{"id":278774,"date":"2026-05-12T10:32:10","date_gmt":"2026-05-12T08:32:10","guid":{"rendered":"https:\/\/www.unipile.com\/?p=278774"},"modified":"2026-05-12T10:34:14","modified_gmt":"2026-05-12T08:34:14","slug":"microsoft-graph-oauth-email","status":"publish","type":"post","link":"https:\/\/www.unipile.com\/br\/microsoft-graph-oauth-email\/","title":{"rendered":"Microsoft Graph OAuth: Autentique Caixas de Correio do Outlook e Microsoft 365 (Guia 2026)"},"content":{"rendered":"\n[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-toc-msgraph,<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->  background: transparent !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph { display: block !important; }<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->#upl-toc-msgraph.toc-wrapper {<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 20px 40px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-card {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e2e5ea !important;<!-- [et_pb_line_break_holder] -->  border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-header {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: space-between !important;<!-- [et_pb_line_break_holder] -->  padding: 14px 18px !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid #f0f1f3 !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  user-select: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-label {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.72rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #64748b !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.8px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-label svg {<!-- [et_pb_line_break_holder] -->  width: 14px !important;<!-- [et_pb_line_break_holder] -->  height: 14px !important;<!-- [et_pb_line_break_holder] -->  stroke: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-toggle-icon {<!-- [et_pb_line_break_holder] -->  width: 16px !important;<!-- [et_pb_line_break_holder] -->  height: 16px !important;<!-- [et_pb_line_break_holder] -->  stroke: #94a3b8 !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.25s ease !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-grid {<!-- [et_pb_line_break_holder] -->  display: grid !important;<!-- [et_pb_line_break_holder] -->  grid-template-columns: repeat(3, 1fr) !important;<!-- [et_pb_line_break_holder] -->  gap: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 6px 10px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-col {<!-- [et_pb_line_break_holder] -->  padding: 12px 12px !important;<!-- [et_pb_line_break_holder] -->  border-left: 1px solid #f0f1f3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-col:first-child {<!-- [et_pb_line_break_holder] -->  border-left: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 7px !important;<!-- [et_pb_line_break_holder] -->  padding: 5px 6px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 6px !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  transition: background 0.15s ease !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item:hover {<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.06) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item.active {<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.08) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-num {<!-- [et_pb_line_break_holder] -->  width: 18px !important;<!-- [et_pb_line_break_holder] -->  height: 18px !important;<!-- [et_pb_line_break_holder] -->  min-width: 18px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 5px !important;<!-- [et_pb_line_break_holder] -->  background: #f1f5f9 !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.55rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #64748b !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item.active .toc-num {<!-- [et_pb_line_break_holder] -->  background: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item-text {<!-- [et_pb_line_break_holder] -->  font-size: 0.68rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 500 !important;<!-- [et_pb_line_break_holder] -->  color: #374151 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-toc-msgraph .toc-item.active .toc-item-text {<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-toc-msgraph .toc-grid { grid-template-columns: repeat(2, 1fr) !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-toc-msgraph .toc-grid { grid-template-columns: 1fr !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><div id=\"upl-toc-msgraph\" class=\"toc-wrapper\"><!-- [et_pb_line_break_holder] -->  <div class=\"toc-card\"><!-- [et_pb_line_break_holder] -->    <div class=\"toc-header\" id=\"msgraph-toc-toggle\"><!-- [et_pb_line_break_holder] -->      <div class=\"toc-label\"><!-- [et_pb_line_break_holder] -->        <svg viewBox=\"0 0 24 24\"><line x1=\"8\" y1=\"6\" x2=\"21\" y2=\"6\"\/><line x1=\"8\" y1=\"12\" x2=\"21\" y2=\"12\"\/><line x1=\"8\" y1=\"18\" x2=\"21\" y2=\"18\"\/><line x1=\"3\" y1=\"6\" x2=\"3.01\" y2=\"6\"\/><line x1=\"3\" y1=\"12\" x2=\"3.01\" y2=\"12\"\/><line x1=\"3\" y1=\"18\" x2=\"3.01\" y2=\"18\"\/><\/svg><!-- [et_pb_line_break_holder] -->        <span>Table of Contents<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <svg class=\"toc-toggle-icon\" viewBox=\"0 0 24 24\"><polyline points=\"6 9 12 15 18 9\"\/><\/svg><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"toc-grid\" id=\"msgraph-toc-grid\"><!-- [et_pb_line_break_holder] -->      <div class=\"toc-col\"><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-why\" class=\"toc-item active\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">01<\/span><span class=\"toc-item-text\">Why Microsoft Graph OAuth is non-negotiable in 2026<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-flows\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">02<\/span><span class=\"toc-item-text\">The 3 OAuth flows Microsoft supports<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-entra\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">03<\/span><span class=\"toc-item-text\">Microsoft Entra app registration (7 steps)<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-authority\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">04<\/span><span class=\"toc-item-text\">Choosing the right authority endpoint<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"toc-col\"><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-scopes\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">05<\/span><span class=\"toc-item-text\">Mail scopes deep-dive<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-delegated\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">06<\/span><span class=\"toc-item-text\">Delegated vs Application permissions<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-consent\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">07<\/span><span class=\"toc-item-text\">Admin consent flow<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-pkce\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">08<\/span><span class=\"toc-item-text\">Auth code + PKCE walkthrough<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"toc-col\"><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-refresh\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">09<\/span><span class=\"toc-item-text\">Refresh token handling<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-errors\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">10<\/span><span class=\"toc-item-text\">Common AADSTS errors decoded<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-unipile\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">11<\/span><span class=\"toc-item-text\">The Unipile alternative<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->        <a href=\"#msgraph-faq\" class=\"toc-item\"><!-- [et_pb_line_break_holder] -->          <span class=\"toc-num\">12<\/span><span class=\"toc-item-text\">FAQ<\/span><!-- [et_pb_line_break_holder] -->        <\/a><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><script><!-- [et_pb_line_break_holder] -->(function(){<!-- [et_pb_line_break_holder] -->  function init(){<!-- [et_pb_line_break_holder] -->    var toggle = document.getElementById('msgraph-toc-toggle');<!-- [et_pb_line_break_holder] -->    var grid = document.getElementById('msgraph-toc-grid');<!-- [et_pb_line_break_holder] -->    var icon = toggle ? toggle.querySelector('.toc-toggle-icon') : null;<!-- [et_pb_line_break_holder] -->    if(!toggle || !grid) return;<!-- [et_pb_line_break_holder] -->    toggle.addEventListener('click', function(){<!-- [et_pb_line_break_holder] -->      var isHidden = grid.style.display === 'none';<!-- [et_pb_line_break_holder] -->      grid.style.display = isHidden ? '' : 'none';<!-- [et_pb_line_break_holder] -->      if(icon){ icon.style.transform = isHidden ? '' : 'rotate(-90deg)'; }<!-- [et_pb_line_break_holder] -->    });<!-- [et_pb_line_break_holder] -->    var items = document.querySelectorAll('#upl-toc-msgraph .toc-item');<!-- [et_pb_line_break_holder] -->    items.forEach(function(item){<!-- [et_pb_line_break_holder] -->      item.addEventListener('click', function(e){<!-- [et_pb_line_break_holder] -->        items.forEach(function(i){ i.classList.remove('active'); });<!-- [et_pb_line_break_holder] -->        item.classList.add('active');<!-- [et_pb_line_break_holder] -->        var href = item.getAttribute('href');<!-- [et_pb_line_break_holder] -->        if(href && href.startsWith('#')){<!-- [et_pb_line_break_holder] -->          e.preventDefault();<!-- [et_pb_line_break_holder] -->          var target = document.querySelector(href);<!-- [et_pb_line_break_holder] -->          if(target){ target.scrollIntoView({ behavior: 'smooth', block: 'start' }); }<!-- [et_pb_line_break_holder] -->        }<!-- [et_pb_line_break_holder] -->      });<!-- [et_pb_line_break_holder] -->    });<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  if(document.readyState === 'loading'){<!-- [et_pb_line_break_holder] -->    document.addEventListener('DOMContentLoaded', init);<!-- [et_pb_line_break_holder] -->  } else { init(); }<!-- [et_pb_line_break_holder] -->})();<!-- [et_pb_line_break_holder] --><\/script>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-hero-msgraph,<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1160px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 24px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-grid {<!-- [et_pb_line_break_holder] -->  display: grid !important;<!-- [et_pb_line_break_holder] -->  grid-template-columns: 1fr 1fr !important;<!-- [et_pb_line_break_holder] -->  gap: 60px !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 20px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-badge-dot {<!-- [et_pb_line_break_holder] -->  width: 7px !important;<!-- [et_pb_line_break_holder] -->  height: 7px !important;<!-- [et_pb_line_break_holder] -->  background: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  border-radius: 50% !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper h1 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 44px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.15 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 20px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .h1-accent {<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-meta {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 16px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .meta-item {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 6px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.8rem !important;<!-- [et_pb_line_break_holder] -->  color: #718096 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .meta-item svg {<!-- [et_pb_line_break_holder] -->  width: 14px !important;<!-- [et_pb_line_break_holder] -->  height: 14px !important;<!-- [et_pb_line_break_holder] -->  stroke: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .meta-sep {<!-- [et_pb_line_break_holder] -->  width: 4px !important;<!-- [et_pb_line_break_holder] -->  height: 4px !important;<!-- [et_pb_line_break_holder] -->  background: #cbd5e0 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 50% !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-tags {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-tag {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  color: #4a5568 !important;<!-- [et_pb_line_break_holder] -->  padding: 5px 12px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 6px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.75rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 500 !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e2e8f0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .hero-actions {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 14px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .cta-primary {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 14px 28px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.95rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  border: 2px solid #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.3s ease !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .cta-primary:hover {<!-- [et_pb_line_break_holder] -->  transform: translateY(-5px) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .cta-secondary {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: transparent !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 24px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  border: 2px solid #0f2736 !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.95rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  transition: all 0.3s ease !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .cta-secondary:hover {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .code-wrapper {<!-- [et_pb_line_break_holder] -->  border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->  background: #0d1117 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .editor-bar {<!-- [et_pb_line_break_holder] -->  background: #161b22 !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 18px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid rgba(255,255,255,0.06) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .dot {<!-- [et_pb_line_break_holder] -->  width: 12px !important;<!-- [et_pb_line_break_holder] -->  height: 12px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 50% !important;<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .dot-r { background: #ff5f57 !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .dot-y { background: #febc2e !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .dot-g { background: #28c840 !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .filename {<!-- [et_pb_line_break_holder] -->  color: #8b949e !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  margin-left: 6px !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .pre {<!-- [et_pb_line_break_holder] -->  padding: 20px 24px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  overflow-x: auto !important;<!