How to register your app for Office365 with OAuth 2.0 authentication

  |   Lukas Pokorny

Before your application can start accessing Office365 mailboxes using Exchange Web Services (EWS), IMAP, POP3 or SMTP with OAuth 2.0 authentication, you first have to register it in Azure Portal and configure it properly.

The following steps describe how to register a desktop or mobile application for delegated access (suitable for desktop or mobile applications with a single signed-in user present):

  1. Log into Azure Portal. If you don't have an account there yet, create it and set up a tenant.

  2. If you administer more than one tenant, use "Directory + subscription" filter to select the tenant in which to register an application.

  3. At Azure Portal homepage, select "Manage Azure Active Directory". Then, in the left menu, click "App registrations". Azure Portal is constantly changing, so if you cannot find this, use the search bar.

  4. On "App registrations" page, click "+ New registration".

New registration
  1. In the "Register an application" form, enter an app name and specify which kinds of users are going to use it. For desktop or mobile apps, choose Public client/native (mobile & desktop) and enter the Redirect URI:
    For web apps, you would specify an URI of your own. Finally, click "Register".
App registration form
  1. Now that you registered the application, note its assigned Application (client) ID - you'll need it in your application code.

  2. Next, specify appropriate permissions. First, select "API permissions" in the left menu, and click "+ Add a permission".

Add a permission
  1. Select "Microsoft Graph", then choose "Delegated permissions". You would probably want to add "openid", "profile", "email" and "offline_access" permissions from the "OpenId permissions" group (check out the next blog post for more information on them).
OpenId permissions
  1. Depending on the protocol you are going to use, optionally add "EWS.AccessAsUser.All" (from 'EWS' group), "IMAP.AccessAsUser.All" (from 'IMAP' group), "POP.AccessAsUser.All" (from 'POP' group), or "SMTP.Send" (from 'SMTP' group). Once you selected all required permissions, click "Add permissions" to add them.

Now you have registered an application for Office365, and received its client ID. In the next blog post, we will show how to actually use this information to access Office365 mailboxes using EWS, IMAP, POP3 or SMTP with Rebex Secure Mail.

Showcase your application on Rebex.Net

Have you created an interesting application using Rebex components? Would you like to share your development experience with the world? To include your app in our App Showcase, please contact us at