Configure Microsoft Azure for email integration

Perform the following configuration before you begin adding the Microsoft Graph integration on Genesys Cloud. For a more detailed procedure, check the Microsoft Azure documentation.

Before you begin the procedure, check the following:

  • Mailbox licensing: Ensure the mailbox you’re connecting to has a valid license assigned. Each mailbox must be licensed to function correctly.
  • Application policies: Verify that there are no application access policies in Exchange Online blocking the integration. For more information, see Microsoft’s documentation on Role Based Access Control for Applications in Exchange Online.
  • Azure registration status: Make sure the app registration is active on the Azure side. Restart the integration by disabling and re-enabling it in Genesys Cloud.
  • Configuration updates: If you make any changes to your Azure setup, ensure that you disable and re-enable the Graph integration afterward to refresh the registration with the updated settings.
Note: Review the FAQs before you begin the configuration procedure.
  1. Visit the Microsoft Azure admin page.
  2. On the left pane, click App registrations, and then click New registration.
    The Register an application page window appears.
  3. Enter the application’s registration information:
    • Name – Enter an application name that will be displayed to users.
    • Supported account types – Select the Accounts in any organizational directory option.
    • Set the Redirect URI as http://localhost.
    • Click Register to create the application.
  4. On the app Overview page, copy the values from the Application (client) ID and Directory (tenant) ID fields for later use.
  5. To add permissions for the three endpoints, on the Azure Active Directory portal, click API Permissions, and then click Grant Admin Consent for <tenant> for the following permissions:
    • Mail.ReadWrite
    • Mail.Send
    • User.Read
  6. Click Yes on the consent confirmation.              
    The required permissions are now added. Ensure that you have a green check mark indicating admin consent.
  7. To create a client secret, from the homepage, select the application that you created.
  8. Click Certificates and Secrets, and then Client Secrets.
  9. Click New client secret.
    The Add a client secret window appears.
  10. Enter a description for this client secret.
  11. Select the desired expiry period from the Expires drop-down list.
  12. Click Add.
  13. Copy the values from the Value and Secret ID fields. These values are required at the time of integration and are not available later.
  14. On the Overview page click Endpoint. Review the Endpoints URL list and the OAuth 2.0 token endpoint (v2) in particular. Copy the access token endpoint; you will add it when you Configure and activate the Microsoft Graph integration.
  15. To add Genesys Cloud IP addresses to connection filter policy, open the Microsoft Defender page. Click Email & Collaboration > Policies & Rules > Threat policies > Anti-spam > Connection filter policy (Default). Use the Utilities API to get the IP addresses for your region.
  16. Click Save.

You can now add the Microsoft Graph integration from Genesys Cloud. For more information, see Install the custom Microsoft Graph integration.