-- [et_pb_line_break_holder] -->  background: #0d1117 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .pre code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  white-space: pre !important;<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .c { color: #8b949e !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .k { color: #ff7b72 !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .fn { color: #d2a8ff !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .s { color: #a5d6ff !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .n { color: #79c0ff !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .w { color: #e6edf3 !important; }<!-- [et_pb_line_break_holder] -->#upl-hero-msgraph.hero-wrapper .editor-ok {<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.1) !important;<!-- [et_pb_line_break_holder] -->  border-top: 1px solid rgba(59,185,139,0.25) !important;<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  padding: 11px 24px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-hero-msgraph.hero-wrapper .hero-grid { grid-template-columns: 1fr !important; gap: 40px !important; }<!-- [et_pb_line_break_holder] -->  #upl-hero-msgraph.hero-wrapper h1 { font-size: 34px !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-hero-msgraph.hero-wrapper h1 { font-size: 28px !important; }<!-- [et_pb_line_break_holder] -->  #upl-hero-msgraph.hero-wrapper .hero-actions { flex-direction: column !important; }<!-- [et_pb_line_break_holder] -->  #upl-hero-msgraph.hero-wrapper .cta-primary, #upl-hero-msgraph.hero-wrapper .cta-secondary { width: 100% !important; justify-content: center !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-hero-msgraph\" class=\"hero-wrapper\"><!-- [et_pb_line_break_holder] -->  <div class=\"hero-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"hero-left\"><!-- [et_pb_line_break_holder] -->      <div class=\"hero-eyebrow\"><span class=\"hero-badge-dot\"><\/span><span>Microsoft Graph OAuth 2026<\/span><\/div><!-- [et_pb_line_break_holder] -->      <h1>Microsoft Graph <span class=\"h1-accent\">OAuth<\/span>: Authenticate Outlook and Microsoft 365 Mailboxes<\/h1><!-- [et_pb_line_break_holder] -->      <pee class=\"hero-desc\">A complete 2026 guide to Microsoft Graph OAuth for SaaS developers. Covers Microsoft Entra app registration, authority endpoints, Mail scopes, delegated vs application permissions, admin consent, auth code + PKCE, refresh token rotation, AADSTS error codes, and how Unipile eliminates 5 weeks of OAuth plumbing in 5 minutes.<\/pee><!-- [et_pb_line_break_holder] -->      <div class=\"hero-actions\"><!-- [et_pb_line_break_holder] -->        <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-primary\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><span>Build it with Unipile<\/span><\/a><!-- [et_pb_line_break_holder] -->        <a href=\"https:\/\/www.unipile.com\/microsoft-graph-api-email-integration-guide\/\" class=\"cta-secondary\"><span>MS Graph Guide<\/span><\/a><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"hero-right\"><!-- [et_pb_line_break_holder] -->      <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->        <div class=\"editor-bar\"><!-- [et_pb_line_break_holder] -->          <span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><!-- [et_pb_line_break_holder] -->          <span class=\"filename\">link_outlook_account.py<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pre\"><code><span class=\"k\">import<\/span><span class=\"w\"> requests<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Step 1: Generate a hosted auth link<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">response = requests.<\/span><span class=\"fn\">post<\/span><span class=\"w\">(<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">\"https:\/\/apiXXX.unipile.com:XXX<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">     \/api\/v1\/hosted\/accounts\/link\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    headers={<\/span><span class=\"s\">\"X-API-KEY\"<\/span><span class=\"w\">: api_key},<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    json={<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"type\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"create\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"providers\"<\/span><span class=\"w\">: [<\/span><span class=\"s\">\"MICROSOFT\"<\/span><span class=\"w\">],<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"api_url\"<\/span><span class=\"w\">: your_dsn,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"expiresOn\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"2026-12-31T23:59:59Z\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    }<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Step 2: Redirect your user to the URL<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">auth_url = response.<\/span><span class=\"fn\">json<\/span><span class=\"w\">()[<\/span><span class=\"s\">\"url\"<\/span><span class=\"w\">]<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># Unipile handles the full OAuth flow<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># incl. Entra, scopes, tokens, refresh<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"editor-ok\"><svg width=\"12\" height=\"12\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Microsoft OAuth handled. Mailbox ready.<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; sticky_enabled=&#8221;0&#8243;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-why-msgraph,<!-- [et_pb_line_break_holder] -->#upl-why-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-why-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-why-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 24px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(221,223,76,0.18) !important;<!-- [et_pb_line_break_holder] -->  color: #8a8c2e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 48px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .deprecation-banner {<!-- [et_pb_line_break_holder] -->  background: rgba(234,67,53,0.08) !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid rgba(234,67,53,0.25) !important;<!-- [et_pb_line_break_holder] -->  border-left: 4px solid #EA4335 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  padding: 20px 24px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 40px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: flex-start !important;<!-- [et_pb_line_break_holder] -->  gap: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .deprecation-banner svg {<!-- [et_pb_line_break_holder] -->  width: 22px !important;<!-- [et_pb_line_break_holder] -->  height: 22px !important;<!-- [et_pb_line_break_holder] -->  stroke: #EA4335 !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  margin-top: 2px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .deprecation-banner .banner-title {<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #c0392b !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 6px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .deprecation-banner .banner-text {<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .cards-grid {<!-- [et_pb_line_break_holder] -->  display: grid !important;<!-- [et_pb_line_break_holder] -->  grid-template-columns: repeat(3, 1fr) !important;<!-- [et_pb_line_break_holder] -->  gap: 20px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 40px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 16px !important;<!-- [et_pb_line_break_holder] -->  padding: 28px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-icon {<!-- [et_pb_line_break_holder] -->  width: 44px !important;<!-- [et_pb_line_break_holder] -->  height: 44px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-icon svg {<!-- [et_pb_line_break_holder] -->  width: 22px !important;<!-- [et_pb_line_break_holder] -->  height: 22px !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-title {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 16px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 10px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-text {<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-tag {<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  margin-top: 12px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(234,67,53,0.1) !important;<!-- [et_pb_line_break_holder] -->  color: #c0392b !important;<!-- [et_pb_line_break_holder] -->  padding: 3px 10px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 6px !important;<!-- [et_pb_line_break_holder] -->  font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-why-msgraph.why-wrapper .card-tag.sunset {<!-- [et_pb_line_break_holder] -->  background: rgba(251,188,4,0.15) !important;<!-- [et_pb_line_break_holder] -->  color: #8a6800 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-why-msgraph.why-wrapper .cards-grid { grid-template-columns: 1fr 1fr !important; }<!-- [et_pb_line_break_holder] -->  #upl-why-msgraph.why-wrapper h2 { font-size: 28px !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-why-msgraph.why-wrapper .cards-grid { grid-template-columns: 1fr !important; }<!-- [et_pb_line_break_holder] -->  #upl-why-msgraph.why-wrapper h2 { font-size: 26px !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-why-msgraph\" class=\"why-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-why\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>2026 Context<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Why Microsoft Graph OAuth is Non-Negotiable in 2026<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">If your SaaS application reads, sends, or syncs Outlook or Microsoft 365 email, Microsoft Graph OAuth is no longer optional. Three major deprecations have made Basic Auth, legacy protocols, and app passwords obsolete. OAuth 2.0 via the Microsoft Graph API is the only supported path.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"deprecation-banner\"><!-- [et_pb_line_break_holder] -->    <svg viewBox=\"0 0 24 24\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"12\"\/><line x1=\"12\" y1=\"16\" x2=\"12.01\" y2=\"16\"\/><\/svg><!-- [et_pb_line_break_holder] -->    <div><!-- [et_pb_line_break_holder] -->      <div class=\"banner-title\">Legacy auth is dead for Microsoft 365<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"banner-text\">Basic Authentication in Exchange Online was fully disabled in October 2022. App passwords for federated accounts are gone. SMTP AUTH is disabled by default in new tenants. Microsoft has made OAuth 2.0 the only supported authentication method for production applications. Any codebase still using username\/password credentials against Exchange will fail silently or return 401 errors.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"cards-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"card\"><!-- [et_pb_line_break_holder] -->      <div class=\"card-icon\" style=\"background:rgba(234,67,53,0.1)!important;\"><svg viewBox=\"0 0 24 24\" stroke=\"#EA4335\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"4.93\" y1=\"4.93\" x2=\"19.07\" y2=\"19.07\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-title\">Basic Auth &#8211; Fully Deprecated<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-text\">Microsoft disabled Basic Authentication for Exchange Online in October 2022. This affects IMAP, POP3, SMTP, EWS, MAPI, OAB, Outlook Anywhere, and RPC over HTTP. No exceptions, no grace period extensions remaining.<\/div><!-- [et_pb_line_break_holder] -->      <span class=\"card-tag\">Disabled Oct 2022<\/span><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"card\"><!-- [et_pb_line_break_holder] -->      <div class=\"card-icon\" style=\"background:rgba(251,188,4,0.12)!important;\"><svg viewBox=\"0 0 24 24\" stroke=\"#8a6800\"><path d=\"M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z\"\/><line x1=\"12\" y1=\"9\" x2=\"12\" y2=\"13\"\/><line x1=\"12\" y1=\"17\" x2=\"12.01\" y2=\"17\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-title\">EWS &#8211; Sunset Timeline<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-text\">Exchange Web Services (EWS) is in maintenance mode. Microsoft has announced no new features and recommends migrating to Microsoft Graph. While not fully shut down yet, building new integrations on EWS in 2026 is a technical debt decision you will regret.<\/div><!-- [et_pb_line_break_holder] -->      <span class=\"card-tag sunset\">Maintenance Mode<\/span><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"card\"><!-- [et_pb_line_break_holder] -->      <div class=\"card-icon\" style=\"background:rgba(59,185,139,0.12)!important;\"><svg viewBox=\"0 0 24 24\" stroke=\"#3BB98B\"><path d=\"M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10z\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-title\">OAuth 2.0 &#8211; The Required Standard<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"card-text\">Microsoft Graph OAuth via Microsoft Entra ID (formerly Azure AD) is the only officially supported authentication method for production SaaS applications accessing Outlook and Microsoft 365 mailboxes in 2026. This guide covers the complete implementation.<\/div><!-- [et_pb_line_break_holder] -->      <span class=\"card-tag\" style=\"background:rgba(59,185,139,0.12)!important;color:#2aaa7e!important;\">Required Standard<\/span><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div style=\"background:#ffffff!important;border-radius:16px!important;padding:28px 32px!important;margin-top:16px!important;\"><!-- [et_pb_line_break_holder] -->    <div style=\"font-family:'Poppins',sans-serif!important;font-size:17px!important;font-weight:700!important;color:#0f2736!important;margin-bottom:12px!important;\">What Microsoft Graph OAuth unlocks<\/div><!-- [et_pb_line_break_holder] -->    <div style=\"display:grid!important;grid-template-columns:1fr 1fr!important;gap:10px!important;\"><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Read, send, and sync Outlook mailboxes on behalf of authenticated users<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Access Microsoft 365 and personal Outlook.com mailboxes with a single app registration<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Long-lived refresh tokens with automatic rotation (no re-auth for active users)<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Granular scope control: request only the permissions your app genuinely needs<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Multi-tenant support: one app registration serves all customer tenants<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div style=\"display:flex!important;align-items:flex-start!important;gap:10px!important;font-size:14px!important;color:#383838!important;line-height:1.6!important;\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Compliance with enterprise Conditional Access and MFA policies<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-flows-msgraph,<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 0 24px !important; background: #f4f5f7 !important; border-radius: 20px !important; padding-top: 60px !important; padding-bottom: 60px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flows-grid { display: grid !important; grid-template-columns: repeat(3, 1fr) !important; gap: 20px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-card { background: #ffffff !important; border: 2px solid #e5e7eb !important; border-radius: 16px !important; padding: 28px !important; position: relative !