Microsoft Exchange 365 Mailer

Extension key: ok_exchange365_mailer
Package name: oliverkroener/ok-exchange365-mailer
Version: main
Language: en
Author: Oliver Kroener <ok@oliver-kroener.de>
License: This document is published under the Open Publication License.
Rendered: Wed, 18 Mar 2026 09:18:23 +0000

A TYPO3 extension for sending emails via Microsoft Exchange 365 using the MS Graph API instead of SMTP. Uses OAuth 2.0 client credentials flow for secure, token-based authentication.

Attention

Since Q3 2025, Microsoft has enforced stricter access policies in some Exchange 365 tenants. You may need to configure an Application Access Policy to restrict app permissions to specific mailboxes. See Exchange Online Setup.

This can also be used to restrict sending to only specific sender addresses (e.g., a shared mailbox).

Introduction

Learn what this extension does, its features, and system requirements.

Learn more

Installation

Install the extension via Composer and activate it in your TYPO3 project.

Get started

Microsoft Entra ID Setup

Configure Azure

Exchange Online Setup

Configure Application Access Policies to restrict app permissions to specific mailboxes using PowerShell.

View guide

Configuration

Set up the extension via environment variables, TYPO3 settings, or TypoScript for frontend form integration.

Configure

FAQ

Answers to frequently asked questions about installation, configuration, and usage.

Read FAQ

Contact

Get in touch with the author for support, questions, or contributions.

Get in touch

Introduction

What does it do?

The Microsoft Exchange 365 Mailer extension replaces TYPO3's default SMTP mail transport with a custom transport that sends emails via the Microsoft Graph API.

Instead of configuring an SMTP server, you register an application in Microsoft Entra ID (formerly Azure AD) and authenticate using the OAuth 2.0 client credentials flow — no user interaction or stored passwords required.

Features

Send emails through Microsoft Graph API — no SMTP required
OAuth 2.0 client credentials flow for server-to-server authentication
Supports both backend (environment variables / TYPO3 settings) and frontend (TypoScript) configuration
Compatible with Powermail, TYPO3 Form Framework, and other form extensions
Optional saving of sent emails to the sender's "Sent Items" folder
Automatic credential blinding in TYPO3's configuration module
Works with shared mailboxes and Application Access Policies

Requirements

TYPO3: 12.4 LTS, 13.4 LTS, or 14.x
PHP: 8.3+
Dependencies:
- microsoft/microsoft-graph ^2 — Microsoft Graph SDK
- oliverkroener/ok-typo3-helper — provides MSGraphMailApiService for message conversion

Installation

Install with Composer

Note

This is the recommended way to install this extension.

Install the extension via Composer:

composer req oliverkroener/ok-exchange365-mailer

Install in Classic Mode

Warning

This is not the recommended way to install this extension, and might involve manual steps to add dependencies.

Or download the extension from https://extensions.typo3.org/extension/ok_exchange365_mailer and install it in the Extension Manager.

Configuration of Microsoft Entra ID (formerly Azure AD)

Attention

The Client ID can be found on the overview page in Azure and should not be confused with the Client Secret ID. For the secret configuration, only the Secret value itself is required, not the Secret ID.

Please follow the steps below to configure Microsoft Entra ID (formerly Azure AD) for the TYPO3 extension ok_exchange365_mailer. This configuration is necessary to enable secure email sending through Microsoft Exchange 365 using the Graph API. .. note:: This guide assumes you have administrative access to Microsoft Entra ID and the necessary permissions to register applications.

Register an application in Microsoft Entra ID (formerly Azure AD).

Please go to https://portal.azure.com
Register the application in Microsoft Entra ID.
Note
- Name: Choose a descriptive name for your application.
- Supported account types: Select "Accounts in this organizational directory only (Single tenant)".
Register an application.

