Setting Up OAuth 2.0 SMTP for Office 365 Exchange Online for use with Vista

Applies to Vista Version: 2025.9 and above

Last Updated: 11/21/2025

Setting Up OAuth 2.0 SMTP for Office 365 Exchange Online for use with Vista

Requirements:

• You must be the Azure administrator for your company.
• You must have a subscription for Office 365 Exchange Online.
• Mailboxes used must be actual mailboxes that are licensed.

This guide outlines the basic steps to configure OAuth 2.0 for integration with Vista.

It includes:

1. Registering an application in Microsoft Entra ID
2. Assigning the necessary API permissions
3. Generating a client secret
4. Creating a service principal
5. Adding mailbox permissions for specific mailboxes
6. Ensuring the Exchange Mailbox has "Authenticate SMTP" checked
7. Gathering the Client ID, Tenant ID, Client Secret, and Mailbox for sending emails
8. Configuring Vista with new SMTP OAuth settings
9. Testing Vista SMTP OAuth settings
10. Reviewing Vista logs if "Send Test Email" fails

Note: Additional settings and permissions can be configured for more control. You may need to research online or contact Microsoft for further support. This guide focuses on the essential setup for Vista.

Step 1: Register an Application in Microsoft Entra ID

1. Sign in to the Azure Portal (https://portal.azure.com/) using an administrator account to access the Microsoft Entra admin center.
2. Navigate to App Registrations by selecting Identity > Applications > App registrations from the left-hand menu.
3. Click on + New registration.
4. Enter a descriptive name for the application and choose “single tenant application.”
5. Click the Register button.
6. After registration, note the Application (client) ID and Directory (tenant) ID from the app's Overview section. These will be needed later.

Step 2: Configure API Permissions

1. In the app's management menu, under Manage, select API permissions.
2. Click + Add a permission.
3. Go to the APIs my organization uses tab, search for and select Office 365 Exchange Online.
4. Choose Application Permissions, search for and add SMTP.SendAsApp
5. Click the Grant admin consent button to approve the permissions for all users in your tenant. Confirm the action when prompted.

API permissions should look like this:

Step 3: Create a Client Secret

1. In the app's management menu, under Manage, select Certificates & secrets.
2. Under the Client secrets section, click + New client secret.
3. Enter a description and select an expiration period (e.g., 24 months, or "Never" if it aligns with your security policy). Click Add.
4. Immediately copy the generated secret value and store it securely. This value is only shown once and cannot be retrieved later.

Step 4: Configure Service Principal in Exchange Online

1. Launch the PowerShell command prompt as Administrator.
2. Enter the command: Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
3. If not already installed, run: Import-module ExchangeOnlineManagement
4. Connect to Exchange using the command: Connect-ExchangeOnline. A Microsoft Login window will appear. Log in with your Exchange Admin account.
5. Register your Azure AD application as a service principal in Exchange Online using: New-ServicePrincipal -AppId "<Application_ID>" -ObjectId <Object_ID>

Note: Get Application ID and Object ID from the Enterprise Application page (not Application Registration page)

Step 5: Add Mailbox Permissions

To add mailbox permissions for specific mailboxes, use the following command: Add-MailboxPermission -Identity "<Mailbox Email Address>" -User "<ServicePrincipal Object_ID>" -AccessRights FullAccess

Note: Get Object ID from the Enterprise Application page (not Application Registration page)

Step 6: Ensure Exchange Mailbox has "Authenticate SMTP" Checked

1. Log into https://admin.microsoft.com/
2. Locate the Mailbox to be used for sending emails.
3. Click on the Mail link and review settings.
4. Click on “Manage Email App” link
5. Ensure "Authenticated SMTP" is checked. If not, check it.

Step 7: Gather the Client ID, Tenant ID, and Client Secret

1. Client ID and Tenant ID can be obtained from App Registration (See image).
2. Client Secret was captured in Step 3 - Create a Client Secret.
3. Mailbox can be obtained from Step 5 - Add Mailbox Permissions.

Step 8: Configure Vista with SMTP New OAuth Settings

1. Open Vista VA Site Settings, Email Settings Tab.
2. Check "Send email via SMTP".
3. Click on the "Email Client" dropdown and choose "Office 365".
4. Enter the Mailbox for sending in "Email Address".

Note: As of version 2025.9 (aka 2025.8), there’s a bug that requires the Mailbox to be entered in the UserName field as well. This is needed, otherwise, the Vista Notifier will fail to send emails.

5. Enter the client ID, tenant ID, and client secret.
6. Click OK to save settings.

Example Settings

Step 9: Test Vista SMTP OAuth Settings

1. Open Vista VA Site Settings, Email Settings Tab.
2. Click on “Send Test Email” button.
3. Provide the recipient email to send to.

If Successful,

If Error,

Step 10: Review Vista Logs if "Send Test Email" Fails

1. Open Vista Logs (Help->Systems->View Logs).
2. Scroll to the right and locate the column "Log Procedure" and filter by TestSmtpServerConfigData.
3. Review the “Displayed Msg” column for the error
4. Re-check that all steps were performed. Also research on-line or reach out to Microsoft support to inquire about the specific error shown.

Note: If you have direct SQL Server access, you can use this query:

use [Viewpoint]

select top 10 * from dbo.vDDAL where [Procedure] = 'TestSmtpServerConfigData'

order by DateTime desc

If still failing, another step to check is

Exclude the user from a Conditional Access policy that blocks Legacy Authentication:

 Sign in to the Azure portal as a Security administrator, Conditional Access administrator, or Global administrator.
Browse to Azure Active Directory > Security > Conditional Access.
In the policy that blocks Legacy Authentication, exclude the mailbox being used under Users and Groups > Exclude.
Select Save.