Configuring SMTP with OAuth 2.0 in Business Central
Sudip Shrestha · 1 Oct 2025 · 18 min read
Sending email from Business Central used to mean basic SMTP with a username and password. Microsoft has been deprecating that for years. The replacement — SMTP AUTH with OAuth 2.0 — works, but only if you stitch together four moving pieces in the right order: an Azure App Registration, an Exchange Online service principal, mailbox-scoped permissions, and the BC email account itself.
This walkthrough is the order I now follow on every new tenant. Eighteen steps across four sections — sign in to Azure, configure Exchange via PowerShell, verify the token, finish in BC.
Section 1 — Azure Portal
Create the App Registration and grant SMTP.SendAsApp permission. Steps 1–5 cover navigating to Azure Active Directory, registering a new application, adding a client secret, and assigning the SMTP.SendAsApp application permission with admin consent.
Section 2 — Exchange Online
Connect via PowerShell, create the service principal for your app registration, and scope the SMTP permission to the specific sending mailbox. Steps 6–11 walk through the ExchangeOnlineManagement module, New-ServicePrincipal, and Add-MailboxPermission commands.
Section 3 — Token Verification
Before touching Business Central, verify the full OAuth 2.0 token flow works with a direct POST to the Microsoft identity platform token endpoint. Step 12 confirms your tenant ID, client ID, client secret, and scope are all correct.
Section 4 — Business Central
Set up the SMTP email account in BC using the OAuth 2.0 credentials. Steps 13–18 cover the Email Accounts page, choosing SMTP as the connector, entering the client credentials, and sending a test email to confirm the full chain is working.
By Sudip Shrestha — BC consultant and AL developer at Dogma Group.