Connect WordPress and Microsoft Entra | Azure | 365

Configure API Permissions

API Permissions control what users can and cannot do when they sign into the registered application.

Perform the following steps to grant Microsoft Entra ID permissions to enable WPO365 to request authorization on behalf of a user to send WordPress emails using Microsoft Graph.

  • Click API permissions from the App registration menu on the left.

  • Click + Add permission.
  • Select Microsoft Graph > Delegated permissions and check
    • email
    • offline_access
    • openid
    • profile

Please note that you should not delete the default User.Read permission.


  • Scroll down to Mail and check
    • Mail.Send

Please note If you need to send attachments larger than 3 MB from WordPress (this is a premium feature and requires the WPO365 | MAIL extension), then the plugin must be able to create a draft email before sending it and you must additionally check Mail.ReadWrite.

Also note If you need to send WordPress emails from a Microsoft 365 Shared Mailbox (this is a premium feature and requires the WPO365 | MAIL extension), then you must check Mail.Send.Shared, and Mail.ReadWrite.Shared (only if you expect to send attachments larger than 3 MB from WordPress).


  • Click  Add permissions.
  • Click to grant consent for all users in your tenant to use this App registration and its ability to provide ID tokens (and Access Tokens).

If the Grand admin consent for … is greyed out then you do not have sufficient permissions to continue. Since this is mandatory you must contact your Global Administrator and ask for help.


Related Features