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-card.recommended { border-color: #3BB98B !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .recommended-badge { position: absolute !important; top: -13px !important; left: 24px !important; background: #3BB98B !important; color: #ffffff !important; padding: 4px 12px !important; border-radius: 20px !important; font-size: 11px !important; font-weight: 700 !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-name { font-family: 'Poppins', sans-serif !important; font-size: 16px !important; font-weight: 700 !important; color: #0f2736 !important; margin-bottom: 8px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-subtitle { font-size: 12px !important; color: #718096 !important; margin-bottom: 16px !important; font-weight: 500 !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-desc { font-size: 14px !important; color: #383838 !important; line-height: 1.7 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .flow-verdict { padding: 10px 14px !important; border-radius: 8px !important; font-size: 13px !important; font-weight: 600 !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .verdict-yes { background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .verdict-no { background: rgba(234,67,53,0.08) !important; color: #c0392b !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .verdict-maybe { background: rgba(251,188,4,0.12) !important; color: #8a6800 !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .cta-strip { margin-top: 36px !important; text-align: center !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .cta-primary { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: #DDDF4C !important; color: #0f2736 !important; padding: 14px 28px !important; border-radius: 8px !important; font-size: 0.95rem !important; font-weight: 600 !important; border: 2px solid #DDDF4C !important; transition: transform 0.3s ease !important; cursor: pointer !important; text-decoration: none !important; }<!-- [et_pb_line_break_holder] -->#upl-flows-msgraph.flows-wrapper .cta-primary:hover { transform: translateY(-5px) !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) { #upl-flows-msgraph.flows-wrapper .flows-grid { grid-template-columns: 1fr !important; } #upl-flows-msgraph.flows-wrapper h2 { font-size: 28px !important; } }<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) { #upl-flows-msgraph.flows-wrapper h2 { font-size: 26px !important; } }<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-flows-msgraph\" class=\"flows-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-flows\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>OAuth Flows<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>The 3 OAuth Flows Microsoft Supports (and Which One SaaS Needs)<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Microsoft&#8217;s identity platform supports several OAuth 2.0 grant types. Choosing the wrong one is a common source of wasted engineering time. Here is the breakdown for SaaS applications that access email on behalf of their users.<\/pee><!-- [et_pb_line_break_holder] -->  <div class=\"flows-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"flow-card recommended\"><!-- [et_pb_line_break_holder] -->      <span class=\"recommended-badge\"><span>Recommended for SaaS<\/span><\/span><!-- [et_pb_line_break_holder] -->      <div class=\"flow-name\">Authorization Code + PKCE<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-subtitle\">RFC 6749 Section 4.1 + RFC 7636<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-desc\">The user is redirected to Microsoft&#8217;s login page, authenticates, and grants consent. Your app exchanges the returned authorization code for access and refresh tokens. PKCE (Proof Key for Code Exchange) prevents code interception attacks and is mandatory for public clients and recommended for all clients in 2026.<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-verdict verdict-yes\"><svg width=\"13\" height=\"13\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" style=\"display:inline!important;vertical-align:middle!important;margin-right:6px!important;\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Use this for SaaS apps accessing user mailboxes<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"flow-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"flow-name\">Client Credentials<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-subtitle\">OAuth 2.0 Section 4.4 (app-only)<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-desc\">No user interaction. Your app authenticates as itself using a client ID and secret (or certificate). Requires Application permissions (not Delegated), meaning a tenant admin must grant consent to access all mailboxes in the organization. No user consent screen.<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-verdict verdict-maybe\"><svg width=\"13\" height=\"13\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" style=\"display:inline!important;vertical-align:middle!important;margin-right:6px!important;\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"12\"\/><line x1=\"12\" y1=\"16\" x2=\"12.01\" y2=\"16\"\/><\/svg><span>Only for internal tooling with admin-granted access<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"flow-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"flow-name\">Device Code Flow<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-subtitle\">OAuth 2.0 Device Authorization Grant<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-desc\">Designed for devices without a browser (CLIs, IoT, smart TVs). The user visits a URL on another device to authenticate. Not relevant for SaaS web applications where a redirect is possible.<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"flow-verdict verdict-no\"><svg width=\"13\" height=\"13\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" style=\"display:inline!important;vertical-align:middle!important;margin-right:6px!important;\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"4.93\" y1=\"4.93\" x2=\"19.07\" y2=\"19.07\"\/><\/svg><span>Not applicable to standard SaaS web apps<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] -->  <div class=\"cta-strip\"><!-- [et_pb_line_break_holder] -->    <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-primary\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><span>Start building your Microsoft OAuth flow<\/span><\/a><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<!DOCTYPE html><!-- [et_pb_line_break_holder] --><html lang=\"en\"><!-- [et_pb_line_break_holder] --><head><!-- [et_pb_line_break_holder] --><meta charset=\"UTF-8\"><!-- [et_pb_line_break_holder] --><meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"><!-- [et_pb_line_break_holder] --><title>Unipile &#8211; Microsoft Entra App Registration<\/title><!-- [et_pb_line_break_holder] --><link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->body { background: #f4f5f7; padding: 40px 0; }<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph,<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 24px !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(221,223,76,0.18) !important;<!-- [et_pb_line_break_holder] -->  color: #8a8c2e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 48px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .steps-list {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 24px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-card {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 16px !important;<!-- [et_pb_line_break_holder] -->  padding: 28px 32px !important;<!-- [et_pb_line_break_holder] -->  display: grid !important;<!-- [et_pb_line_break_holder] -->  grid-template-columns: 56px 1fr !important;<!-- [et_pb_line_break_holder] -->  gap: 24px !important;<!-- [et_pb_line_break_holder] -->  align-items: flex-start !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-card > div {<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-num {<!-- [et_pb_line_break_holder] -->  width: 48px !important;<!-- [et_pb_line_break_holder] -->  height: 48px !important;<!-- [et_pb_line_break_holder] -->  min-width: 48px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(221,223,76,0.18) !important;<!-- [et_pb_line_break_holder] -->  color: #8a8c2e !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 18px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-title {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 10px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-text {<!-- [et_pb_line_break_holder] -->  font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.75 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 14px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-text strong {<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-text a.doc-link {<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid rgba(59,185,139,0.4) !important;<!-- [et_pb_line_break_holder] -->  transition: color 0.2s ease, border-color 0.2s ease !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-text a.doc-link:hover {<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  border-bottom-color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .step-text code,<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-value code,<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .tip-box code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  background: rgba(0,120,212,0.08) !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 6px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 4px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-block {<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 10px !important;<!-- [et_pb_line_break_holder] -->  padding: 16px 18px !important;<!-- [et_pb_line_break_holder] -->  margin-top: 12px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-row {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: flex-start !important;<!-- [et_pb_line_break_holder] -->  gap: 12px !important;<!-- [et_pb_line_break_holder] -->  padding: 7px 0 !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-row:last-child {<!-- [et_pb_line_break_holder] -->  border-bottom: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-label {<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #718096 !important;<!-- [et_pb_line_break_holder] -->  min-width: 160px !important;<!-- [et_pb_line_break_holder] -->  padding-top: 2px !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.3px !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .field-value {<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->  flex: 1 !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .tip-box {<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.08) !important;<!-- [et_pb_line_break_holder] -->  border-left: 3px solid #3BB98B !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 16px !important;<!-- [et_pb_line_break_holder] -->  margin-top: 14px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .tip-box strong {<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .cta-wrapper {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  margin-top: 32px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .cta-inline {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 22px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.9rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  border: 2px solid #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.3s ease !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .cta-inline:hover {<!-- [et_pb_line_break_holder] -->  transform: translateY(-5px) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-entra-msgraph.entra-wrapper .cta-inline svg {<!-- [et_pb_line_break_holder] -->  width: 16px !important;<!-- [et_pb_line_break_holder] -->  height: 16px !important;<!-- [et_pb_line_break_holder] -->  stroke: currentColor !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2.5 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 36px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-card {<!-- [et_pb_line_break_holder] -->    padding: 22px 24px !important;<!-- [et_pb_line_break_holder] -->    grid-template-columns: 48px 1fr !important;<!-- [et_pb_line_break_holder] -->    gap: 18px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-num {<!-- [et_pb_line_break_holder] -->    width: 42px !important;<!-- [et_pb_line_break_holder] -->    height: 42px !important;<!-- [et_pb_line_break_holder] -->    min-width: 42px !important;<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-label {<!-- [et_pb_line_break_holder] -->    min-width: 130px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    padding: 5px 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 24px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.25 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .steps-list {<!-- [et_pb_line_break_holder] -->    gap: 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-card {<!-- [et_pb_line_break_holder] -->    grid-template-columns: 1fr !important;<!-- [et_pb_line_break_holder] -->    padding: 20px 18px !important;<!-- [et_pb_line_break_holder] -->    gap: 14px !important;<!-- [et_pb_line_break_holder] -->    border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-num {<!-- [et_pb_line_break_holder] -->    width: 38px !important;<!-- [et_pb_line_break_holder] -->    height: 38px !important;<!-- [et_pb_line_break_holder] -->    min-width: 38px !important;<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->    border-radius: 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-title {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.3 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 8px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-text {<!-- [et_pb_line_break_holder] -->    font-size: 14px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-block {<!-- [et_pb_line_break_holder] -->    padding: 12px 14px !important;<!-- [et_pb_line_break_holder] -->    margin-top: 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-row {<!-- [et_pb_line_break_holder] -->    flex-direction: column !important;<!-- [et_pb_line_break_holder] -->    gap: 4px !important;<!-- [et_pb_line_break_holder] -->    padding: 8px 0 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-label {<!