rustdesk/doc.rustdesk.com
1
0
Fork 0
mirror of https://github.com/rustdesk/doc.rustdesk.com.git synced 2026-04-21 07:30:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e0821b420a954ade969d8d435f9d2b841adcc6ea
doc.rustdesk.com/content/self-host/rustdesk-server-pro/smtp/microsoft-365/_index.en.md
fufesou e0821b420a fix: broken links 
Signed-off-by: fufesou <linlong1266@gmail.com>
2026-04-18 12:00:27 +08:00

11 KiB
Raw Blame History

title, weight, description, keywords
title weight description keywords
Microsoft 365 16 Configure SMTP OAuth2 (Microsoft 365) in RustDesk Server Pro to send email through Exchange Online.
rustdesk smtp oauth2
rustdesk smtp microsoft 365
rustdesk smtp m365
rustdesk smtp oauth2 microsoft 365
rustdesk smtp oauth2 m365
rustdesk server pro smtp oauth2
rustdesk server pro microsoft 365
rustdesk server pro m365
rustdesk server pro smtp oauth2 microsoft 365
rustdesk server pro smtp oauth2 m365

Use this guide to configure RustDesk Server Pro to send email through Microsoft 365 Exchange Online with OAuth2.

This setup is suitable for invitation emails, login verification emails, and connection alarm notifications.

For general SMTP setup, see SMTP.

Which Values Go Into RustDesk Pro?

RustDesk Pro field What to enter
From The sender address shown in outgoing mail.
Mail Account The mailbox address RustDesk uses as the XOAUTH2 SMTP username.
OAuth2 Tenant ID Directory (tenant) ID from the app overview
OAuth2 Client ID Application (client) ID from the app overview
OAuth2 Client secret The secret Value created under Certificates & secrets

This screenshot shows where these values are entered in RustDesk:

Configuration

Before you start this configuration, make sure you have:

  • RustDesk Server Pro 1.8.1 or later
  • An existing Microsoft 365 mailbox, or one you plan to create for sending mail, for example no-reply@contoso.com
  • A Microsoft 365 administrator account that can grant admin consent in Microsoft Entra and manage Exchange Online service principals

This configuration has three parts:

  • Configure the app registration, client secret, API permission, and admin consent in Azure
  • Configure the Exchange Online service principal, mailbox, and permissions in PowerShell
  • Configure SMTP OAuth2 in RustDesk and send a test email

1. Configure in Azure

  1. Sign in to the Azure portal.
  2. Search for and select App registrations.
  3. In the left menu, select App registrations, then click New registration.
  4. Create the app registration.
  5. Record the Directory (tenant) ID and Application (client) ID. You will enter these later in RustDesk.
  6. Open Certificates & secrets, then create a new client secret.
  7. Copy the client secret Value immediately. Microsoft shows this value only once.
  8. Open API permissions and add the Microsoft 365 Exchange Online SMTP application permission.
  9. Select Add a permission.
  10. Select APIs my organization uses and search for Office 365 Exchange Online.
  11. Select Application permissions.
  12. Select SMTP.SendAsApp and save the change.
  13. Grant admin consent for the permission you just added.

2. Configure in PowerShell

In this part, connect to Exchange Online, create the service principal, prepare the mailbox, and grant permissions.

  1. Open PowerShell as a local administrator.
  2. Install the Exchange Online module and connect with your tenant administrator account.
Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

If you want to specify the administrator account explicitly, you can also use:

Connect-ExchangeOnline -UserPrincipalName admin@contoso.com
  1. In Microsoft Entra Enterprise applications, find the app and record its Object ID. You will need it when creating the Exchange Online service principal.

{{% notice note %}} The OBJECT_ID here must be the app's object ID in Enterprise applications, not the object ID shown on the App registrations overview page. {{% /notice %}}

  1. Run this command to create the Exchange Online service principal for the app registration. Microsoft describes this step as the registration of a Microsoft Entra application's service principal in Exchange Online.
New-ServicePrincipal -AppId <APPLICATION_ID> -ObjectId <OBJECT_ID>

If this command fails even though the Exchange connection succeeded, verify that the administrator account has permission to manage Exchange Online service principals.

