User Guide — Connect Microsoft 365 Tenant to MailReach (Client Secret)

This guide explains how to configure a Microsoft Entra ID (Azure AD) application so MailReach can connect to your Microsoft 365 tenant using:

✅ Application permissions

✅ Admin consent (one-time)

✅ Client Credentials (server-to-server)

✅ Client Secret authentication

Prerequisites

You need:

• A Microsoft 365 tenant
• An admin account with permission to:
• • Register applications
  • Grant tenant-wide admin consent

Helpful reference on admin roles:

https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference

Step 1 — Register the App in Entra ID

1. Open Azure Portal:

https://portal.azure.com

2. Go to:

Microsoft Entra ID → App registrations

https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps

3. Click New registration
4. Enter:

• Name: MailReach Outlook Connector (recommended)
• Supported account types: ✅ Single tenant
• Redirect URI: ❌ Leave blank (not required)

5. Click Register

✅ Copy and save these values (you’ll need them later):

• Application (client) ID
• Directory (tenant) ID

Docs:

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app

Step 2 — Add Microsoft Graph Application Permissions

1. Open your app → API permissions
2. Click Add a permission
3. Select Microsoft Graph
4. Select Application permissions

Add the permissions MailReach requires (typical email integration):

• Mail.ReadWrite (or Mail.Read depending on your needs)
• Mail.Send
• User.Read.All

⚠️ Make sure these are Application permissions, not Delegated permissions.

Docs:

https://learn.microsoft.com/en-us/graph/permissions-reference

Step 3 — Grant Admin Consent (One-Time)

Go to API permissions and click:

✅ Grant admin consent for 

After this, permissions should show:

✅ “Granted for ”

Docs:

https://learn.microsoft.com/en-us/entra/identity-platform/v2-admin-consent

Step 4 — Create a Client Secret (IMPORTANT)

1. In your app, go to Certificates & secrets
2. Under Client secrets, click New client secret
3. Enter:

• Description: MailReach secret
• Expiration: choose a suitable duration (e.g. 12 or 24 months depending on your policy)

4. Click Add

✅ Very Important: Save BOTH the Secret Value and Expiration Date

When the secret is created, you will see these fields:

• Value ✅ (this is the actual client secret)
• Expires ✅ (expiration date)

⚠️ You must copy and store BOTH immediately.

You will need to copy/paste these into the MailReach Tenant Connection form:

• Tenant ID
• Client ID
• Client Secret (Value)
• Client Secret Expiration Date

Important: Microsoft only shows the Secret Value once.
If you lose it, you must create a new secret.

Official docs:

https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-a-client-secret

Step 5 — Enter Values in MailReach

In the MailReach “Connect Microsoft Tenant” form, paste:

✅ Directory (tenant) ID

✅ Application (client) ID

✅ Client Secret (Value)

✅ Client Secret Expiration Date

This allows MailReach to authenticate and access the mailboxes approved by your tenant policies.

Updated on: 26/01/2026