-- [et_pb_line_break_holder] -->    min-width: 0 !important;<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    padding-top: 0 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-value {<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-text code,<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-value code,<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .tip-box code {<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->    padding: 1px 5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .tip-box {<!-- [et_pb_line_break_holder] -->    padding: 11px 14px !important;<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->    margin-top: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .cta-wrapper {<!-- [et_pb_line_break_holder] -->    margin-top: 24px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .cta-inline {<!-- [et_pb_line_break_holder] -->    width: 100% !important;<!-- [et_pb_line_break_holder] -->    justify-content: center !important;<!-- [et_pb_line_break_holder] -->    padding: 13px 20px !important;<!-- [et_pb_line_break_holder] -->    white-space: normal !important;<!-- [et_pb_line_break_holder] -->    text-align: center !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 400px) {<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 22px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 14.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-card {<!-- [et_pb_line_break_holder] -->    padding: 18px 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-title {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .step-text {<!-- [et_pb_line_break_holder] -->    font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .field-value {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .tip-box {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-entra-msgraph.entra-wrapper .cta-inline {<!-- [et_pb_line_break_holder] -->    font-size: 0.85rem !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><\/head><!-- [et_pb_line_break_holder] --><body><!-- [et_pb_line_break_holder] --><div id=\"upl-entra-msgraph\" class=\"entra-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-entra\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Step-by-Step Setup<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Microsoft Entra App Registration: 7 Steps<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Before your app can request OAuth tokens, you need a registered application in Microsoft Entra ID (formerly Azure Active Directory). Here are the exact steps, including which field values matter and which are cosmetic.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"steps-list\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>1<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Create an App Registration in the Azure Portal<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">Navigate to <code>portal.azure.com<\/code>, go to <strong>Microsoft Entra ID<\/strong> (search in the top bar), then <strong>App registrations<\/strong>, then click <strong>+ New registration<\/strong>. See the <a href=\"https:\/\/developer.unipile.com\/docs\/microsoft-oauth\" target=\"_blank\" rel=\"noopener\" class=\"doc-link\">full Microsoft OAuth documentation<\/a> for additional context.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Name<\/div><div class=\"field-value\">Your app name. This is what users see on the Microsoft consent screen. Use your product name, not a technical identifier.<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Supported account types<\/div><div class=\"field-value\">For a multi-tenant SaaS serving both business and personal users: select <code>Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts<\/code>. This corresponds to the <code>\/common<\/code> authority endpoint.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"tip-box\"><strong>Tip:<\/strong> If you only serve Microsoft 365 business accounts (not personal Outlook.com), select &#8220;Multitenant&#8221; only. This uses the <code>\/organizations<\/code> authority and reduces your consent surface area. More on authority endpoints in section 4.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>2<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Configure Redirect URIs<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">After registration, go to <strong>Authentication<\/strong> in the left panel. Add a platform: select <strong>Web<\/strong>. Add your redirect URI(s), the URL Microsoft will redirect the user back to with the authorization code.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Platform type<\/div><div class=\"field-value\"><code>Web<\/code> for server-side apps. Use <code>Single-page application (SPA)<\/code> for client-side flows (auto-enables PKCE).<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Redirect URI<\/div><div class=\"field-value\">Must be HTTPS in production. Example: <code>https:\/\/app.yourproduct.com\/auth\/microsoft\/callback<\/code>. Exact match required, any deviation causes AADSTS50011.<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Logout URL (optional)<\/div><div class=\"field-value\">Microsoft will call this URL when the user signs out from any app in their tenant. Optional for email-only integrations.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"tip-box\"><strong>Common mistake:<\/strong> localhost URIs are allowed during development (<code>http:\/\/localhost:3000\/callback<\/code>) but production URIs must use HTTPS. Register both separately.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>3<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Add Microsoft Graph API Permissions<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">Go to <strong>API permissions<\/strong>. Click <strong>+ Add a permission<\/strong>, select <strong>Microsoft Graph<\/strong>, then <strong>Delegated permissions<\/strong>. Add the scopes your app needs.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Minimum for read<\/div><div class=\"field-value\"><code>Mail.Read<\/code>, <code>offline_access<\/code>, <code>openid<\/code>, <code>profile<\/code><\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">For read + send<\/div><div class=\"field-value\"><code>Mail.ReadWrite<\/code>, <code>Mail.Send<\/code>, <code>offline_access<\/code>, <code>openid<\/code>, <code>profile<\/code><\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">offline_access<\/div><div class=\"field-value\">Critical. Without this scope, Microsoft does not issue a refresh token. Your users will need to re-authenticate every 60-90 minutes.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"tip-box\"><strong>Note:<\/strong> Adding permissions here does not grant them, it declares your intent. The user consents when they complete the OAuth flow. Admin consent is required for some higher-privilege scopes (see section 7).<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>4<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Generate a Client Secret<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">Go to <strong>Certificates and secrets<\/strong>. Click <strong>+ New client secret<\/strong>. Set a description and expiry.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Expiry recommendation<\/div><div class=\"field-value\">730 days (24 months) is the maximum. Set a calendar reminder 60 days before expiry, rotating an expired secret causes immediate auth failures across all users.<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Copy the value immediately<\/div><div class=\"field-value\">The secret value is shown only once. Store it in your secrets manager (e.g., AWS Secrets Manager, HashiCorp Vault, Azure Key Vault). It will never be shown again after you leave this page.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"tip-box\"><strong>Recommended alternative:<\/strong> For production, use a certificate instead of a client secret. Certificates are more secure (asymmetric key), never expire by accident, and are preferred by Microsoft for enterprise-grade apps.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>5<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Copy Your Client ID and Tenant ID<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">From the <strong>Overview<\/strong> page of your app registration, copy two values you will need in every OAuth request:<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Application (client) ID<\/div><div class=\"field-value\">A UUID that uniquely identifies your app registration. Used as the <code>client_id<\/code> parameter in all auth requests.<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Directory (tenant) ID<\/div><div class=\"field-value\">Your organization&#8217;s tenant ID. Used in single-tenant authority URLs. For multi-tenant apps, you use <code>\/common<\/code> instead, but keep this value for admin consent URLs.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>6<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Enable ID Tokens (Optional but Recommended)<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">Back in <strong>Authentication<\/strong>, under <strong>Implicit grant and hybrid flows<\/strong>, you can enable <strong>ID tokens<\/strong>. This lets you receive a JWT with user identity claims (name, email, tenant ID) alongside the access token, useful for onboarding flows where you want to pre-fill user profile data.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"tip-box\"><strong>2026 guidance:<\/strong> For pure auth-code + PKCE flows, ID tokens are returned via the token endpoint, not implicit grant. You do not need to enable implicit grant. Only enable it if you have a legacy SPA that cannot use PKCE.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"step-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"step-num\"><span>7<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div><!-- [et_pb_line_break_holder] -->        <div class=\"step-title\">Optional: Verify Your Publisher Domain<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"step-text\">In <strong>Branding and properties<\/strong>, set your publisher domain to your product&#8217;s domain. This replaces the &#8220;unverified&#8221; label on the consent screen with your domain name. For multi-tenant apps targeting enterprise customers, completing the Microsoft Partner Network verification and becoming a &#8220;verified publisher&#8221; removes the prominent &#8220;This app is not commonly used&#8221; warning.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"field-block\"><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Publisher domain<\/div><div class=\"field-value\">A domain you own and have verified via TXT record or via the App Service domain validation flow.<\/div><\/div><!-- [et_pb_line_break_holder] -->          <div class=\"field-row\"><div class=\"field-label\">Verified publisher<\/div><div class=\"field-value\">Requires Microsoft Partner Network (MPN) ID linked to a verified business identity. Takes 1-5 business days. Significantly improves enterprise customer conversion on consent screens.<\/div><\/div><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"cta-wrapper\"><!-- [et_pb_line_break_holder] -->    <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-inline\"><!-- [et_pb_line_break_holder] -->      <svg viewBox=\"0 0 24 24\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><!-- [et_pb_line_break_holder] -->      <span>Skip the setup: Build with Unipile instead<\/span><!-- [et_pb_line_break_holder] -->    <\/a><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div><!-- [et_pb_line_break_holder] --><\/body><!-- [et_pb_line_break_holder] --><\/html>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-auth-msgraph,<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 60px 24px !important;<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 40px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Desktop table *\/<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .table-wrap {<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper table {<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  border-collapse: collapse !important;<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper thead tr {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper thead th {<!-- [et_pb_line_break_holder] -->  padding: 14px 18px !important;<!-- [et_pb_line_break_holder] -->  text-align: left !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper tbody tr {<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid #f0f1f3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper tbody tr:last-child {<!-- [et_pb_line_break_holder] -->  border-bottom: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper tbody td {<!-- [et_pb_line_break_holder] -->  padding: 16px 18px !important;<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  vertical-align: top !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper tbody td:first-child {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .rec-tag {<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 8px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 5px !important;<!-- [et_pb_line_break_holder] -->  font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  margin-left: 6px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Mobile cards *\/<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-cards {<!-- [et_pb_line_break_holder] -->  display: none !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 14px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card.is-highlighted {<!-- [et_pb_line_break_holder] -->  border-color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  border-width: 2px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-head {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 16px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card.is-highlighted .auth-card-head {<!-- [et_pb_line_break_holder] -->  background: linear-gradient(135deg, #0f2736, #163a4f) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-endpoint {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  word-break: break-all !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-body {<!-- [et_pb_line_break_holder] -->  padding: 14px 16px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 12px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-row {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 4px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-label {<!-- [et_pb_line_break_holder] -->  font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .auth-card-value {<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Token validation note *\/<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .token-note {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  padding: 20px 24px !important;<!-- [et_pb_line_break_holder] -->  margin-top: 24px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: flex-start !important;<!-- [et_pb_line_break_holder] -->  gap: 14px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .token-note svg {<!-- [et_pb_line_break_holder] -->  width: 20px !important;<!-- [et_pb_line_break_holder] -->  height: 20px !important;<!