The Desired Authentication Scenario tells WPO365 what type of authorization – to access Microsoft Graph to submit WordPress emails – you intend to configure. Although the options may seem overwhelming at first, it’s essential to take your time and choose the one that best suits your needs to ensure your site operates as securely as possible.
Select one of the following authentication scenarios from the list.
Send as a user (delegated permissions)
This is the recommended authorization scenario because it lets WPO365 send WordPress emails only from one specific Microsoft 365 / Exchange Online mailbox – the one you’ll choose and authorize in the next steps.
Send from a personal Microsoft account e.g. Outlook.com
If you want to send your WordPress emails using a personal Microsoft account—like Outlook.com—this is the option you should choose. Since this setup is a bit different, make sure to read the additional information before continuing with the plugin configuration.
Send as any user (application permissions)
Using application permissions to send WordPress emails isn’t recommended, as it can lead to emails being sent from unintended accounts if not set up correctly. That said, if you’re confident in your configuration and understand the risks, WPO365 won’t restrict you from using this option.
Send as any user (RBAC for EXO)
Choose this option if you’ve set up RBAC (Role-Based Access Control) for Applications in Exchange Online. This setup lets administrators grant specific permissions to an application – also known as a Service Principal – that accesses data independently, such as sending emails. In simple terms, RBAC for Exchange Online means you’re using application permissions, but with added controls to limit what the app can do – for example, only allowing it to send emails from one specific account.