In order to logon to an EWS session using OAuth you will need to register your application with the Azure Active Directory. You can use the following steps to do this:

Generating a Client ID

1) Logon to the Microsoft 365 admin center
2) When logged on look for the "Azure Active Directory" and open this page

3) Search for the "App registrations" service and open it

4) Press the "+" to create a new registration

5) Specify a displayname, select the account type and press "Register" to register the application

6) The app page contains an overview of the app you just registered. Locate the "Application (client) ID" and copy the value. You will need this in your EWS application.

7) You can click on the "Endpoints" to get an overview of all the endpoints for your newly registered application. Only the first two endpoints (the authorization and token endpoint) are interesting. You can copy these values as well as you will need those in your EWS application as well.

Creating a Client Secret

8) Besides a "Client ID" you will also need a "Client Secret" (=password) to logon. In order to create a client secret you must select the "Certificates & secrets" page from the menu on the left hand side.

9) Press "+ New client secret" to create a new secret.

10) Specify a description for your secret and specify when you want it to expire. Finish by pressing "Add"

12) A new secret (password) is now created. Copy the value and store it somewhere safe (password manager?). You will not be able to retrieve the value later!h

Setting up Permissions

13) After having created a client id and secret you must set the correct API Permissions. You can do this by selecting the "API Permissions" in the menu on the left hand side.

14) Press the "+ Add a permission" to sepecify the permissions your app needs.

16) Select the "Exchange" permission from the "Supported legacy APIs"

17) Depending on your type of application you can select either "Delegated permissions" or "Application permissons". Off course you can also setup both.

Delegated permissions

18a) Select the "EWS.AccessAsUser.All" permission and add it using the "Add permissions" button.

Application permissions

18b) Select the "full_access_as_app" permission and add it using the "Add permissions" button.

19) After having added the permission you can grant consent to your application for all users at once. If you don't do this you will be asked for permissons the first time you logon.

Setting up a redirect URL

20) For some OAuth Grant Types your application will use a browser to request the user credentials in order logon. In order for this to work you will have to setup a "Redirect URI". This is an url which is used by Easy EWS to show the credentials page.

In order to set this up you must navigate to the "Overview" page and select the "Add a Redirect URI" link.

21) Press the "+ Add a platform" button and select the "Web" platform.

22) Use "http://localhost:8080/ews" (or http://localhost/ews) as URI and press the "Configure" button to apply the value


23) You can now logof from the Azure and Microsoft 365 portals and use the values you saved in your Easy EWS application to logon.