Attention

Redirect URI: No redirect URI is required since this application uses client credentials flow for server-to-server authentication without user delegation.
Collect tenant ID and client ID.
- Tenant ID: This is the unique identifier for your Microsoft Entra ID tenant.
- Client ID: This is the unique identifier for your registered application.
Attention

The Client ID can be found on the overview page in Azure and should not be confused with the Secret ID. For the secret configuration, only the Secret value itself is required, not the Secret ID.
Create a client secret. - Navigate to the "Certificates & secrets" section of your application. - Click on "New client secret".
Add client secret.
Attention
- Secret Value: Copy the secret value immediately after creation. You won't be able to see it again.
- Expiry: Ensure you manage the expiration of the secret and renew it before it expires to maintain uninterrupted service.
Copy secret value.
- Secret Value: This is the value you will use in your TYPO3 configuration to authenticate with Microsoft Entra ID.
- Secret ID: This is not required for the configuration, only the Secret Value is needed. This will be later on the clientSecret in the TYPO3 configuration.
Attention

The Secret Value is sensitive information. Store it securely and do not expose it in public repositories or logs.
Assign API permissions.
- Navigate to the "API permissions" section of your application.
- Click on "Add a permission".
Select Microsoft Graph.

Choose "Microsoft Graph" as the API you want to access.
Select application permissions.

Choose Application permissions since this application will run without user interaction.
Add Mail.Send permission.
- This permission allows the application to send emails on behalf of users in your organization.
- Choose Mail.Send (Send mail as any user) and "Add permissions".
Add User.ReadBasic.All permission.
- This permission allows the application to read basic user information, which is often necessary for sending emails on behalf of users.
- Click on "Add permissions" after selecting the permission.
Grant admin consent.
- After adding the permissions, you need to grant admin consent for the permissions to take effect.
- Click on "Grant admin consent for [Your Organization Name]".
Attention

This step is crucial as it allows the application to use the permissions granted without requiring individual user consent.

Exchange Online Setup

To restrict app access to specific mailboxes, you need the Exchange Online PowerShell module.

Note

Application Access Policies can currently only be configured via PowerShell. There is no option in the Microsoft Entra ID or Exchange Admin Center web interfaces at this time.

Prerequisites

PowerShell 7.x (latest recommended) is required for best compatibility. Windows PowerShell 5.1 works but may have limitations with newer module versions.

Check your version:

$PSVersionTable.PSVersion

Install or update to PowerShell 7:

winget install Microsoft.PowerShell

Install the ExchangeOnlineManagement module. Run PowerShell as Administrator:

Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber

Import and connect

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -UserPrincipalName your-admin@yourdomain.com

This opens a browser window for authentication. Use an account with Exchange Admin rights.

Create the Application Access Policy

The New-ApplicationAccessPolicy cmdlet restricts your application to only access specific mailboxes instead of all mailboxes in the tenant.

Parameters:

-AppId: The Application (client) ID from your Microsoft Entra ID app registration
-PolicyScopeGroupId: The email address of the mailbox or mail-enabled security group the app is allowed to access
-AccessRight RestrictAccess: Limits the app to only the specified mailbox(es)
-Description: A human-readable description for the policy

New-ApplicationAccessPolicy -AppId "<your-app-id>" -PolicyScopeGroupId "shared@yourdomain.com" -AccessRight RestrictAccess -Description "Restrict to shared mailbox"

Tip

Replace <your-app-id> with your actual Application ID and shared@yourdomain.com with the mailbox address you want to allow.

To verify the policy was created:

Get-ApplicationAccessPolicy | Format-List

To test if the policy works correctly:

Test-ApplicationAccessPolicy -Identity "shared@yourdomain.com" -AppId "<your-app-id>"

Troubleshooting

# Check if connected
Get-ConnectionInformation

# Verify cmdlet exists
Get-Command New-ApplicationAccessPolicy

# Check PowerShell version (needs 5.1+)
$PSVersionTable.PSVersion

# List all existing policies
Get-ApplicationAccessPolicy | Format-List

# Remove a policy if needed
Remove-ApplicationAccessPolicy -Identity "<policy-id>"

Using Shared Mailboxes

Attention

You cannot use a shared mailbox directly as the PolicyScopeGroupId – it requires a mail-enabled security group.

