Your application never talks directly to Outlook.

Instead:

Application
    ↓
OAuth 2.0
    ↓
Microsoft Entra ID
    ↓
Microsoft Graph API
    ↓
Exchange Online Mailbox

Step 1: Purchase Microsoft 365 Business Basic

For development and testing purposes, Microsoft 365 Business Basic is usually sufficient.

Benefits include:

• Exchange Online mailbox
• Microsoft Graph API access
• Outlook
• IMAP
• SMTP
• OAuth support

After signup, Microsoft automatically creates a tenant domain such as:

yourcompany.onmicrosoft.com

and an administrator account:

[email protected]

Step 2: Verify Outlook Mailbox Access

Before touching Azure, verify the mailbox works.

Login:

https://outlook.office.com

Use:

[email protected]

Send and receive a test email.

If Outlook works, Exchange Online is properly configured.

Step 3: Create an Azure App Registration

Open:

Microsoft Entra Admin Center

Navigate:

Applications
→ App Registrations
→ New Registration

Application Name:

Mail Prototype

Supported Account Types:

Single Tenant

Redirect URI:

Web
http://localhost:3000/auth/callback

Click Register.

Step 4: Collect Required OAuth Credentials

After registration, Azure provides:

Client ID

Location:

App Registration
→ Overview
→ Application (client) ID

Example:

AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Tenant ID

Location:

App Registration
→ Overview
→ Directory (tenant) ID

Example:

AZURE_TENANT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Step 5: Create Client Secret

Navigate:

Certificates & Secrets
→ New Client Secret

Provide:

• Description
• Expiration

Click Add.

Copy:

Value

Important:

Do NOT copy Secret ID.

Use only:

AZURE_CLIENT_SECRET=xxxxxxxxxxxxxxxxxxxx

Step 6: Configure Microsoft Graph Permissions

Navigate:

API Permissions
→ Add Permission
→ Microsoft Graph
→ Delegated Permissions

Add:

openid
profile
offline_access

User.Read

Mail.Read
Mail.ReadWrite
Mail.Send

Grant Admin Consent.

Step 7: Configure Environment Variables

Example:

AZURE_CLIENT_ID=
AZURE_CLIENT_SECRET=
AZURE_TENANT_ID=
AZURE_REDIRECT_URI=http://localhost:3000/auth/callback

Step 8: Configure IMAP Settings

Microsoft 365 IMAP Server:

Host: outlook.office365.com
Port: 993
Security: SSL/TLS

Example Node.js configuration:

{
  host: 'outlook.office365.com',
  port: 993,
  tls: true
}

Step 9: Configure SMTP Settings

Microsoft 365 SMTP Server:

Host: smtp.office365.com
Port: 587
Security: STARTTLS

Example:

{
  host: 'smtp.office365.com',
  port: 587,
  secure: false
}

Step 10: Implement OAuth Authentication

Create login endpoint:

GET /auth/connect

Redirect user to Microsoft Login.

After authorization:

GET /auth/callback

Exchange authorization code for:

• Access Token
• Refresh Token

Step 11: Test Microsoft Graph API

Profile Endpoint:

GET https://graph.microsoft.com/v1.0/me

Read Messages:

GET https://graph.microsoft.com/v1.0/me/messages

Send Email:

POST https://graph.microsoft.com/v1.0/me/sendMail

Common Errors and Solutions

Redirect URI Mismatch

Cause:

AADSTS50011

Solution:

Ensure Azure Redirect URI exactly matches application configuration.

Unauthorized Client

Cause:

Incorrect tenant or account type configuration.

Solution:

Verify supported account types and tenant configuration.

Missing Mail Permissions

Cause:

Admin consent not granted.

Solution:

Grant admin consent after adding Graph permissions.

Final Thoughts

Microsoft's ecosystem can seem complicated initially, but once you understand the relationship between Microsoft 365, Exchange Online, Entra ID, OAuth, and Microsoft Graph, the setup becomes straightforward.

By following this guide, you'll have a fully functional email integration capable of reading emails, sending messages, synchronizing folders, and building modern SaaS applications powered by Microsoft 365.