Microsoft Exchange Online | SMTP onboarding to App RBAC

Originally posted by Microsoft Sep 25, 2025 Uncategorized 0 Comments

Microsoft Exchange Online will enable admins to assign the SMTP.SendAsApp role to applications via App RBAC, allowing group-based or scoped mailbox access. This replaces manual per-mailbox permissions, simplifying OAuth SMTP client onboarding. Rollout begins November 2025, with no end-user impact. Prepare by planning group-based access and updating documentation.

We’re simplifying how organizations grant applications permission to send email on behalf of mailboxes. Today, customers must manually assign permissions to each individual mailbox using PowerShell, which is time-consuming and inefficient. With this new capability, admins can assign the SMTP.SendAsApp role to an app through App Role-Based Access Control (RBAC), enabling group-based or scoped access to mailboxes. This simplifies onboarding for SMTP clients using OAuth and provides a scalable, secure, and modern approach to managing mailbox access.

This message is associated with Microsoft 365 Roadmap ID 498356.

When this will happen:

  • General Availability (Worldwide): We will begin rolling out early November 2025 and expect to complete by late November 2025.

How this affects your organization:

Who is affected:

  • Admins managing SMTP AUTH clients using OAuth in Exchange Online.

What will happen:

What you can do to prepare:

Compliance considerations:

  • Admins can assign the SMTP.SendAsApp role to applications via App RBAC.
  • This enables group-based or scoped access to mailboxes.
  • Eliminates the need for per-mailbox permission assignments.
  • Streamlines onboarding for SMTP clients using OAuth.
  • No changes to end-user experience.

Message ID: MC1158911

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: