Complete Guide: How to Fix Fluent SMTP with Microsoft 365 OAuth Authentication

A step-by-step walkthrough of configuring Fluent SMTP with Microsoft 365 OAuth — including Azure app registration, API permissions, Entra owner setup, and the most common errors and fixes.

Last Updated: May 2026
Reading time: ~15 minutes
Difficulty: Intermediate

Introduction

Setting up Fluent SMTP with Microsoft 365 can be challenging, especially when dealing with OAuth authentication, application registrations, and Azure AD permissions. This guide walks you through the entire process step-by-step, including common errors and how to fix them.

What you'll learn:
  • How to create an OAuth application in Azure
  • How to configure Fluent SMTP with Microsoft 365
  • How to troubleshoot common errors (timeout, "Not Found", permission errors)
  • Best practices for securing your email setup

Prerequisites

Before you start, make sure you have:

  1. WordPress site with Fluent SMTP plugin installed
  2. Microsoft 365 account with admin access
  3. Two email accounts:
    • Admin account: admin@yourdomain.onmicrosoft.com
    • User account: user@yourdomain.in (the one sending emails)
  4. Two-factor authentication (2FA) enabled (optional but recommended)

Part 1Create an Application Registration in Azure

Step 1.1: Go to Azure Portal

  1. Open portal.azure.com
  2. Sign in with your admin account (admin@yourdomain.onmicrosoft.com)

Step 1.2: Navigate to App Registrations

  1. In the search bar, type "App registrations"
  2. Click on "App registrations" from the results
  3. Click "+ New registration"

Step 1.3: Register Your Application

Fill in these details:

FieldValue
NameSMTP (or FluentSMTPAppReg)
Supported account typesSelect: "Accounts in this organizational directory only"
Redirect URIWeb: https://yourdomain.com/wp-json/fluent-smtp/outlook_callback

Example:

  • Name: SMTP
  • Redirect URI: https://ymshah.com/wp-json/fluent-smtp/outlook_callback

Click "Register".

Step 1.4: Copy Your Application Credentials

After registration, you'll see:

  1. Application (client) ID — Copy and save this
  2. Directory (tenant) ID — Copy and save this

You'll need these later in the Fluent SMTP settings.

Part 2Create a Client Secret

Step 2.1: Add a Secret

  1. In the left sidebar, click "Certificates & secrets"
  2. Click "+ New client secret"
  3. Enter: Description: Fluent SMTP; Expires: 24 months (or as needed)
  4. Click "Add"

Step 2.2: Copy the Secret

⚠️ IMPORTANT: Copy the secret value immediately. You won't be able to see it again!
  • Copy the Value (not the ID)
  • Save it securely — you'll need this in Fluent SMTP settings

Part 3Add API Permissions

Step 3.1: Navigate to API Permissions

  1. In the left sidebar, click "API permissions"
  2. Click "+ Add a permission"

Step 3.2: Add Mail.Send Permission

  1. Search for "Office 365 Exchange Online" or "Microsoft Graph"
  2. Click on it
  3. Select "Delegated permissions"
  4. Search for "Mail.Send"
  5. Check the box next to "Mail.Send"
  6. Click "Add permissions"

Step 3.3: Add User.Read Permission

Repeat the process for "User.Read":

  1. Click "+ Add a permission"
  2. Search for "Microsoft Graph"
  3. Select "Delegated permissions"
  4. Search for "User.Read"
  5. Check the box and click "Add permissions"

Step 3.4: Grant Admin Consent

⚠️ This is crucial for Office 365!
  1. Look for the button: "Grant admin consent for [Your Organization]"
  2. Click it
  3. Confirm "Yes" when prompted
  4. You should see a green checkmark next to both permissions

Part 4Configure Fluent SMTP in WordPress

Step 4.1: Go to Fluent SMTP Settings

  1. In WordPress admin, go to Fluent SMTP plugin
  2. Click "Settings"
  3. Go to the "Outlook / Office365 API Settings" section

Step 4.2: Enter Your Credentials

FieldWhere to Find
Application Client IDAzure Portal → App registrations → Your app → Overview
Application Client SecretAzure Portal → Certificates & secrets (copied earlier)
App Callback URLUsually auto-filled: https://yourdomain.com/wp-json/fluent-smtp/outlook_callback

Step 4.3: Authenticate with Office365

  1. Click the red button: "Authenticate with Office365 & Get Access Token"
  2. When prompted, sign in with your user account
  3. Review the permissions and click "Accept"
  4. You should be redirected back to the plugin
  5. The Access Token field should now be filled

Step 4.4: Save Settings

Click "Save" to store your configuration.

Part 5Add Application Owners in Microsoft Entra ID

⚠️ This step is critical and often overlooked!

Step 5.1: Go to Microsoft Entra Admin Center

  1. Open entra.microsoft.com
  2. Sign in with your admin account

Step 5.2: Find Your Application

  1. In the left sidebar, click "Applications""App registrations"
  2. Search for your app name (e.g., SMTP)
  3. Click on it

Step 5.3: Add Owners

  1. In the left sidebar, click "Owners"
  2. Click "+ Add owners"
  3. Select your admin account and user account
  4. Click "Select" to confirm
Why this matters:
  • Owners have full control and can manage app permissions
  • Ensures OAuth tokens are generated correctly
  • Prevents "Need admin approval" errors

Part 6Verify Modern Authentication Settings

Step 6.1: Check Exchange Online Authentication

  1. Go to admin.cloud.microsoft.com
  2. Sign in as your admin account
  3. Go to SettingsServices (or search for "Modern authentication")
  4. Click on "Modern authentication"

Step 6.2: Verify Settings

  • Modern authentication is Enabled
  • Exchange Online has modern auth enabled
  • Basic authentication is BLOCKED (security best practice)

Note: If basic auth is blocked, you MUST use OAuth (which you're doing correctly).

Part 7Test Your Configuration

Step 7.1: Go to Email Test

  1. In Fluent SMTP plugin, click "Email Test" tab
  2. Verify From and Send To addresses

Step 7.2: Send Test Email

Click "Send Test Email" button and wait for confirmation.

Step 7.3: Check Results

  • ✅ Success: Email received — You're done!
  • ❌ Error: See troubleshooting section below

Troubleshooting Common Errors

Error 1: "cURL error 28: Operation timed out"

Cause: Token not being used, or network issues.

Solution:
  1. Go to Settings tab
  2. Find the Default Connection dropdown
  3. Change it to your Microsoft connection
  4. Click Save and try sending again

Error 2: "Not Found" Error

Cause: Default connection is set to wrong SMTP server.

Solution:
  1. Go to Settings tab
  2. Look for "Active Email Connections"
  3. Change "Default Connection" to: Microsoft — your-email@domain.in
  4. Click Save Settings and try sending again

Error 3: "SMTP needs permission to access resources"

Cause: Admin consent not granted, or app doesn't have owners.

Solution:
  1. Go to entra.microsoft.com
  2. Find your SMTP app
  3. Click "Owners" and add your admin account
  4. Go to API permissions
  5. Click "Grant admin consent"
  6. Try authenticating again in Fluent SMTP

Error 4: "Application is unverified"

Cause: Your app is not published in Microsoft's app gallery (normal for internal apps).

Solution: This is NOT a blocker! Your app is still fully functional. You just need admin consent, which you've already granted.

Error 5: "Token expired" or "Invalid token"

Cause: OAuth token expired (tokens last ~60 minutes).

Solution:
  1. Go to Fluent SMTP Settings
  2. Click "Authenticate with Office365 & Get Access Token" again
  3. Sign in and grant permission
  4. Token will be refreshed automatically

Best Practices for Security

  1. Use OAuth, not basic authentication — OAuth is more secure and Microsoft recommends it. Basic auth is blocked in modern Microsoft 365 setups.
  2. Keep your client secret safe — Never share it publicly, don't commit it to version control, use environment variables when possible.
  3. Enable 2FA on your accounts — Makes your Microsoft 365 more secure. OAuth still works with 2FA enabled.
  4. Regularly review app permissions — Go to Microsoft Entra → Your app → API permissions. Remove unused permissions and monitor owner access.
  5. Use separate admin and user accounts — Admin for managing Azure app registrations, user account for actual email sending.

FAQ

Q: Can I use my personal Outlook account instead of Microsoft 365?
A: Yes, but the setup is slightly different. Go to myaccount.microsoft.com, enable app passwords (if 2FA is on), and use basic SMTP credentials instead of OAuth.
Q: Why do I need a redirect URI?
A: The redirect URI is where Microsoft sends the user after they grant permission. It must match exactly what's configured in Azure.
Q: Can multiple WordPress sites use the same SMTP app?
A: Yes — as long as they all have the same redirect URI. However, for better organization, consider creating separate apps for each site.
Q: What if I get "Consent on behalf of your organization" screen?
A: Check that box before accepting if you want all users in your organization to use this connection. Otherwise leave it unchecked.
Q: How often do OAuth tokens refresh?
A: Tokens are typically valid for 60 minutes and refresh automatically. Fluent SMTP handles this behind the scenes.
Q: Can I use this for Gmail/Google Workspace?
A: No, this guide is specific to Microsoft 365. Gmail uses different OAuth scopes and setup.

Quick Reference Checklist

Before troubleshooting, make sure you've completed all these steps:

  • Created app registration in Azure Portal
  • Added Client Secret (and copied it)
  • Added Mail.Send and User.Read permissions
  • Granted admin consent in Azure
  • Added admin account as owner in Entra
  • Configured Fluent SMTP with Client ID and Secret
  • Clicked "Authenticate with Office365" button
  • Access token was generated and saved
  • Set correct default connection in Fluent SMTP
  • Verified Modern Authentication is enabled in Exchange

Conclusion

Setting up Fluent SMTP with Microsoft 365 OAuth requires several steps across different platforms (Azure Portal, Entra Admin Center, and WordPress), but once you understand the process, it becomes straightforward.

Key takeaway: The most commonly missed step is adding owners in Microsoft Entra ID. This is crucial for proper OAuth token generation. If you follow this guide completely, your Fluent SMTP with Microsoft 365 will work reliably and securely.

Additional Resources