If you see an error like this when creating the policy:

The policy scope "shared@yourdomain.com" is not a valid mail-enabled security group.

You need to create a mail-enabled security group and add the shared mailbox to it.

Create a mail-enabled security group

1. Create the security group via PowerShell:

New-DistributionGroup -Name "Graph API Shared Mailboxes" -Type Security -PrimarySmtpAddress "graph-mailboxes@yourdomain.com"

2. Add your shared mailbox to the group:

Add-DistributionGroupMember -Identity "Graph API Shared Mailboxes" -Member "shared@yourdomain.com"

3. Verify the group was created correctly:

Get-DistributionGroup -Identity "Graph API Shared Mailboxes" | Format-List
Get-DistributionGroupMember -Identity "Graph API Shared Mailboxes"

4. Now create the Application Access Policy using the group:

New-ApplicationAccessPolicy -AppId "<your-app-id>" -PolicyScopeGroupId "graph-mailboxes@yourdomain.com" -AccessRight RestrictAccess -Description "Allow app to send from shared mailboxes"

5. Test the policy:

Test-ApplicationAccessPolicy -Identity "shared@yourdomain.com" -AppId "<your-app-id>"

You should see AccessCheckResult: Granted.

Warning

Policy changes can take up to 30 minutes to propagate. If the test shows "Denied" immediately after creating the policy, wait and try again.

Adding multiple mailboxes

Simply add additional mailboxes to the same security group you already created:

Add-DistributionGroupMember -Identity "Graph API Shared Mailboxes" -Member "another-shared@yourdomain.com"

The Application Access Policy applies to all members of the group – no need to create a new policy.

Verify it worked:

# List all members of the group
Get-DistributionGroupMember -Identity "Graph API Shared Mailboxes"

# Test the new mailbox
Test-ApplicationAccessPolicy -Identity "another-shared@yourdomain.com" -AppId "<your-app-id>"

Note

Changes can take up to 30 minutes to propagate. If the test doesn't show "Granted" immediately, wait and try again.

Alternative via Microsoft 365 Admin Center

Go to Admin Center → Teams & Groups → Active teams & groups
Click Add a group and select Mail-enabled security
Name the group (e.g., "Graph API Shared Mailboxes")
Add the shared mailbox as a member
Then run the New-ApplicationAccessPolicy command with that group's email address

Configuring the Sender Display Name

Attention

By default, emails sent via the Microsoft Graph API from a shared mailbox may display the mailbox address or a generic name instead of the intended sender name. Recipients will see whatever Display name is configured on the mailbox in Exchange Online — not the name set in TYPO3.

Hence, setting $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromName'] or $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'] in TYPO3 has no effect on the sender name shown to recipients. You must explicitly configure the display name in the Microsoft 365 or Exchange Admin Center for it to appear correctly.

When sending emails through the Graph API, the recipient sees the display name configured on the mailbox in Exchange Online. To ensure the correct sender name appears, you need to configure the mailbox properties in the Microsoft 365 Admin Center.

Configure via Microsoft 365 Admin Center

Open the Microsoft 365 Admin Center.

Go to https://admin.microsoft.com and sign in with an admin account.
Navigate to the mailbox.
- For shared mailboxes: Go to Teams & Groups → Shared mailboxes (or Active teams & groups if the mailbox is a group).
- For regular user mailboxes: Go to Users → Active users.
Select the mailbox you configured as the fromEmail in your TYPO3 setup.
Edit the display name.

Click on the mailbox name to open its properties. Under General, update the Display name to the name you want recipients to see as the sender (e.g., "Oliver Kroener" or "Contact - Oliver Kroener").

