The following instructions assume your organization is using the Microsoft 365 service.
Registering an app in Azure Portal
Log in to the Azure Portal
https://portal.azure.com and click the "App registrations" button.
Click the "New registration" button
Fill the app registration form:
- Enter the name of the new application e.g. OTRS Mailing app
- in "Supported account types" section select "Accounts in this organizational directory only (CompanyName only - Single tenant)"
- in "Redirect URI" field just select "Public client/native (mobile & desktop)" and leave the text box blank.
Click on "Register".
Please save Application (client) ID value - you will need it later.
Go to the "Authentication", click on "Add a platform" button and select "Web"
Enter only the "Redirect URIs" in the following schema:
Please note that only https protocol is supported here.
Click on "Configure".
Now you can add more Redirect URIs e.g. test instance URI:
Click on "Save".
Certificates & Secrets
Go to the "Certificates & Secrets", click on "New client secret" button and select expiration date for the client secret.
Click on "Add".
Please save the secret Value - you will need it later. Please note it will not be visible later.
Important! If you use more than one e-mail account in OTRS, you can consider creating a technical account that will "mediate" access to other e-mail accounts. The technical account must have full access rights to all other e-mail accounts configured in OTRS.
You can check the delegation settings at
Recipients -> Mailboxes -> select User -> Delegation -> Read and manage (Full Access) (if you also intend to send messages using the account, you should also delegate Send as permissions)
You must generate a token with the use of this specific technical account - otherwise, access to the accounts other than the one used to generate the token will not be possible.
Go to the "API Permissions", click on "Add a permission" button and select "Microsoft Graph"
Select "Delegated permissions"
Find permissions and add them to your application
The final list of required permissions is:
Click "Grant admin consent for CompanyName"