Thanks again, Jan. Have a great day.
Original Message:
Sent: 10-22-2025 11:48
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Great that it's working !
It's not time wasted if you learn something.
Guess clarifying the permissions could also be specified in the documentation.
Maybe I should take the time to report them to the docs team as I've might forgotten this the next time I need it :)
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 11:42
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
It was the bl**dy permissions needed to be application and not delegated. So sorry for wasting your time Yan. It's working now.
MASSIVE FACE PALM
You're an absolute star for helping me out. I hope this post helps someone else (as daft as myself).
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 11:31
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hey Jan,
I believe permissions are good (Admin consent)...
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 11:14
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hi Matthew,
If it fails on the "create" action it sounds like it's missing the permission Mail.ReadWrite (or missing admin concent), but hard to tell when I can't see your side of things :)
In Genesys you only need to get the Client ID / Secret and Endpoint right, which was a hassle since docs aren't correct.
The rest is done in Azure.
On Azure I didn't need to add the IPs of Genesys since I don't use Defender in Lab, we did add an application access policy so it's could only access the mailbox we wanted. As I understood I can otherwise access all mailboxes on the server.
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 10:52
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hey Jan,
That's what I'm using, unfortunately. Application Client ID (not tenant ID) and Client Secret value (not ID). And absolutely agree, not particularly clear in the article.
I even just tried using the Secret ID as a 'clutching at straws' measure but that failed and reported in Genesys as incorrect secret and logged the same in AAD against the enterprise app.
Might be one for Genesys support. I massively appreciate your efforts in assisting me!
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 10:43
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hi,
If I remember correctly for the credentials you use the Applications Client ID (not the ID of the secret) and the value of the client secret for credentials.
This was a bit unclear when settings this up.
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 10:24
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hey Jan,
You are on the money there.
Looking back at the integration within Genesys 'Integrations' the 'Azure Graph API' integration is now showing an error (wasn't before):
Authentication Error. Reason: Operation: Create; Exception: [Status Code: Forbidden; Reason: Access is denied. Check credentials and try again.]
Frustrating. :c)
I followed the Genesys guides 1, 2 and 3 when setting up the integration. The Genesys integration error seems to suggest that there is something wrong with the azureGraphApiCredentialFlow 'Client ID' and / or 'Client Secret' (thus check credentials) but I'm still seeing no error logs against the Enterprise App sign-in logs in AAD.
BANGS HEAD AGAINST WALL...
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 09:53
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Check if you have an error on the Integration now, or try restarting it and see if it throws an error.
The setup was pretty easy in Genesys, the tricky part was to get the right Application Access Policy for Azure in place for the application ID to get access to the mailbox.
If it shows an error in integration you should be able to see the reason for it in Azure logs.
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 09:49
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
I can't send on behalf of the queue in question either...
Could not send email
There was an error sending the email. Please contact support if the issue persists.
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 09:41
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
:C)
Thanks, Jan!
One step forward, another step back (although feel like I'm getting closer!)...
I now have my custom email domain setup to use graph API within Genesys Email - 'Test Microsoft Graph Configuration' results in 'success'.
I've added a mailbox into the custom email domain linked to an account within the M365 tenant in question (licensed mailbox). I've added some very simple config...
Email = name@domain.com
Routing = Route to queue X
I'm then emailing (from an external mail account) the email address associated with the queue and it is not being pulled into Genesys at all.
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 08:54
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hi,
The documentation seems a bit off :)
When you select Add Domain you can pick Microsoft Graph.
If you want to use Graph on a domain already configured in Genesys, you'll need to remove the old domain since you can't have the same domain configured twice so you'd want to do this on a test domain first.
There's also a limit on how many domain you can configure so if you hit that limit you'll need to contact support so they can raise the limit.
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 08:26
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hey Jan,
I hope you are well today and thank you for your repsonse!
I initially attempted using separate custom IMAP and SMTP oauth integrations - that resulted in the issues list above.
I then (literally in the last hour) attempted to setup email integration via 'Azure Graph API'. I have the integration enabled with no errors, however when I attempt to configure contact centre email to leverage the graph integration I do not appear to be presented with the options that the article suggests I should see.
1. In Genesys Cloud, click Admin.
2. Under Contact Center, click Email.
3. Click the appropriate custom domain.
4. Select the appropriate Microsoft Graph server integration from the list.
5. (Optional) Click Test Microsoft Graph Configuration.
There is no option to select the Microsoft Graph integration within the 'Email' settings.
So I'm having no joy with either method currently.
Appreciate you taking the time to read my (somewhat disjointed) post!
------------------------------
Matthew Tipler
Original Message:
Sent: 10-22-2025 08:13
From: Jan Heinonen
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hello Matthew,
Which integration do you wanna use?
Graph handles both inbound/outbound, or you would need IMAP for inbound and SMTP for outbound.
------------------------------
Jan Heinonen
Contact Center Specialist
GlobalConnect AB
Original Message:
Sent: 10-22-2025 06:16
From: Matthew Tipler
Subject: Genesys Cloud > M365 Graph API Email Integration (Errors)
Hi guys,
Banging my head against setting up SMTP / IMAP integrations into AAD / M365 from Genesys Cloud.
I've followed these guides to the letter...
Configure Microsoft Azure for email integration - Genesys Cloud Resource Center
| Genesys Cloud Resource Center | remove preview |
| | Configure Microsoft Azure for email integration - Genesys Cloud Resource Center | | Configure Microsoft Azure for email integration with Genesys Cloud by registering an app, granting permissions, creating a client secret, getting endpoint URLs, adding IP addresses, and activating the integration. | | View this on Genesys Cloud Resource Center > |
|
|
Configure and activate the Microsoft Graph integration - Genesys Cloud Resource Center
| Genesys Cloud Resource Center | remove preview |
| | Configure and activate the Microsoft Graph integration - Genesys Cloud Resource Center | | Genesys Cloud's Microsoft Graph integration allows configuring and activating Microsoft email services like Azure after installing the custom integration. Steps include entering credentials, token endpoints from Azure setup, activating the integration, and validating the server connection. | | View this on Genesys Cloud Resource Center > |
|
|
However, when I activate the SMTP integration I'm receiving the following error, "SMTP server failed with message Unable to authenticate with the specified integration.Error 535 5.7.3 Authentication unsuccessful". The IMAP integration error I'm receiving, "Unable to authenticate with the specified integration. Error AUTHENTICATE Failed".
However, within Entra ID if I look at the Enterprise Application sign-in logs, they are showing the sign-ins as 'Success' (when the integration was enabled).
Has anyone actually got this working? Is there something missing or incorrect within the guides? Odd how sign-in logs are reporting success against the Enterprise Application and yet Genesys reports errors.
Massive thanks to anyone that reads this post.
#API/Integrations
------------------------------
Matthew Tipler
------------------------------