11 KiB
title, weight, description, keywords
| title | weight | description | keywords | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft 365 | 16 | Configure SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro to send email through Exchange Online. |
|
Use this guide to configure RustDesk Server Pro to send email through Microsoft 365 Exchange Online with OAuth2.
This setup is suitable for invitation emails, login verification emails, and connection alarm notifications.
For general SMTP setup, see SMTP.
Which Values Go Into RustDesk Pro?
| RustDesk Pro field | What to enter |
|---|---|
| From | The sender address shown in outgoing mail. |
| Mail Account | The mailbox address RustDesk uses as the XOAUTH2 SMTP username. |
| OAuth2 Tenant ID | Directory (tenant) ID from the app overview |
| OAuth2 Client ID | Application (client) ID from the app overview |
| OAuth2 Client secret | The secret Value created under Certificates & secrets |
This screenshot shows where these values are entered in RustDesk:

Configuration
Before you start this configuration, make sure you have:
- RustDesk Server Pro
1.8.1or later - An existing Microsoft 365 mailbox, or one you plan to create for sending mail, for example
no-reply@contoso.com - A Microsoft 365 administrator account that can grant admin consent in Microsoft Entra and manage Exchange Online service principals
This configuration has three parts:
- Configure the app registration, client secret, API permission, and admin consent in Azure
- Configure the Exchange Online service principal, mailbox, and permissions in PowerShell
- Configure SMTP OAuth2 in RustDesk and send a test email
1. Configure in Azure
- Sign in to the Azure portal.
- Search for and select App registrations.
- In the left menu, select App registrations, then click New registration.

- Create the app registration.

- Record the
Directory (tenant) IDandApplication (client) ID. You will enter these later in RustDesk.
- Open Certificates & secrets, then create a new client secret.

- Copy the client secret
Valueimmediately. Microsoft shows this value only once.
- Open API permissions and add the Microsoft 365 Exchange Online SMTP application permission.
- Select Add a permission.
- Select APIs my organization uses and search for Office 365 Exchange Online.
- Select Application permissions.
- Select SMTP.SendAsApp and save the change.

- Grant admin consent for the permission you just added.

2. Configure in PowerShell
In this part, connect to Exchange Online, create the service principal, prepare the mailbox, and grant permissions.
- Open PowerShell as a local administrator.

- Install the Exchange Online module and connect with your tenant administrator account.
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
If you want to specify the administrator account explicitly, you can also use:
Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
- In Microsoft Entra Enterprise applications, find the app and record its
Object ID. You will need it when creating the Exchange Online service principal.
{{% notice note %}}
The OBJECT_ID here must be the app's object ID in Enterprise applications, not the object ID shown on the App registrations overview page.
{{% /notice %}}
- Run this command to create the Exchange Online service principal for the app registration. Microsoft describes this step as the registration of a Microsoft Entra application's service principal in Exchange Online.
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>
If this command fails even though the Exchange connection succeeded, verify that the administrator account has permission to manage Exchange Online service principals.

- Confirm that Exchange created the service principal and record its
Identityvalue for the next steps.
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity
Use the Identity value returned here as <SERVICE_PRINCIPAL_ID> in the next two permission commands.
- If the sending mailbox does not exist yet, you can create a shared mailbox first, for example:
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com
If you already have a mailbox for sending mail, you can skip this step.

- Check whether
Authenticated SMTPis enabled for the tenant and the sending mailbox.
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled
If it is not enabled, test emails may fail with this error:
permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.
For the mailbox-level setting, run this if needed:
Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false
If the tenant-level setting returns True, decide according to your organization policy whether to run:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
If both settings above look correct but the same 535 5.7.139 error continues, also check whether the tenant uses Microsoft Entra Security defaults. Microsoft Learn states that SMTP AUTH is disabled in Exchange Online when Security defaults is enabled.
For command details, see Microsoft Learn: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.
- Grant the Exchange service principal
FullAccessto the mailbox that RustDesk will use for sending mail.
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess
Use the mailbox that you plan to enter in RustDesk Mail Account.
If this command returns an error like this:
Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.
the value passed to -Identity did not resolve to an actual mailbox object in Exchange Online.
First confirm that the mailbox really exists in Exchange Online:
Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails
If no mailbox is returned, create or confirm that mailbox first. For a no-reply sender address, you can create a shared mailbox, for example:
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com
If the mailbox already exists, make sure the value you use in Add-MailboxPermission -Identity ... is the mailbox's actual address, alias, or another resolvable mailbox identity.

- Grant the same service principal the
SendAspermission.
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false
This step is also part of Microsoft's official app-only SMTP configuration.
3. Configure in RustDesk
At this point, you should already have:
- the sender address you will use in
From - the mailbox address you will use in
Mail Account - the
Directory (tenant) ID - the
Application (client) ID - the client secret
Value - a confirmed Exchange Online service principal that already has
FullAccessandSendAson the mailbox used forMail Account
RustDesk does not ask for the Exchange service principal Identity, but the permission steps above must already be complete before you test email.
-
In the RustDesk web console, go to Settings -> SMTP.
-
Enable OAuth2 and select Microsoft 365 as the provider.
-
Fill in these fields:
FromMail AccountOAuth2 Tenant IDOAuth2 Client IDOAuth2 Client secret
-
Click Check to save the configuration and send a test email.

If the test email still fails, go back to the PowerShell section and re-check the Exchange Online service principal, Authenticated SMTP, and mailbox permissions for the mailbox used in Mail Account.
References
- Microsoft Learn: Authenticate an IMAP, POP or SMTP connection using OAuth. Used for the Exchange Online app permission and service principal steps.
- Microsoft Learn: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online. Used for checking and enabling
Authenticated SMTP. - Microsoft Learn: Create shared mailboxes in the Exchange admin center. Used for creating a shared mailbox.
