Connect Outlook / Microsoft 365

Outlook uses OAuth through an app you register in your own Azure Active Directory (see BYOC, explained). Single-tenant apps like this one skip Microsoft's Publisher Verification requirement entirely, regardless of the mail scopes requested.

1. Register an app in Azure

  1. Go to Azure PortalAzure Active Directory → App registrations → New registration
  2. Name it anything (e.g. "SubsiMail")
  3. Under Supported account types, choose Accounts in this organizational directory only (Single tenant)
  4. Register it
Azure App registrations New registration form
Registering a new single-tenant app in Azure AD

On the app's overview page, note down the Application (client) ID and the Directory (tenant) ID — you'll need both.

2. Add a redirect URI

  1. In the app: Authentication → Add a platform → Web
  2. Redirect URI:
    https://your-domain.com/oauth/outlook/callback
    (use your actual SubsiMail domain)

3. Add API permissions

  1. API permissions → Add a permission → Microsoft Graph → Delegated permissions
  2. Add Mail.Send and Mail.Read (plus the default User.Read, already present)
Azure API permissions screen with Mail.Send and Mail.Read added
Mail.Send and Mail.Read added under API permissions

Mail.Read is scoped to the inbox specifically, used only for stop-on-reply detection — it's read separately from Sent Items so a reply-to-yourself test doesn't get misread as an actual reply.

4. Create a client secret

  1. Certificates & secrets → New client secret
  2. Copy the secret's value immediately — Azure only shows it once
Azure client secret created, value visible once
The client secret value, visible only right after creation

5. Connect in SubsiMail

  1. In SubsiMail, go to Accounts
  2. Under Outlook, paste the Directory (tenant) ID, Application (client) ID, and Client Secret, then save
  3. Click Connect Outlook account — you'll be sent to Microsoft's sign-in/consent screen, then back to SubsiMail
SubsiMail Accounts page Outlook configuration form
Pasting Tenant ID, Client ID, and Client Secret on the Accounts page