited functionality, cannot be used with MFA)

  • Client Secret

  • Certificate


Azure Enterprise Application Configuration 

1. Graph API Method

Overview
This is the simpler option to configure. It allows ManagementStudio to send emails on behalf of any user within your organisation. This requires granting the application a higher level of trust, as it will be able to send as any account in the tenant.


Required Permissions

APIPermission TypePermission Name
Microsoft GraphApplicationMail.Send

2. SMTP Method

Overview
The SMTP method is more complex to configure, but it gives you more granular control. With this method, ManagementStudio can be restricted to sending emails only from specific accounts rather than having global “send as” privileges.


Required Permissions

APIPermission TypePermission Name
Office 365 Exchange OnlineApplicationIMAP.AccessAsApp
Office 365 Exchange OnlineApplicationSMTP.SendAsApp


These are Exchange Online Application permissions, not Microsoft Graph permissions.

SMTP Configuration Steps


Install and Import PowerShell Modules

Launch Microsoft Windows PowerShell as an administrator, then run:

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement

Connect to Exchange Online

Replace {TENANT_ID} with your actual tenant ID:

Connect-ExchangeOnline -Organization {TENANT_ID}

Create a Service Principal

Replace {APPLICATION_ID} and {OBJECT_ID} with the values from your Azure Enterprise Application:

New-ServicePrincipal -AppId {APPLICATION_ID} -ServiceId {OBJECT_ID}

Grant Mailbox Permissions

Assign the application full access to the mailbox from which it will send email. Replace {YourMailboxAddress} with the email address of the target mailbox:

Add-MailboxPermission -Identity "{YourMailboxAddress}" -User {OBJECT_ID} -AccessRights FullAcces


After these steps, the application will be authorised to send emails via SMTP as the specified account.


3. Special Notes on Authentication Methods

If you choose to authenticate using Username/Password:

  • The account must not have Multi-Factor Authentication (MFA) enabled.

  • In Azure AD, under the Enterprise Application’s Authentication settings, you must enable:
    “Allow public client flows”

This setting allows ManagementStudio to use the resource owner password credentials flow. However, because this is considered less secure, client secret or certificate authentication is strongly recommended.


Summary Table

FeatureGraph APISMTP
Setup complexityEasyMore complex
Permission scopeTenant-wide (send as any)Specific mailboxes only
Recommended forSimplicity, broad use casesControlled, restricted sending
Required APIMicrosoft GraphExchange Online




ManagementStudio Admin Configuration



To configure email settings within ManagementStudio, follow the steps below:

  1. Navigate to the Email Settings Page
    In the ManagementStudio application, go to:

    • Administration → Global Settings → Email Settings

  2. Select the Email Server Type
    Choose the type of email server you want ManagementStudio to connect to. There are two primary options:

    • Traditional SMTP

    • Azure (with one of the following authentication methods: Username/Password, Client Secret, or Certificate)

  3. For Azure Email: Choose the Connection Method
    If you selected Azure as your server type, you must further specify how ManagementStudio will connect:

    • Graph API – Recommended for simplicity and broader permissions

    • Exchange Online (SMTP) – Recommended when you want to limit sending to specific accounts

  4. Enter the Required Email Settings
    Based on your chosen connection type and authentication method, fill in all the required configuration fields. These typically include:

    • Tenant ID

    • Client ID (Application ID)

    • Client Secret or Certificate details (if applicable)

    • Sender email address

    • SMTP server and port (for traditional SMTP)

    • Any other relevant connection details

  5. Save Your Configuration
    After entering the required details, save the configuration. It’s recommended to use the “Test Connection” or “Send Test Email” feature (if available) to verify that the setup works correctly before deploying it in a production environment.



Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article