Click Save changes.
Verify the sender display name.

Send a test email through TYPO3 and verify that the recipient sees the correct sender name in their inbox.

Configure via Exchange Admin Center

Alternatively, you can use the Exchange Admin Center for more granular mailbox settings:

Open the Exchange Admin Center.

Go to https://admin.exchange.microsoft.com and sign in with an admin account.
Navigate to the mailbox.

Go to Recipients → Mailboxes (for user mailboxes) or Recipients → Groups → Shared mailboxes (for shared mailboxes).

Select the mailbox used as fromEmail.
Edit mailbox properties.

Click on the mailbox to open its settings. Under General, you can configure:
- Display name: The name shown to email recipients (e.g., "Oliver Kroener Website")
- Email addresses: Add or modify email aliases if needed
Click Save to apply the changes.

Configure via PowerShell

You can also update the display name via PowerShell:

# For a shared mailbox
Set-Mailbox -Identity "shared@yourdomain.com" -DisplayName "Your Desired Sender Name"

# Verify the change
Get-Mailbox -Identity "shared@yourdomain.com" | Format-List DisplayName, PrimarySmtpAddress

Note

The display name change takes effect immediately for new emails. Recipients of previously sent emails will continue to see the old display name.

Tip

If you want the sender to show a specific name like "Contact Form - Your Company" instead of just the mailbox name, set the DisplayName accordingly. This is the name that appears in the From field in recipients' email clients.

Configuration

This section covers all aspects of configuring the Microsoft Exchange 365 Mailer extension for TYPO3.

After completing the Azure Configuration, you need to configure the TYPO3 extension with the values obtained from Microsoft Entra ID.

Quick Configuration Overview

The extension requires the following key configuration variables:

Mail Transport: Set to use Exchange365Transport
Tenant ID: Your Microsoft Entra ID tenant identifier
Client ID: Your Azure application identifier
Client Secret: Your Azure application secret
From Email: The sender email address
Save to Sent Items: Whether to save emails to sent folder

For detailed step-by-step instructions, see:

Essential Configuration - For server-side email sending (recommended for production)
Frontend Configuration - For form-based email sending (Powermail, Form Framework)

Configuration Methods

You can configure this extension using:

Essential Configuration (Recommended)

Environment variables (.env file)
TYPO3 LocalConfiguration.php
TYPO3 Admin Panel (if available)

Frontend Configuration (For Forms)

TypoScript configuration
Required for Powermail, Form Framework, and other frontend forms

Choose the method that best fits your deployment workflow and security requirements.

Attention

Security Recommendation: Use backend configuration with environment variables for production environments to avoid exposing sensitive Azure credentials in TypoScript.

Essential Configuration

After completing the Azure Configuration, you need to configure the TYPO3 extension with the values obtained from Microsoft Entra ID.

Attention

Quick Navigation

This page covers the complete configuration setup for the Exchange 365 TYPO3 extension:

Configuration Variables - Required environment variables and settings
Configuration Example - Complete configuration example with screenshot
Alternative Configuration Methods - Different ways to configure the extension
Testing the Configuration - How to verify your setup works
Security Considerations - Important security guidelines
Configuration Validation - Steps to validate your configuration

Configuration Variables

The extension requires several configuration variables to be set in TYPO3. These can be configured through environment variables or directly in the TYPO3 configuration.

The following steps show the configuration with .env variables, but you can also set them in the LocalConfiguration.php file or through the TYPO3 Admin Panel if available. .. note:: The configuration variables are prefixed with TYPO3_CONF_VARS__MAIL__transport_exchange365_ to avoid conflicts with other mail transports.

Set the mail transport to Exchange365Transport.

Configure TYPO3 to use the Exchange 365 transport instead of the default SMTP transport.
```
TYPO3_CONF_VARS__MAIL__transport=OliverKroener\\OkExchange365\\Mail\\Transport\\Exchange365Transport
```
Copied!
Configure the Tenant ID.

