Migrating Mail Server Configuration from Legacy EWS to Microsoft Graph API

Migrating Mail Server Configuration from Legacy EWS to Microsoft Graph API

  1. Step 1: Configure OAuth
    Creating a new OAuth provider for Microsoft Graph requires registering a new application in Azure with the Mail.Send permission. Follow the steps below to configure OAuth for Microsoft Graph integration.
    Configuring OAuth for Microsoft Graph API 
    Follow these steps to register your application in Azure and configure OAuth for Graph API integration.
    1. App Registration
      1. Log in to portal.azure.com.
      2. Navigate to App registrations → New registration.
      3. Enter a name for the application.
      4. Select the appropriate Supported account types.
      5. Redirect URI: * For Client Credentials: Leave this blank.      - For Auth Code / Resource Owner Credentials: Select Web and paste your application's Redirect URL.
      6. Click Register. 


    2. Capture Application Credential

      1. On the Overview page, copy the Application (client) ID.


      2. Click on Endpoints at the top.

      3. Copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2). These values will be required when configuring OAuth in Applications Manager.

    1. Generate Client Secret

      1. From the left panel, navigate to Certificates & secretsNew client secret.

      2. Provide a Description and choose the Expiry period.

      3. Click Add.

NotesImportant: Copy the Value of the client secret immediately and store it securely. This value will be required when configuring OAuth in Applications Manager.
    1. Configure API Permissions
             Permissions must be assigned based on the selected OAuth grant type.
      1. Navigate to API PermissionsAdd a permissionMicrosoft Graph.

      2. Assign Permissions:
                  - For Authorization Code / ROPC:         Choose Delegated permissions and search & select Mail.Send.
                  - For Client Credentials: Choose Application permissions and search & select Mail.Send.

      3. Click Add permissions.

NotesImportant: Click Grant admin consent for [Organization Name] and confirm the action. Ensure the permission status displays a green check mark.

                        
    1. Integration in APM
       L      og in to Applications Manager, click on Add OAuth Provider, and enter the following details:

      Applications Manager Field

      Azure Value

      Client ID

      Application (client) ID (from Overview)

      Client Secret

      Value (from Certificates & secrets — NOT the ID)

      Authorization URL

      Paste the copied OAuth 2.0 authorization endpoint (v2)

      Token URL

      Paste the copied OAuth 2.0 token endpoint (v2)

      Token Request Method

      Post Request Body

      Authenticated Request Method

      Basic Authentication


      Grant Type

      Scope Value

      Authorization Code

      Mail.Send
      offline_access

      ROPC

      Mail.Send
      offline_access

      Client Credentials

      .default



      Click on Add to save the Oauth configuration.
  1. Step 2: Update Mail Settings
          Navigate to the Mail Settings page and select the Exchange (Microsoft Graph API) option.
  2. Step 3: Link & Test
          Select the newly created OAuth provider from the dropdown list and click Test Connection.
  3. Step 4: Save
         Click Save once the connection test is successful.
      What happens after migration?
      The Legacy EWS option will be removed for this server.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • Mail Server Monitor - Troubleshooting

                      Common Mail Server Monitor Errors and Troubleshooting Guide 1. Unknown Host Error Description: This error occurs when the mail client cannot resolve the hostname of the mail server to an IP address. The issue typically arises from DNS resolution ...

                    • Microsoft Azure VM - Enabling Diagnostics extension for Windows & Linux VMs

                      Diagnostic Extension is now considered a legacy approach and it is limited to some server distributions. It is recommended to switch to Azure Monitor Agent (AMA). From Applications Manager v171400, Azure monitor agent is supported. Refer here to know ...

                    • REST API Monitor Troubleshooting Guide

                      Whether you're adding a new REST API monitor or troubleshooting an existing one, the following steps can help resolve common issues. Troubleshooting 4xx Error Codes (e.g., 401, 403) Check Request Configuration: Verify that the correct HTTP method ...

                    • Steps to troubleshoot Microsoft 365 Graph API responses via debug tools

                      From Applications Manager version 16310 onwards, Microsoft 365 monitor will use Microsoft Graph API as the primary mode of data collection. We have migrated from PowerShell to Graph API as Microsoft 365 PowerShell commands were taking more time to ...

                    • REST API Monitor - FAQS

                      1. What to do when Basic Authentication fails in REST API monitor? When Basic Authentication fails in the REST API monitor, follow the below steps to troubleshoot the error. Ensure the credentials provided in Applications Manager (Username and ...

                      Related Products