![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 98%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 9%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Hi @Areg Abgaryan
Thank you for reaching out to the Microsoft Q&A Forum.
Based on your description, you've correctly configured an Azure App Registration and successfully obtained an access token using the client credentials flow (grant_type=client_credentials). However, The "SocketException: Connection refused" error you’re encountering likely indicates issues with server settings, SMTP AUTH configuration, or network connectivity. Below are steps to resolve the issue and an alternative using the Microsoft Graph API. Please try the following steps to fix SMTP with Client Credentials Flow:
- Verify SMTP Settings:
-Use smtp.office365.com, port 587, with STARTTLS and XOAUTH2 authentication.
-Test connectivity with telnet smtp.office365.com 587 to rule out network/firewall issues.
- Enable SMTP AUTH:
-Ensure SMTP AUTH is enabled organization-wide:
Set-TransportConfig -SmtpClientAuthenticationDisabled $false
-Enable for the mailbox:
Set-CASMailbox -Identity "******@yourdomain.com" -SmtpClientAuthenticationDisabled $false
-If security defaults are enabled in Microsoft Entra ID, disable them or use Conditional Access.
- Configure Azure App Registration:
-In Azure portal, register an app with SMTP.SendAsApp permission under Office 365 Exchange Online (Application permissions) and grant admin consent.
-Register the service principal in Exchange Online:
New-ServicePrincipal -AppId <client-id> -ObjectId <object-id>
Add-MailboxPermission -Identity "******@yourdomain.com" -User <client-id> -AccessRights FullAccess
Add-RecipientPermission -Identity "******@yourdomain.com" -Trustee <client-id> -AccessRights SendAs
- Request Access Token:
-Use the endpoint https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token with scope https://outlook.office365.com/.default:
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id={client_id}&client_secret={client_secret}&scope=https://outlook.office365.com/.default&grant_type=client_credentials
- Authenticate with SMTP:
-Format the XOAUTH2 string as user={email}^Aauth=Bearer {access_token}^A^A, encode in Base64, and use in your SMTP library
For example:
using MailKit.Net.Smtp;
using MailKit.Security;
using MimeKit;
var message = new MimeMessage();
message.From.Add(new MailboxAddress("From Name", "mailbox
Alternative: Microsoft Graph API
Since you mentioned trying the Graph API, it’s a more reliable option for non-interactive email sending:
- Add
Mail.Sendpermission under Microsoft Graph and grant admin consent. - Request a token with scope https://graph.microsoft.com/.default.
- Send email via:
POST https://graph.microsoft.com/v1.0/users/******@yourdomain.com/sendMail
Authorization: Bearer {access_token}
Content-Type: application/json
{
Please refer to Microsoft’s guide: Authenticate an IMAP, POP, or SMTP connection using OAuth.
If the issue persists, share detailed error logs or code snippets for further assistance. Let me know if you need help with specific libraries or configurations!
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.