Graph Mail integration: technical setup

Requirements

Licenses

To use a Graph Mail integration with MKG, an Entra environment is required, where users have a license that supports an Entra App registration and a Microsoft® 365 mailbox.

License	Entra App Registration	Mailbox	Works with MKG
Microsoft Entra ID Free
Microsoft Entra P1
Microsoft Entra P2
M365 Business Basic
M365 Business Standard
M365 Business Premium
Office 365 E1
Office 365 E3
Office 365 E5

Access rights to Entra environment

Specific rights are required to create an app registration in Entra. An administrator must have at least the 'Application Developer' role to perform an app registration. This role provides sufficient rights to create an app and add API permissions. However, to grant admin consent at the tenant level - which is necessary for certain permissions, such as Microsoft® Graph - the 'Global Administrator' role is required. Therefore, it is recommended that a Global Administrator perform the app registration or at least be available to provide the necessary consent.

Use of a (shared) mailbox

For the email integration, a Microsoft® 365 Email Box must be available for sending and/or receiving email messages. A personal mailbox usually already has the necessary rights. When a shared mailbox is used, for example, invoice@contoso.com, the appropriate permissions must be assigned in the Microsoft® 365 Exchange Admin Center:

• Send As: required for sending on behalf of the shared mailbox.
• Full Access: required when full access to the mailbox is necessary.

The shared mailbox must be accessible to all accounts that need to send emails from MKG.

App registration in Entra

Follow the steps below to create an app registration that allows MKG users to send email messages via Microsoft Graph Mail, including support for the new Outlook variant.

Step 1: Sign in

Go to the Microsoft Entra Portal and sign in with a user (it is recommended to use a user with the 'Global Administrator' role).

Step 2: New registration

In the menu, choose 'App registrations' and then select the action New registration.

Step 3: Enter the App Registration Name

For the app registration, enter the name "MKG ERP Graph E-mail (Delegated)" under Name. Under 'Supported Account Types', select the (default) option 'Accounts in this organizational directory only (Single tenant)' and choose the action Register.

Step 4: Add API Permissions

Go to 'API permissions' in the created app registration and choose the action Add a permission, then add the following Microsoft Graph permissions (type 'Delegated'). Then, grant Admin consent at the tenant level.

Permission	Description	Type	Admin consent required
Mail.ReadWrite	Send email on behalf of a user's mailbox	Delegated
Mail.Send	Read and write email on behalf of a user's mailbox	Delegated
User.Read	Read the profile of the signed-in user	Delegated
Mail.ReadWrite.Shared	Send email on behalf of a mailbox	Delegated
Mail.Send.Shared	Read and write email on behalf of a mailbox	Delegated

Step 5: Configure the authentication settings

In the created app registration, go to the ‘Authentication (Preview)’ tab and open the ‘Settings’ subtab. Configure the settings below in this section:

• Access tokens (used for implicit flows): enable. This setting is required to retrieve access tokens for the Graph Mail functionality.
• ID tokens (used for implicit flows): leave disabled. This setting is not used by the MKG client.
• Allow public client flows: enable. This setting supports the authentication flow for desktop applications, where no client secret is used.

Click Save to save the changes.

Step 6: Note the Client ID and Tenant ID

In the created app registration, go to the 'Overview' tab. Copy the values of both the 'Application (Client) ID' and the 'Directory (Tenant) ID'. These are needed for the configuration in MKG.