  1. Confirm that Exchange created the service principal and record its Identity value for the next steps.
Get-ServicePrincipal | Format-Table DisplayName,AppId,ObjectId,Identity

Use the Identity value returned here as <SERVICE_PRINCIPAL_ID> in the next two permission commands.

  1. If the sending mailbox does not exist yet, you can create a shared mailbox first, for example:
New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@contoso.com

If you already have a mailbox for sending mail, you can skip this step.

  1. Check whether Authenticated SMTP is enabled for the tenant and the sending mailbox.
Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled
Get-CASMailbox -Identity "no-reply@contoso.com" | Format-List SmtpClientAuthenticationDisabled

If it is not enabled, test emails may fail with this error:

permanent error (535): 5.7.139 Authentication unsuccessful, SmtpClientAuthentication is disabled for the Tenant. Visit https://aka.ms/smtp_auth_disabled for more information.

For the mailbox-level setting, run this if needed:

Set-CASMailbox -Identity "no-reply@contoso.com" -SmtpClientAuthenticationDisabled $false

If the tenant-level setting returns True, decide according to your organization policy whether to run:

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

If both settings above look correct but the same 535 5.7.139 error continues, also check whether the tenant uses Microsoft Entra Security defaults. Microsoft Learn states that SMTP AUTH is disabled in Exchange Online when Security defaults is enabled.

For command details, see Microsoft Learn: Enable or disable authenticated client SMTP submission (SMTP AUTH) in Exchange Online.

  1. Grant the Exchange service principal FullAccess to the mailbox that RustDesk will use for sending mail.
Add-MailboxPermission -Identity "no-reply@contoso.com" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccess

Use the mailbox that you plan to enter in RustDesk Mail Account.

If this command returns an error like this:

Write-ErrorMessage : ||The operation couldn't be performed because object 'no-reply@xxx.com' couldn't be found on 'xxx.xxx.PROD.OUTLOOK.COM'.

the value passed to -Identity did not resolve to an actual mailbox object in Exchange Online.

First confirm that the mailbox really exists in Exchange Online:

Get-EXOMailbox -Identity "no-reply@xxx.com" | Format-List DisplayName,PrimarySmtpAddress,RecipientTypeDetails

If no mailbox is returned, create or confirm that mailbox first. For a no-reply sender address, you can create a shared mailbox, for example:

New-Mailbox -Shared -Name "No Reply" -Alias no-reply -DisplayName "No Reply" -PrimarySmtpAddress no-reply@xxx.com

If the mailbox already exists, make sure the value you use in Add-MailboxPermission -Identity ... is the mailbox's actual address, alias, or another resolvable mailbox identity.

  1. Grant the same service principal the SendAs permission.
Add-RecipientPermission -Identity "no-reply@contoso.com" -Trustee <SERVICE_PRINCIPAL_ID> -AccessRights SendAs -Confirm:$false

This step is also part of Microsoft's official app-only SMTP configuration.

3. Configure in RustDesk

At this point, you should already have:

  • the sender address you will use in From
  • the mailbox address you will use in Mail Account
  • the Directory (tenant) ID
  • the Application (client) ID
  • the client secret Value
  • a confirmed Exchange Online service principal that already has FullAccess and SendAs on the mailbox used for Mail Account

RustDesk does not ask for the Exchange service principal Identity, but the permission steps above must already be complete before you test email.

  1. In the RustDesk web console, go to Settings -> SMTP.

  2. Enable OAuth2 and select Microsoft 365 as the provider.

  3. Fill in these fields:

    • From
    • Mail Account
    • OAuth2 Tenant ID
    • OAuth2 Client ID
    • OAuth2 Client secret

  4. Click Check to save the configuration and send a test email.

If the test email still fails, go back to the PowerShell section and re-check the Exchange Online service principal, Authenticated SMTP, and mailbox permissions for the mailbox used in Mail Account.

References