Set the Tenant ID obtained from step 4 of the Azure Configuration.
```
TYPO3_CONF_VARS__MAIL__transport_exchange365_tenantId='your-tenant-id-here'
```
Copied!
Attention

Replace your-tenant-id-here with the actual Tenant ID from your Azure application overview page.
Configure the Client ID.

Set the Client ID (Application ID) obtained from step 4 of the Azure Configuration.
```
TYPO3_CONF_VARS__MAIL__transport_exchange365_clientId='your-client-id-here'
```
Copied!
Attention

Replace your-client-id-here with the actual Client ID from your Azure application overview page.
Configure the Client Secret.

Set the Client Secret value obtained from step 7 of the Azure Configuration.
```
TYPO3_CONF_VARS__MAIL__transport_exchange365_clientSecret='your-client-secret-here'
```
Copied!
Attention
- Replace your-client-secret-here with the actual Secret Value (not the Secret ID)
- This is sensitive information - keep it secure and never expose it in public repositories
Configure the sender email address.

Set the email address that will be used as the sender for all emails sent through this transport.
```
TYPO3_CONF_VARS__MAIL__transport_exchange365_fromEmail='service@your-domain.com'
```
Copied!
Attention

The email address will fall back to TYPO3's $GLOBALS['TYPO3_CONF_VARS']['MAIL']['defaultMailFromAddress'] if not specified here.
Note
- Replace service@your-domain.com with a valid email address from your organization (it must exist in your Exchange 365 environment as SharedMailbox or User Mailbox)
- This email address must exist in your Exchange 365 environment
- The application needs permission to send emails on behalf of this address
Configure save to sent items (optional).

Determine whether sent emails should be saved to the sender's "Sent Items" folder.
```
TYPO3_CONF_VARS__MAIL__transport_exchange365_saveToSentItems=1
```
Copied!
Note
- Set to 1 to save emails to Sent Items folder
- Set to 0 to skip saving emails to Sent Items folder
- Default value is 0 (enabled) if not specified

Configuration Example

Here's a complete example of all required configuration variables:

TYPO3 configuration showing Exchange365 transport variables setup

Environment Variables (.env file)

You can configure these settings using a .env file in your TYPO3 root directory:

# Exchange 365 Mail Transport Configuration
TYPO3_CONF_VARS__MAIL__transport=OliverKroener\\OkExchange365\\Mail\\Transport\\Exchange365Transport
TYPO3_CONF_VARS__MAIL__transport_exchange365_tenantId='your-tenant-id-here'
TYPO3_CONF_VARS__MAIL__transport_exchange365_clientId='your-client-id-here'
TYPO3_CONF_VARS__MAIL__transport_exchange365_clientSecret='your-client-secret-here'
TYPO3_CONF_VARS__MAIL__transport_exchange365_fromEmail='service@your-domain.com'
TYPO3_CONF_VARS__MAIL__transport_exchange365_saveToSentItems=1

Alternative Configuration Methods

In Typo3 config files

Alternatively, you can add these settings directly to your TYPO3 configuration files, such as config/system/settings.php or config/system/additional.php or typo3conf/LocalConfiguration.php.

<?php
return [
    // ...existing configuration...
    
    'MAIL' => [
        'transport' => 'OliverKroener\\OkExchange365\\Mail\\Transport\\Exchange365Transport',
        'transport_exchange365_tenantId' => 'your-tenant-id-here',
        'transport_exchange365_clientId' => 'your-client-id-here',
        'transport_exchange365_clientSecret' => 'your-client-secret-here',
        'transport_exchange365_fromEmail' => 'service@your-domain.com',
        'transport_exchange365_saveToSentItems' => 1,
    ],
    
    // ...existing configuration...
];

Or using the $GLOBALS syntax:

<?php
// In typo3conf/LocalConfiguration.php or ext_localconf.php
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] = 'OliverKroener\\OkExchange365\\Mail\\Transport\\Exchange365Transport';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_exchange365_tenantId'] = 'your-tenant-id-here';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_exchange365_clientId'] = 'your-client-id-here';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_exchange365_clientSecret'] = 'your-client-secret-here';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_exchange365_fromEmail'] = 'service@your-domain.com';
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport_exchange365_saveToSentItems'] = 1;

Attention

Replace placeholder values with your actual Azure configuration values
When using PHP syntax, use single backslashes (``) in class names instead of double backslashes
Keep the client secret secure and never commit it to version control

Testing the Configuration

After configuring all variables, you can test the email functionality by:

Sending a test email through TYPO3's mail functionality
Checking the TYPO3 logs for any error messages
Verifying that emails are received at the intended recipients
Checking the sender's "Sent Items" folder if saveToSentItems is enabled

Tip

Enable TYPO3's developer log to see detailed information about the email sending process and any potential issues with the Exchange 365 integration.

Security Considerations

Warning

Azure Credential Security

Store the clientSecret securely using environment variables or encrypted configuration
Never commit secrets to version control systems
Rotate client secrets regularly before expiration
Use different Azure applications for different environments (dev/staging/prod)
Monitor Azure sign-in logs for unauthorized access

Configuration Validation

To verify your configuration is correct:

Check in backend:
- Navigate to the TYPO3 Admin Panel
- Check the mail configuration under Settings > Environment > Test Mail Setup
- Ensure the transport is set to Exchange365Transport and all required fields are filled

Check TYPO3 configuration:

// In TYPO3 backend or debug context
\TYPO3\CMS\Core\Utility\DebugUtility::debug($GLOBALS['TYPO3_CONF_VARS']['MAIL']);

Test email sending:

// Test email functionality
$mail = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Core\Mail\MailMessage::class);
$mail->to('test@example.com')
    ->subject('Test Email')
    ->text('This is a test email from TYPO3.')
    ->send();

Check logs: Monitor TYPO3 logs for authentication or sending errors

Frontend Configuration

The Exchange 365 Mailer extension supports frontend email sending through popular TYPO3 extensions like Powermail, Form Framework, and other form extensions. This requires additional TypoScript configuration to work properly.

Attention

Frontend configuration is required for any page that uses forms or email functionality. Without proper TypoScript setup, frontend forms will not be able to send emails through Exchange 365.

Frontend Configuration Overview

Frontend email sending requires the same 5 core parameters as the backend configuration, but they must be configured via TypoScript instead of environment variables or LocalConfiguration.php.

TYPO3 TypoScript configuration showing Exchange365 frontend parameters

Required TypoScript Parameters

The following 5 parameters must be configured in your TypoScript setup for frontend email functionality:

Transport Class Configuration

Set the mail transport to use the Exchange365Transport class for frontend operations.
```
config.mail.transport = OliverKroener\OkExchange365\Mail\Transport\Exchange365Transport
```
Copied!
Note

This tells TYPO3 to use the Exchange 365 transport instead of the default SMTP transport for frontend emails.
Tenant ID

Configure your Microsoft Entra ID tenant identifier.
```
plugin.tx_okexchange365mailer.settings.exchange365.tenantId = your-tenant-id-here
```
Copied!
Attention

Replace your-tenant-id-here with the actual Tenant ID from your Azure Configuration (step 4).
Client ID

Set your Azure application's client identifier.
```
plugin.tx_okexchange365mailer.settings.exchange365.clientId = your-client-id-here
```
Copied!
Attention

Replace your-client-id-here with the actual Client ID from your Azure Configuration (step 4).
Client Secret

Configure the Azure application's client secret.
```
plugin.tx_okexchange365mailer.settings.exchange365.clientSecret = your-client-secret-here
```
Copied!
Warning
- Replace your-client-secret-here with the actual Secret Value from your Azure Configuration (step 7)
- Security Risk: TypoScript is visible in the frontend source. Consider using Essential Configuration with environment variables for production
- Never expose this value in public repositories or frontend debugging
From Email Address

