Trying to set up Azure for SMTP email. SMTP Username generation tells me that there is a Permissions issue

Question

Trying to set up Azure for SMTP email. SMTP Username generation tells me that there is a Permissions issue

Duane Sellers 0

Trying to set up Azure for SMTP email. SMTP Username generation tells me that there is a Permissions issue. I THINK I have set up all of the pieces correctly, and the Entra App Resource has the proper Graph permissions.

Pashikanti Kumar 1,560 Reputation points Microsoft External Staff Moderator

2025-11-11T20:48:50.0366667+00:00
Hi Duane Sellers,

Thanks for reaching out on Microsoft Q&A

The error "Permission Denied to View Application" when setting up Azure for SMTP email and generating the SMTP username typically indicates a misconfiguration in the permissions or roles assigned to the application in Microsoft Entra ID (Azure AD).

1.Missing Required API Permissions:

The application may not have the correct permissions assigned, or the permissions are not granted admin consent.

2. Role Assignment Issues:

The application may not have the required role (e.g., Mail.Send) or access to the mailbox.

3.Incorrect Application or User Context:

The SMTP username generation process may be running under a user or application context that lacks the necessary permissions.

4.Admin Consent Not Granted:

Even if the permissions are added, they need admin consent to take effect.

Assign Roles to the App:

Go to Microsoft Entra ID > Enterprise Applications.

Select the application you are using for SMTP email.

Navigate to Users and Groups.

Assign the appropriate roles (e.g., Mail.Send or SMTP.Send) to the application

Ensure Access to the Mailbox:

If the application is sending emails on behalf of a specific user or shared mailbox, ensure the application has Send As or Send on Behalf permissions for the mailbox:

Go to Microsoft 365 Admin Center > Users > Select the user or mailbox.

Assign the application or service principal the required permissions.

Verify Application Authentication

Ensure Correct Authentication Type:

If using Application Permissions, ensure the application is authenticating using a Client ID and Client Secret or a certificate.

If using Delegated Permissions, ensure the user authenticating has the required permissions.

Check SMTP Username Generation:

Ensure the SMTP username

Reference

user: sendMail - Microsoft Graph v1.0 | Microsoft Learn

Microsoft Graph permissions reference - Microsoft Graph | Microsoft Learn
Duane Sellers 0 Reputation points

2025-11-11T21:39:37.1766667+00:00

I THINK I have all of that set. But obviously not. How can i get a support person to share my screens and check what I am missing?
VEMULA SRISAI 2,040 Reputation points Microsoft External Staff Moderator

2025-11-12T06:04:24.8733333+00:00

Duane Sellers For further assistance I have reached out to you in teams, please check
Duane Sellers 0 Reputation points

2025-11-12T22:16:30.38+00:00

Sorry I missed you. It was the middle of the night in Indiana when this message came in.

1 answer

Your answer

Duane Sellers 0 Reputation points

2025-11-11T21:39:37.1766667+00:00

I THINK I have all of that set. But obviously not. How can i get a support person to share my screens and check what I am missing?
VEMULA SRISAI 2,040 Reputation points Microsoft External Staff Moderator

2025-11-12T06:04:24.8733333+00:00

Duane Sellers For further assistance I have reached out to you in teams, please check
Duane Sellers 0 Reputation points

2025-11-12T22:16:30.38+00:00

Sorry I missed you. It was the middle of the night in Indiana when this message came in.

Answer 1

It sounds like you may need to check the permissions assigned to your Microsoft Entra application. Ensure that the application has been assigned the appropriate role to access the Azure Communication Service resource. You can assign either a built-in role, such as the Communication and Email Service Owner role, or create a custom role with the necessary permissions, including Microsoft.Communication/CommunicationServices/Read, Microsoft.Communication/CommunicationServices/Write, and Microsoft.Communication/EmailServices/write.

Here are the steps to assign a built-in role:

Navigate to the Azure Communication Service Resource in the Azure portal.
Open Access control (IAM).
Click +Add and then select Add role assignment.
Choose the Communication and Email Service Owner role and select your Microsoft Entra application as a member.
Confirm the assignment.

Make sure that the application has the necessary API permissions as well, specifically for sending emails, which includes permissions like Mail.Send.

If you have already set these up and are still facing issues, double-check the permissions and roles assigned to ensure everything is configured correctly.

Duane Sellers 0 Reputation points

2025-11-11T20:17:00.2733333+00:00

Added Mail.Send permissions. Still have issues. Error is Permission Denied to View Application.

Share via

Trying to set up Azure for SMTP email. SMTP Username generation tells me that there is a Permissions issue

1 answer

Your answer