-- [et_pb_line_break_holder] -->  stroke: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  margin-top: 2px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .token-note-text {<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .token-note-text strong {<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-auth-msgraph.auth-wrapper .token-note-text code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 5px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 3px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 50px 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  \/* Hide table, show cards *\/<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .table-wrap {<!-- [et_pb_line_break_holder] -->    display: none !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-cards {<!-- [et_pb_line_break_holder] -->    display: flex !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 40px 12px !important;<!-- [et_pb_line_break_holder] -->    border-radius: 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    padding: 5px 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 24px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.25 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-head {<!-- [et_pb_line_break_holder] -->    padding: 11px 14px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-endpoint {<!-- [et_pb_line_break_holder] -->    font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-body {<!-- [et_pb_line_break_holder] -->    padding: 12px 14px !important;<!-- [et_pb_line_break_holder] -->    gap: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-value {<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note {<!-- [et_pb_line_break_holder] -->    padding: 16px 18px !important;<!-- [et_pb_line_break_holder] -->    gap: 12px !important;<!-- [et_pb_line_break_holder] -->    margin-top: 20px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note-text {<!-- [et_pb_line_break_holder] -->    font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note-text code {<!-- [et_pb_line_break_holder] -->    font-size: 11.5px !important;<!-- [et_pb_line_break_holder] -->    padding: 1px 4px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note svg {<!-- [et_pb_line_break_holder] -->    width: 18px !important;<!-- [et_pb_line_break_holder] -->    height: 18px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .rec-tag {<!-- [et_pb_line_break_holder] -->    margin-left: 0 !important;<!-- [et_pb_line_break_holder] -->    font-size: 10.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 400px) {<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 36px 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 22px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 14.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-head {<!-- [et_pb_line_break_holder] -->    padding: 10px 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-endpoint {<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-body {<!-- [et_pb_line_break_holder] -->    padding: 11px 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .auth-card-value {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note {<!-- [et_pb_line_break_holder] -->    padding: 14px 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note-text {<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-auth-msgraph.auth-wrapper .token-note-text code {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-auth-msgraph\" class=\"auth-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-authority\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Authority Endpoints<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Choosing the Right Microsoft Authority Endpoint<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">The authority URL you use in your OAuth requests determines which types of Microsoft accounts can authenticate and what tokens you receive. Getting this wrong causes silent failures where some users cannot authenticate at all.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <!-- Desktop table --><!-- [et_pb_line_break_holder] -->  <div class=\"table-wrap\"><!-- [et_pb_line_break_holder] -->    <table><!-- [et_pb_line_break_holder] -->      <thead><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <th>Authority URL<\/th><!-- [et_pb_line_break_holder] -->          <th>Accepts<\/th><!-- [et_pb_line_break_holder] -->          <th>Use Case<\/th><!-- [et_pb_line_break_holder] -->          <th>Caveats<\/th><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/thead><!-- [et_pb_line_break_holder] -->      <tbody><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>\/common<span class=\"rec-tag\">Most SaaS<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Both Microsoft Entra (work\/school) and personal Microsoft accounts (Outlook.com, Hotmail, Live)<\/td><!-- [et_pb_line_break_holder] -->          <td>Multi-tenant SaaS serving all Microsoft users. One endpoint handles your entire user base.<\/td><!-- [et_pb_line_break_holder] -->          <td>Tokens are issued by each user&#8217;s home tenant, not yours. Token validation must use tenant-specific issuer or accept multiple issuers. Cannot enforce Conditional Access policies.<\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>\/organizations<\/td><!-- [et_pb_line_break_holder] -->          <td>Microsoft Entra ID accounts only (work\/school). No personal Microsoft accounts.<\/td><!-- [et_pb_line_break_holder] -->          <td>B2B SaaS targeting only enterprise customers, never consumer Outlook.com users.<\/td><!-- [et_pb_line_break_holder] -->          <td>Users with personal Microsoft accounts will receive an error. Simpler token validation (single issuer pattern acceptable).<\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>\/consumers<\/td><!-- [et_pb_line_break_holder] -->          <td>Personal Microsoft accounts only (Outlook.com, Hotmail, Live).<\/td><!-- [et_pb_line_break_holder] -->          <td>Consumer apps targeting personal inboxes. Rare for B2B SaaS.<\/td><!-- [et_pb_line_break_holder] -->          <td>Enterprise Microsoft 365 accounts are rejected. Not useful for SaaS serving business users.<\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>\/{tenant-id}<\/td><!-- [et_pb_line_break_holder] -->          <td>Accounts in a specific Microsoft Entra tenant only.<\/td><!-- [et_pb_line_break_holder] -->          <td>Single-tenant internal tooling (your own company&#8217;s app). Admin consent flows targeting a specific tenant. Also used in the admin consent redirect URL pattern.<\/td><!-- [et_pb_line_break_holder] -->          <td>Every other tenant&#8217;s users are rejected. Only appropriate for internal apps or when deliberately locking to one customer&#8217;s tenant.<\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/tbody><!-- [et_pb_line_break_holder] -->    <\/table><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <!-- Mobile cards --><!-- [et_pb_line_break_holder] -->  <div class=\"auth-cards\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"auth-card is-highlighted\"><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"auth-card-endpoint\">\/common<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"rec-tag\">Most SaaS<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Accepts<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Both Microsoft Entra (work\/school) and personal Microsoft accounts (Outlook.com, Hotmail, Live)<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Use case<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Multi-tenant SaaS serving all Microsoft users. One endpoint handles your entire user base.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Caveats<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Tokens are issued by each user&#8217;s home tenant, not yours. Token validation must use tenant-specific issuer or accept multiple issuers. Cannot enforce Conditional Access policies.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"auth-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"auth-card-endpoint\">\/organizations<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Accepts<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Microsoft Entra ID accounts only (work\/school). No personal Microsoft accounts.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Use case<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">B2B SaaS targeting only enterprise customers, never consumer Outlook.com users.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Caveats<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Users with personal Microsoft accounts will receive an error. Simpler token validation (single issuer pattern acceptable).<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"auth-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"auth-card-endpoint\">\/consumers<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Accepts<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Personal Microsoft accounts only (Outlook.com, Hotmail, Live).<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Use case<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Consumer apps targeting personal inboxes. Rare for B2B SaaS.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Caveats<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Enterprise Microsoft 365 accounts are rejected. Not useful for SaaS serving business users.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"auth-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"auth-card-endpoint\">\/{tenant-id}<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"auth-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Accepts<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Accounts in a specific Microsoft Entra tenant only.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Use case<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Single-tenant internal tooling (your own company&#8217;s app). Admin consent flows targeting a specific tenant. Also used in the admin consent redirect URL pattern.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->        <div class=\"auth-card-row\"><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-label\">Caveats<\/span><!-- [et_pb_line_break_holder] -->          <span class=\"auth-card-value\">Every other tenant&#8217;s users are rejected. Only appropriate for internal apps or when deliberately locking to one customer&#8217;s tenant.<\/span><!-- [et_pb_line_break_holder] -->        <\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"token-note\"><!-- [et_pb_line_break_holder] -->    <svg viewBox=\"0 0 24 24\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"12\"\/><line x1=\"12\" y1=\"16\" x2=\"12.01\" y2=\"16\"\/><\/svg><!-- [et_pb_line_break_holder] -->    <div class=\"token-note-text\"><strong>Token validation note for \/common:<\/strong> When using the <code>\/common<\/code> endpoint, the <code>iss<\/code> (issuer) claim in the JWT will be <code>https:\/\/login.microsoftonline.com\/{tenantId}\/v2.0<\/code> where <code>{tenantId}<\/code> varies per user. Configure your JWT validation library to accept any issuer matching <code>https:\/\/login.microsoftonline.com\/{tenantId}\/v2.0<\/code> rather than a fixed issuer string.<\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph,<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 24px !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(221,223,76,0.18) !important;<!-- [et_pb_line_break_holder] -->  color: #8a8c2e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 40px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Desktop table *\/<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .table-wrap {<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper table {<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  border-collapse: collapse !important;<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper thead tr {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper thead th {<!-- [et_pb_line_break_holder] -->  padding: 14px 18px !important;<!-- [et_pb_line_break_holder] -->  text-align: left !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper tbody tr {<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid #f0f1f3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper tbody tr:last-child {<!-- [et_pb_line_break_holder] -->  border-bottom: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper tbody td {<!-- [et_pb_line_break_holder] -->  padding: 14px 18px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  vertical-align: top !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper tbody td:first-child {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .admin-tag {<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  background: rgba(234,67,53,0.1) !important;<!-- [et_pb_line_break_holder] -->  color: #c0392b !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 7px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 5px !important;<!-- [et_pb_line_break_holder] -->  font-size: 10px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .user-tag {<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 7px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 5px !important;<!-- [et_pb_line_break_holder] -->  font-size: 10px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Mobile cards *\/<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scopes-cards {<!-- [et_pb_line_break_holder] -->  display: none !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 12px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card.is-app {<!-- [et_pb_line_break_holder] -->  border-color: rgba(234,67,53,0.3) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card-head {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 11px 14px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: space-between !important;<!-- [et_pb_line_break_holder] -->  gap: 10px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card.is-app .scope-card-head {<!-- [et_pb_line_break_holder] -->  background: linear-gradient(135deg, #0f2736, #2a1a1a) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card-name {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #79c0ff !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card-body {<!-- [et_pb_line_break_holder] -->  padding: 12px 14px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 10px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card-desc {<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-card-meta {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->  padding-top: 4px !important;<!-- [et_pb_line_break_holder] -->  border-top: 1px dashed #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  margin-top: 2px !important;<!-- [et_pb_line_break_holder] -->  padding-top: 10px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->\/* Scope sets *\/<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-sets {<!-- [et_pb_line_break_holder] -->  display: grid !important;<!-- [et_pb_line_break_holder] -->  grid-template-columns: 1fr 1fr !important;<!