Set the sender email address for frontend-generated emails.
```
plugin.tx_okexchange365mailer.settings.exchange365.fromEmail = service@your-domain.com
```
Copied!
Note
- Replace service@your-domain.com with a valid email address from your Exchange 365 environment
- This email must exist as a SharedMailbox or User Mailbox in your organization
- If not specified, falls back to config.mail.defaultMailFromAddress
Save to Sent Items (Optional)

Determine whether frontend emails should be saved to the sender's "Sent Items" folder.
```
plugin.tx_okexchange365mailer.settings.exchange365.saveToSentItems = 1
```
Copied!
Note
- Set to 1 to save emails to Sent Items folder
- Set to 0 to skip saving emails to Sent Items folder
- Default value is 0 if not specified

Complete TypoScript Configuration Example

Here's a complete TypoScript setup example for frontend email functionality:

# Exchange 365 Frontend Mail Configuration
config {
    mail {
        # Set transport to Exchange 365
        transport = OliverKroener\OkExchange365\Mail\Transport\Exchange365Transport
        
        # Optional: Default mail settings
        defaultMailFromAddress = service@your-domain.com
        defaultMailFromName = Your Organization Name
    }
}

# Exchange 365 specific configuration
plugin.tx_okexchange365mailer {
    settings {
        exchange365 {
            # Azure/Microsoft Entra ID Configuration
            tenantId = your-tenant-id-here
            clientId = your-client-id-here
            clientSecret = your-client-secret-here
            
            # Email Configuration
            fromEmail = service@your-domain.com
            saveToSentItems = 1
        }
    }
}

Integration with Form Extensions

Powermail Integration

When using Powermail, the extension will automatically use the configured Exchange 365 transport for sending emails:

plugin.tx_powermail {
    settings {
        setup {
            # Powermail will use the global mail configuration
            # No additional configuration needed
        }
    }
}

TYPO3 Form Framework Integration

For the TYPO3 Form Framework, ensure your form configuration references the global mail settings:

# In your form configuration (YAML)
finishers:
  -
    identifier: EmailToReceiver
    options:
      # Uses global mail configuration automatically
      recipientAddress: 'recipient@example.com'
      recipientName: 'Recipient Name'

Configuration File Locations

Place your TypoScript configuration in one of these locations:

Template Records

Add the configuration to your main TypoScript template record in the TYPO3 backend.

Static Files

Create or modify files in your site package:

Configuration/TypoScript/setup.typoscript
Configuration/TypoScript/constants.typoscript (for constants)

Page TSconfig (Not recommended for mail settings)

Only use for page-specific overrides, not for global mail configuration.

Security Considerations for Frontend

Danger

TypoScript Security Warning

TypoScript configuration is potentially visible in frontend source code and through various debugging tools:

Client Secret Exposure: Never use sensitive secrets in TypoScript on production sites
Recommended Approach: Use Essential Configuration with environment variables
Alternative: Use TYPO3's encrypted configuration features for sensitive data
Monitoring: Regularly audit your TypoScript for exposed credentials

Best Practices

Environment-Specific Configuration

Use different Azure applications for different environments:

[applicationContext == "Development"]
    plugin.tx_okexchange365mailer.settings.exchange365.clientId = dev-client-id
    plugin.tx_okexchange365mailer.settings.exchange365.tenantId = dev-tenant-id
[END]

[applicationContext == "Production"]
    plugin.tx_okexchange365mailer.settings.exchange365.clientId = prod-client-id
    plugin.tx_okexchange365mailer.settings.exchange365.tenantId = prod-tenant-id
[END]

Conditional Loading

Only load Exchange 365 configuration when needed:

[siteIdentifier == "main-site"]
    <INCLUDE_TYPOSCRIPT: source="FILE:EXT:site_package/Configuration/TypoScript/exchange365.typoscript">
[END]

Fallback Configuration

Always provide fallback settings:

config.mail {
    defaultMailFromAddress = fallback@your-domain.com
    defaultMailFromName = Fallback Sender
}

Testing Frontend Configuration

To test your frontend configuration:

Create a test form using Powermail or Form Framework
Submit the form and verify email delivery
Check TYPO3 logs for any authentication or sending errors
Verify in Exchange 365 that emails appear in the sender's mailbox (if saveToSentItems is enabled)

Tip

Use TYPO3's mail spooling functionality during development to prevent sending actual emails while testing configuration.

Troubleshooting Frontend Issues

Common issues and solutions:

Emails not sending

Verify all 5 parameters are correctly configured in TypoScript
Check that the Azure application has proper permissions
Ensure the sender email exists in Exchange 365

Authentication errors

Verify Tenant ID and Client ID are correct
Check that the Client Secret is valid and not expired
Confirm Azure admin consent has been granted

Permission errors

Ensure the Azure application has Mail.Send permission
Verify the sender email address exists in your Exchange 365 environment
Check that the application can send on behalf of the specified user

Frequently Asked Questions (FAQ)

See chapter Installation.

See chapter Configuration.

See chapter Where to get help.

Where to get help

Note

You can get help in the TYPO3 Slack https://typo3.org/community/meet/chat-slack, Ask a question in the official TYPO3 forum, https://talk.typo3.org/c/typo3-questions/19 or contact the extension author.

Please visit the following website for contacting the author directly: https://www.oliver-kroener.de

Report Issues

Attention

You can report issues at https://github.com/oliverkroener/ok_exchange365_mailer/issues.

Contact

Author — Oliver Kroener

Automated. Scaled. Done.

Web3 · Cloud · Automation

Technology is only valuable when it solves a real problem. For over 30 years I've been translating between business and tech — so your investment in digitalisation doesn't stall at proof-of-concept but delivers measurable results.

Support

If you encounter issues or have questions about this extension:

Bug reports & feature requests: Use the GitHub issue tracker
Email: ok@oliver-kroener.de

Contributing

Contributions are welcome. Please open a pull request or issue on GitHub.

License

This extension is licensed under the GPL-2.0-or-later.

Microsoft Exchange 365 Mailer

Introduction

Installation

Microsoft Entra ID Setup

Exchange Online Setup

Configuration

FAQ

Contact

Introduction

What does it do?

Features

Requirements

Installation

Install with Composer

Install in Classic Mode

Configuration of Microsoft Entra ID (formerly Azure AD)

Exchange Online Setup

Prerequisites

Import and connect

Create the Application Access Policy

Troubleshooting

Using Shared Mailboxes

Create a mail-enabled security group

Adding multiple mailboxes

Alternative via Microsoft 365 Admin Center

Configuring the Sender Display Name

Configure via Microsoft 365 Admin Center

Configure via Exchange Admin Center

Configure via PowerShell

Configuration

Quick Configuration Overview

Configuration Methods

Essential Configuration

Quick Navigation

Configuration Variables

Configuration Example

Environment Variables (.env file)

Alternative Configuration Methods

In Typo3 config files

Testing the Configuration

Security Considerations

Configuration Validation

Frontend Configuration

Frontend Configuration Overview

Required TypoScript Parameters

Complete TypoScript Configuration Example

Integration with Form Extensions

Powermail Integration

TYPO3 Form Framework Integration

Configuration File Locations

Security Considerations for Frontend

Best Practices

Testing Frontend Configuration

Troubleshooting Frontend Issues

Frequently Asked Questions (FAQ)

How can I install this extension?

How to can I include the TypoScript?

Where to get help?

Where to get help

Report Issues

Contact

Author — Oliver Kroener

Automated. Scaled. Done.

Support

Contributing

License

Index

Sitemap