Connect Outlook / Microsoft 365
Outlook uses OAuth through an app you register in your own Azure Active Directory (see BYOC, explained). Single-tenant apps like this one skip Microsoft's Publisher Verification requirement entirely, regardless of the mail scopes requested.
1. Register an app in Azure
- Go to Azure Portal → Azure Active Directory → App registrations → New registration
- Name it anything (e.g. "SubsiMail")
- Under Supported account types, choose Accounts in this organizational directory only (Single tenant)
- Register it
On the app's overview page, note down the Application (client) ID and the Directory (tenant) ID — you'll need both.
2. Add a redirect URI
- In the app: Authentication → Add a platform → Web
- Redirect URI:
(use your actual SubsiMail domain)
https://your-domain.com/oauth/outlook/callback
3. Add API permissions
- API permissions → Add a permission → Microsoft Graph → Delegated permissions
- Add
Mail.SendandMail.Read(plus the defaultUser.Read, already present)
Mail.Read is scoped to the inbox specifically, used only for stop-on-reply detection — it's read separately from Sent Items so a reply-to-yourself test doesn't get misread as an actual reply.
4. Create a client secret
- Certificates & secrets → New client secret
- Copy the secret's value immediately — Azure only shows it once
5. Connect in SubsiMail
- In SubsiMail, go to Accounts
- Under Outlook, paste the Directory (tenant) ID, Application (client) ID, and Client Secret, then save
- Click Connect Outlook account — you'll be sent to Microsoft's sign-in/consent screen, then back to SubsiMail