-- [et_pb_line_break_holder] -->  gap: 20px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-set {<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  padding: 22px 24px !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-set-title {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 12px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.3 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-set code {<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 6px !important;<!-- [et_pb_line_break_holder] -->  padding: 10px 14px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 8px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  word-break: break-all !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .scope-set-note {<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  color: #718096 !important;<!-- [et_pb_line_break_holder] -->  margin-top: 4px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .cta-inline {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 12px 22px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  font-size: 0.9rem !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  border: 2px solid #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.3s ease !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  margin-top: 32px !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .cta-inline:hover {<!-- [et_pb_line_break_holder] -->  transform: translateY(-5px) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-scopes-msgraph.scopes-wrapper .cta-inline svg {<!-- [et_pb_line_break_holder] -->  width: 16px !important;<!-- [et_pb_line_break_holder] -->  height: 16px !important;<!-- [et_pb_line_break_holder] -->  stroke: currentColor !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2.5 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  \/* Hide table, show cards *\/<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .table-wrap {<!-- [et_pb_line_break_holder] -->    display: none !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scopes-cards {<!-- [et_pb_line_break_holder] -->    display: flex !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  \/* Scope sets stacked *\/<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-sets {<!-- [et_pb_line_break_holder] -->    grid-template-columns: 1fr !important;<!-- [et_pb_line_break_holder] -->    gap: 14px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    padding: 5px 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 24px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.25 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scopes-cards {<!-- [et_pb_line_break_holder] -->    margin-bottom: 24px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-head {<!-- [et_pb_line_break_holder] -->    padding: 10px 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-name {<!-- [et_pb_line_break_holder] -->    font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-body {<!-- [et_pb_line_break_holder] -->    padding: 11px 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-desc {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set {<!-- [et_pb_line_break_holder] -->    padding: 18px 18px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set-title {<!-- [et_pb_line_break_holder] -->    font-size: 14px !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set code {<!-- [et_pb_line_break_holder] -->    font-size: 11.5px !important;<!-- [et_pb_line_break_holder] -->    padding: 9px 12px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set-note {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .cta-inline {<!-- [et_pb_line_break_holder] -->    width: 100% !important;<!-- [et_pb_line_break_holder] -->    justify-content: center !important;<!-- [et_pb_line_break_holder] -->    padding: 13px 20px !important;<!-- [et_pb_line_break_holder] -->    white-space: normal !important;<!-- [et_pb_line_break_holder] -->    text-align: center !important;<!-- [et_pb_line_break_holder] -->    margin-top: 24px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 400px) {<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 22px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 14.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-name {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-card-desc {<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set {<!-- [et_pb_line_break_holder] -->    padding: 16px 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-scopes-msgraph.scopes-wrapper .scope-set code {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-scopes-msgraph\" class=\"scopes-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-scopes\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Mail Scopes<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Microsoft Graph Mail Scopes: Granular Breakdown<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Microsoft Graph uses permission scopes to control what your application can do. Requesting too many scopes increases friction on the consent screen and reduces conversion. Requesting too few causes runtime errors. Here is every Mail scope you need to know.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <!-- Desktop table --><!-- [et_pb_line_break_holder] -->  <div class=\"table-wrap\"><!-- [et_pb_line_break_holder] -->    <table><!-- [et_pb_line_break_holder] -->      <thead><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <th>Scope<\/th><!-- [et_pb_line_break_holder] -->          <th>Type<\/th><!-- [et_pb_line_break_holder] -->          <th>What it enables<\/th><!-- [et_pb_line_break_holder] -->          <th>Admin consent?<\/th><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/thead><!-- [et_pb_line_break_holder] -->      <tbody><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.Read<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read all messages in the authenticated user&#8217;s mailbox. Includes headers, body, attachments. Read-only &#8211; cannot modify or send.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.ReadBasic<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read limited message properties: subject, sender, recipients, date. Cannot read message body or attachments. Useful for lightweight inbox listing without full content access.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.ReadWrite<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read and modify all messages. Includes creating, updating, deleting messages and folders. Superset of Mail.Read &#8211; do not request both.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.Send<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Send emails as the authenticated user. Required even if you also have Mail.ReadWrite &#8211; sending is a separate permission in Microsoft Graph.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.Read.Shared<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read mail in shared mailboxes or other users&#8217; mailboxes that the authenticated user has been granted access to. Not for reading the user&#8217;s own mailbox.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.ReadWrite.Shared<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read and modify mail in shared mailboxes the user has access to.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.Send.Shared<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Send email from shared mailboxes or &#8220;send on behalf of&#8221; another user (if that user has granted access).<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>offline_access<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Instructs Microsoft to issue a refresh token. Without this, you only receive a short-lived access token with no way to renew it. Always required for SaaS applications.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>openid<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Returns an ID token with basic user identity. Required if you want to know who authenticated without making a separate \/me API call.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>profile<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">Delegated<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Adds name and preferred_username claims to the ID token. Usually included with openid.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"user-tag\">User<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.Read (App)<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"admin-tag\">Application<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read all mail in all mailboxes in the tenant without user interaction. Used by daemon services. Requires tenant admin consent.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"admin-tag\">Admin required<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>Mail.ReadWrite (App)<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"admin-tag\">Application<\/span><\/td><!-- [et_pb_line_break_holder] -->          <td>Read and write all mail in all tenant mailboxes. Very broad permission. Only for trusted internal tooling with explicit tenant admin approval.<\/td><!-- [et_pb_line_break_holder] -->          <td><span class=\"admin-tag\">Admin required<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/tbody><!-- [et_pb_line_break_holder] -->    <\/table><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <!-- Mobile cards --><!-- [et_pb_line_break_holder] -->  <div class=\"scopes-cards\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.Read<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read all messages in the authenticated user&#8217;s mailbox. Includes headers, body, attachments. Read-only &#8211; cannot modify or send.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.ReadBasic<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read limited message properties: subject, sender, recipients, date. Cannot read message body or attachments. Useful for lightweight inbox listing without full content access.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.ReadWrite<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read and modify all messages. Includes creating, updating, deleting messages and folders. Superset of Mail.Read &#8211; do not request both.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.Send<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Send emails as the authenticated user. Required even if you also have Mail.ReadWrite &#8211; sending is a separate permission in Microsoft Graph.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.Read.Shared<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read mail in shared mailboxes or other users&#8217; mailboxes that the authenticated user has been granted access to. Not for reading the user&#8217;s own mailbox.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.ReadWrite.Shared<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read and modify mail in shared mailboxes the user has access to.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.Send.Shared<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Send email from shared mailboxes or &#8220;send on behalf of&#8221; another user (if that user has granted access).<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">offline_access<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Instructs Microsoft to issue a refresh token. Without this, you only receive a short-lived access token with no way to renew it. Always required for SaaS applications.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">openid<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Returns an ID token with basic user identity. Required if you want to know who authenticated without making a separate \/me API call.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">profile<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"user-tag\">Delegated<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Adds name and preferred_username claims to the ID token. Usually included with openid.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"user-tag\">User consent<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card is-app\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.Read (App)<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"admin-tag\">Application<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read all mail in all mailboxes in the tenant without user interaction. Used by daemon services. Requires tenant admin consent.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"admin-tag\">Admin required<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"scope-card is-app\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-head\"><!-- [et_pb_line_break_holder] -->        <span class=\"scope-card-name\">Mail.ReadWrite (App)<\/span><!-- [et_pb_line_break_holder] -->        <span class=\"admin-tag\">Application<\/span><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"scope-card-body\"><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-desc\">Read and write all mail in all tenant mailboxes. Very broad permission. Only for trusted internal tooling with explicit tenant admin approval.<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"scope-card-meta\"><span class=\"admin-tag\">Admin required<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"scope-sets\"><!-- [et_pb_line_break_holder] -->    <div class=\"scope-set\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-set-title\">Minimum scope set: inbox reader<\/div><!-- [et_pb_line_break_holder] -->      <code>scope=Mail.Read%20offline_access%20openid%20profile<\/code><!-- [et_pb_line_break_holder] -->      <div class=\"scope-set-note\">Read messages, refresh tokens, user identity. No write or send capability.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"scope-set\"><!-- [et_pb_line_break_holder] -->      <div class=\"scope-set-title\">Standard scope set: full email integration<\/div><!-- [et_pb_line_break_holder] -->      <code>scope=Mail.ReadWrite%20Mail.Send%20offline_access%20openid%20profile<\/code><!-- [et_pb_line_break_holder] -->      <div class=\"scope-set-note\">Read, write, send. The most common set for CRM and sales tool integrations.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <a href=\"https:\/\/www.unipile.com\/email-api-guide\/\" class=\"cta-inline\"><!-- [et_pb_line_break_holder] -->    <svg viewBox=\"0 0 24 24\"><path d=\"M5 12h14\"\/><path d=\"M12 5l7 7-7 7\"\/><\/svg><!-- [et_pb_line_break_holder] -->    <span>See the full Email API guide<\/span><!-- [et_pb_line_break_holder] -->  <\/a><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph,<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 60px 24px !important; background: #f4f5f7 !important; border-radius: 20px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .compare-grid { display: grid !important; grid-template-columns: 1fr 1fr !important; gap: 24px !important; margin-bottom: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-card { background: #ffffff !important; border: 2px solid #e5e7eb !important; border-radius: 16px !important; padding: 28px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-card.highlighted { border-color: #3BB98B !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-header { display: flex !important; align-items: center !important; gap: 12px !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-icon { width: 44px !important; height: 44px !important; border-radius: 12px !important; display: flex !important; align-items: center !important; justify-content: center !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-icon svg { width: 22px !important; height: 22px !important; fill: none !important; stroke-width: 2 !important; stroke-linecap: round !important; stroke-linejoin: round !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-name { font-family: 'Poppins', sans-serif !important; font-size: 17px !important; font-weight: 700 !important; color: #0f2736 !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-sub { font-size: 12px !important; color: #718096 !important; margin-top: 2px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-desc { font-size: 14px !important; color: #383838 !important; line-height: 1.75 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-pros { display: flex !important; flex-direction: column !important; gap: 8px !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .pro-item { display: flex !important; align-items: flex-start !important; gap: 8px !important; font-size: 13.5px !important; color: #383838 !important; line-height: 1.6 !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .perm-verdict { padding: 10px 14px !important; border-radius: 8px !important; font-size: 13px !important; font-weight: 600 !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .verdict-green { background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .verdict-orange { background: rgba(251,188,4,0.12) !important; color: #8a6800 !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .decision-box { background: #0f2736 !important; border-radius: 16px !important; padding: 28px 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .decision-title { font-family: 'Poppins', sans-serif !important; font-size: 18px !important; font-weight: 700 !important; color: #ffffff !important; margin-bottom: 14px !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .decision-text { font-size: 15px !important; color: rgba(255,255,255,0.85) !important; line-height: 1.75 !important; }<!-- [et_pb_line_break_holder] -->#upl-delvapp-msgraph.delvapp-wrapper .decision-text strong { color: #DDDF4C !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) { #upl-delvapp-msgraph.delvapp-wrapper h2 { font-size: 28px !important; } #upl-delvapp-msgraph.delvapp-wrapper .compare-grid { grid-template-columns: 1fr !important; } }<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) { #upl-delvapp-msgraph.delvapp-wrapper h2 { font-size: 26px !important; } #upl-delvapp-msgraph.delvapp-wrapper { padding: 40px 16px !important; } }<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-delvapp-msgraph\" class=\"delvapp-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-delegated\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Permissions Model<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Delegated vs Application Permissions: When Each Applies<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Microsoft Graph uses two fundamentally different permission models. Most SaaS developers default to the wrong one, which leads to unnecessary admin consent requirements and a broken user experience. Here is exactly when to use each.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"compare-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"perm-card highlighted\"><!-- [et_pb_line_break_holder] -->      <div class=\"perm-header\"><!-- [et_pb_line_break_holder] -->        <div class=\"perm-icon\" style=\"background:rgba(59,185,139,0.12)!important;\"><svg viewBox=\"0 0 24 24\" stroke=\"#3BB98B\"><path d=\"M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2\"\/><circle cx=\"12\" cy=\"7\" r=\"4\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->        <div><div class=\"perm-name\">Delegated Permissions<\/div><div class=\"perm-sub\">Act on behalf of the signed-in user<\/div><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-desc\">The app accesses Microsoft Graph using the identity of the authenticated user. The app can only do what the user themselves could do. If the user cannot read a folder, neither can your app.<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-pros\"><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>User consents during OAuth flow &#8211; no admin required for standard scopes<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Access is scoped to each individual user&#8217;s mailbox<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Users can revoke access at any time from their Microsoft account settings<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Respects user-level permissions, role assignments, and mailbox access policies<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-verdict verdict-green\"><span>Use this for SaaS applications where each user authenticates individually<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"perm-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"perm-header\"><!-- [et_pb_line_break_holder] -->        <div class=\"perm-icon\" style=\"background:rgba(251,188,4,0.12)!important;\"><svg viewBox=\"0 0 24 24\" stroke=\"#8a6800\"><rect x=\"2\" y=\"3\" width=\"20\" height=\"14\" rx=\"2\" ry=\"2\"\/><line x1=\"8\" y1=\"21\" x2=\"16\" y2=\"21\"\/><line x1=\"12\" y1=\"17\" x2=\"12\" y2=\"21\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->        <div><div class=\"perm-name\">Application Permissions<\/div><div class=\"perm-sub\">Act as the application itself<\/div><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-desc\">The app accesses Microsoft Graph without any user being present. Used for background services, daemons, and automated workflows. The app authenticates using its own credentials (client credentials flow).<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-pros\"><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#8a6800\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Requires tenant admin consent &#8211; a significant barrier for external users<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#8a6800\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Access is tenant-wide &#8211; can read ALL mailboxes once admin consents<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>No interactive user sign-in required &#8211; works for headless automation<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"pro-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Suitable for internal IT tools where your org&#8217;s admin controls deployment<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"perm-verdict verdict-orange\"><span>Only for internal tooling where your org&#8217;s admin grants full tenant access<\/span><\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"decision-box\"><!-- [et_pb_line_break_holder] -->    <div class=\"decision-title\">The SaaS Decision Rule<\/div><!-- [et_pb_line_break_holder] -->    <div class=\"decision-text\">If you are building a <strong>product used by external customers<\/strong> who sign in individually, use <strong>Delegated permissions<\/strong>. Each customer authenticates with their own Microsoft account, consents to your app&#8217;s scopes, and your app operates <strong>on behalf of<\/strong> that authenticated user. Application permissions require a tenant administrator to pre-approve your app for their entire organization &#8211; a conversion-killing step in a self-serve SaaS funnel. The only exception is if you are building an internal enterprise tool deployed by your own IT team to your own tenant.<\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-consent-msgraph,<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 0 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .info-grid { display: grid !important; grid-template-columns: 1fr 1fr !important; gap: 20px !important; margin-bottom: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .info-card { background: #ffffff !important; border: 1px solid #e5e7eb !important; border-radius: 14px !important; padding: 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .info-card-title { font-family: 'Poppins', sans-serif !important; font-size: 15px !important; font-weight: 700 !important; color: #0f2736 !important; margin-bottom: 12px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .info-card-text { font-size: 14px !important; color: #383838 !important; line-height: 1.75 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .code-wrapper { border-radius: 12px !important; overflow: hidden !important; background: #0d1117 !important; margin-top: 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .editor-bar { background: #161b22 !important; padding: 10px 16px !important; display: flex !important; align-items: center !important; gap: 8px !important; border-bottom: 1px solid rgba(255,255,255,0.06) !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .dot { width: 11px !important; height: 11px !important; border-radius: 50% !important; display: inline-block !important; flex-shrink: 0 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .dot-r { background: #ff5f57 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .dot-y { background: #febc2e !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .dot-g { background: #28c840 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .filename { color: #8b949e !important; font-size: 12px !important; margin-left: 6px !important; font-family: 'Courier New', monospace !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .pre { padding: 18px 22px !important; font-size: 13px !important; line-height: 1.8 !important; overflow-x: auto !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .pre code { font-family: 'Courier New', monospace !important; white-space: pre !important; display: block !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .c { color: #8b949e !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .k { color: #ff7b72 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .s { color: #a5d6ff !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .w { color: #e6edf3 !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .fn { color: #d2a8ff !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .n { color: #79c0ff !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .cta-inline { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: #DDDF4C !important; color: #0f2736 !important; padding: 12px 22px !important; border-radius: 8px !important; font-size: 0.9rem !important; font-weight: 600 !important; border: 2px solid #DDDF4C !important; transition: transform 0.3s ease !important; cursor: pointer !important; text-decoration: none !important; margin-top: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-consent-msgraph.consent-wrapper .cta-inline:hover { transform: translateY(-5px) !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) { #upl-consent-msgraph.consent-wrapper h2 { font-size: 28px !important; } #upl-consent-msgraph.consent-wrapper .info-grid { grid-template-columns: 1fr !important; } }<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) { #upl-consent-msgraph.consent-wrapper h2 { font-size: 26px !important; } }<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-consent-msgraph\" class=\"consent-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-consent\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Admin Consent<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Admin Consent: When It Is Triggered and How to Request It<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Some Microsoft Graph scenarios require a tenant administrator to pre-approve your app before any user in that organization can authenticate. Understanding when admin consent is required &#8211; and how to request it programmatically &#8211; prevents surprise auth failures with enterprise customers.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"info-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"info-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"info-card-title\">When admin consent is required<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"info-card-text\"><!-- [et_pb_line_break_holder] -->        Admin consent is required when:<!\u2013- [et_pb_br_holder] -\u2013><!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        &#8211; You request Application permissions (not Delegated)<!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        &#8211; The tenant has configured &#8220;Admin consent required&#8221; for some or all permissions<!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        &#8211; You request high-privilege Delegated scopes like <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 5px!important;border-radius:3px!important;font-size:12px!important;\">User.Read.All<\/code> or <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 5px!important;border-radius:3px!important;font-size:12px!important;\">Directory.Read.All<\/code><!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        &#8211; The tenant&#8217;s Conditional Access policies restrict user consent<!\u2013- [et_pb_br_holder] -\u2013><!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        Standard mail scopes (Mail.Read, Mail.ReadWrite, Mail.Send) do NOT require admin consent by default. Individual users can consent during the OAuth flow.<!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"info-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"info-card-title\">The \/.default scope trick<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"info-card-text\"><!-- [et_pb_line_break_holder] -->        When requesting admin consent for all your app&#8217;s pre-configured permissions at once, use the <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 5px!important;border-radius:3px!important;font-size:12px!important;\">\/.default<\/code> scope:<!\u2013- [et_pb_br_holder] -\u2013><!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:2px 6px!important;border-radius:4px!important;font-size:12px!important;\">https:\/\/graph.microsoft.com\/.default<\/code><!\u2013- [et_pb_br_holder] -\u2013><!\u2013- [et_pb_br_holder] -\u2013><!-- [et_pb_line_break_holder] -->        This tells Microsoft to request consent for all permissions currently configured in your app registration, rather than enumerating them individually. Useful for admin consent flows and client credentials authentication.<!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">admin_consent_url.py<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"c\"># Admin consent URL pattern<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># Send this URL to the tenant admin (via email or in-app prompt)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"w\">TENANT_ID <\/span><span class=\"k\">=<\/span><span class=\"w\"> <\/span><span class=\"s\">\"your-tenant-id\"<\/span><span class=\"w\">  <\/span><span class=\"c\"># Or \"common\" for multi-tenant<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">CLIENT_ID <\/span><span class=\"k\">=<\/span><span class=\"w\"> <\/span><span class=\"s\">\"your-client-id\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">REDIRECT_URI <\/span><span class=\"k\">=<\/span><span class=\"w\"> <\/span><span class=\"s\">\"https:\/\/app.yourproduct.com\/auth\/microsoft\/admincallback\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"w\">admin_consent_url <\/span><span class=\"k\">=<\/span><span class=\"w\"> (<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"https:\/\/login.microsoftonline.com\/{TENANT_ID}\/adminconsent\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"?client_id={CLIENT_ID}\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"&redirect_uri={REDIRECT_URI}\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"&state=your_state_value\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># On success, Microsoft redirects to redirect_uri with:<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># ?admin_consent=True&tenant=tenant-id&state=your_state_value<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># On failure (admin declined): ?error=access_denied&...<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div style=\"background:#f4f5f7!important;border-radius:14px!important;padding:22px 24px!important;margin-top:24px!important;\"><!-- [et_pb_line_break_holder] -->    <div style=\"font-family:'Poppins',sans-serif!important;font-size:15px!important;font-weight:700!important;color:#0f2736!important;margin-bottom:10px!important;\">Enterprise onboarding best practice<\/div><!-- [et_pb_line_break_holder] -->    <div style=\"font-size:14px!important;color:#383838!important;line-height:1.75!important;\">For enterprise customers where admin consent is required, send a dedicated admin consent URL to the IT admin during onboarding &#8211; separate from the user-facing OAuth flow. Include clear context about which permissions are requested and why. Many enterprise IT teams have a review process that takes 1-5 business days. Build this latency into your onboarding flow rather than blocking end users on it.<\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-inline\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><span>Build your Microsoft OAuth flow with Unipile<\/span><\/a><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; sticky_enabled=&#8221;0&#8243; background_color=&#8221;RGBA(255,255,255,0)&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph,<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper {<!-- [et_pb_line_break_holder] -->  max-width: 1100px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 0 24px !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(221,223,76,0.18) !important;<!-- [et_pb_line_break_holder] -->  color: #8a8c2e !important;<!-- [et_pb_line_break_holder] -->  padding: 6px 14px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->  font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 48px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .step-label {<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.5px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 8px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .step-title {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 18px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 10px !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .step-text {<!-- [et_pb_line_break_holder] -->  font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.75 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .step-text code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  padding: 1px 5px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 3px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .code-wrapper {<!-- [et_pb_line_break_holder] -->  border-radius: 12px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->  background: #0d1117 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 40px !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  max-width: 100% !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .code-wrapper.is-tight {<!-- [et_pb_line_break_holder] -->  margin-top: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .editor-bar {<!-- [et_pb_line_break_holder] -->  background: #161b22 !important;<!-- [et_pb_line_break_holder] -->  padding: 10px 16px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid rgba(255,255,255,0.06) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .dot {<!-- [et_pb_line_break_holder] -->  width: 11px !important;<!-- [et_pb_line_break_holder] -->  height: 11px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 50% !important;<!-- [et_pb_line_break_holder] -->  display: inline-block !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .dot-r { background: #ff5f57 !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .dot-y { background: #febc2e !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .dot-g { background: #28c840 !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .filename {<!-- [et_pb_line_break_holder] -->  color: #8b949e !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  margin-left: 6px !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .pre {<!-- [et_pb_line_break_holder] -->  padding: 18px 22px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.8 !important;<!-- [et_pb_line_break_holder] -->  overflow-x: auto !important;<!-- [et_pb_line_break_holder] -->  -webkit-overflow-scrolling: touch !important;<!-- [et_pb_line_break_holder] -->  max-width: 100% !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .pre code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  white-space: pre !important;<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->  background: transparent !important;<!-- [et_pb_line_break_holder] -->  color: inherit !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .c { color: #8b949e !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .k { color: #ff7b72 !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .s { color: #a5d6ff !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .w { color: #e6edf3 !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .fn { color: #d2a8ff !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .n { color: #79c0ff !important; }<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .editor-ok {<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.1) !important;<!-- [et_pb_line_break_holder] -->  border-top: 1px solid rgba(59,185,139,0.25) !important;<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  padding: 11px 24px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 8px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .editor-ok svg {<!-- [et_pb_line_break_holder] -->  width: 12px !important;<!-- [et_pb_line_break_holder] -->  height: 12px !important;<!-- [et_pb_line_break_holder] -->  stroke: currentColor !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2.5 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .params-box {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border-radius: 10px !important;<!-- [et_pb_line_break_holder] -->  padding: 16px 20px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .param-row {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  gap: 12px !important;<!-- [et_pb_line_break_holder] -->  padding: 7px 0 !important;<!-- [et_pb_line_break_holder] -->  border-bottom: 1px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  align-items: flex-start !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .param-row:last-child {<!-- [et_pb_line_break_holder] -->  border-bottom: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .param-key {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  min-width: 180px !important;<!-- [et_pb_line_break_holder] -->  padding-top: 2px !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .param-val {<!-- [et_pb_line_break_holder] -->  font-size: 13px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.6 !important;<!-- [et_pb_line_break_holder] -->  min-width: 0 !important;<!-- [et_pb_line_break_holder] -->  flex: 1 !important;<!-- [et_pb_line_break_holder] -->  word-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->  overflow-wrap: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .param-val code {<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  background: rgba(0,120,212,0.08) !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->  padding: 1px 5px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 3px !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  word-break: break-word !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-pkce-msgraph.pkce-wrapper .divider {<!-- [et_pb_line_break_holder] -->  border-top: 2px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  margin: 40px 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 36px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-title {<!-- [et_pb_line_break_holder] -->    font-size: 17px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .pre {<!-- [et_pb_line_break_holder] -->    padding: 16px 18px !important;<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-key {<!-- [et_pb_line_break_holder] -->    min-width: 150px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .section-eyebrow {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    padding: 5px 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 24px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.25 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-label {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-title {<!-- [et_pb_line_break_holder] -->    font-size: 16px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.3 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-text {<!-- [et_pb_line_break_holder] -->    font-size: 14px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.65 !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 14px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-text code {<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  \/* Code blocks compacted *\/<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .code-wrapper {<!-- [et_pb_line_break_holder] -->    border-radius: 10px !important;<!-- [et_pb_line_break_holder] -->    margin-bottom: 28px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .editor-bar {<!-- [et_pb_line_break_holder] -->    padding: 9px 13px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .filename {<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .pre {<!-- [et_pb_line_break_holder] -->    padding: 13px 14px !important;<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->    line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .editor-ok {<!-- [et_pb_line_break_holder] -->    padding: 9px 14px !important;<!-- [et_pb_line_break_holder] -->    font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  \/* Params box: stack label above value *\/<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .params-box {<!-- [et_pb_line_break_holder] -->    padding: 14px 16px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-row {<!-- [et_pb_line_break_holder] -->    flex-direction: column !important;<!-- [et_pb_line_break_holder] -->    gap: 4px !important;<!-- [et_pb_line_break_holder] -->    padding: 9px 0 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-key {<!-- [et_pb_line_break_holder] -->    min-width: 0 !important;<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->    padding-top: 0 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-val {<!-- [et_pb_line_break_holder] -->    font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-val code {<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .divider {<!-- [et_pb_line_break_holder] -->    margin: 30px 0 !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 400px) {<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper {<!-- [et_pb_line_break_holder] -->    padding: 0 10px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper h2 {<!-- [et_pb_line_break_holder] -->    font-size: 22px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .section-desc {<!-- [et_pb_line_break_holder] -->    font-size: 14.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-title {<!-- [et_pb_line_break_holder] -->    font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .step-text {<!-- [et_pb_line_break_holder] -->    font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .pre {<!-- [et_pb_line_break_holder] -->    padding: 12px 12px !important;<!-- [et_pb_line_break_holder] -->    font-size: 10.5px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .params-box {<!-- [et_pb_line_break_holder] -->    padding: 12px 14px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  #upl-pkce-msgraph.pkce-wrapper .param-val {<!-- [et_pb_line_break_holder] -->    font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-pkce-msgraph\" class=\"pkce-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-pkce\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Full Walkthrough<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Auth Code + PKCE: Step-by-Step Curl Examples<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Here is the complete Microsoft Graph OAuth 2.0 Authorization Code flow with PKCE, from generating the code verifier to exchanging tokens. These are production-grade examples you can adapt directly to your stack.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"step-label\"><span>Step 1 of 4 &#8211; Generate PKCE Parameters<\/span><\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-title\">Generate code_verifier and code_challenge<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-text\">PKCE works by generating a random secret (code_verifier), then a SHA-256 hash of it (code_challenge). You send the challenge in step 2, and the verifier in step 4. Microsoft verifies they match, preventing code interception.<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">pkce_generate.py<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"k\">import<\/span><span class=\"w\"> os, base64, hashlib<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># 1. Generate code_verifier (43-128 chars, URL-safe base64)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">code_verifier <\/span><span class=\"k\">=<\/span><span class=\"w\"> base64.<\/span><span class=\"fn\">urlsafe_b64encode<\/span><span class=\"w\">(<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    os.<\/span><span class=\"fn\">urandom<\/span><span class=\"w\">(<\/span><span class=\"n\">32<\/span><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">).<\/span><span class=\"fn\">decode<\/span><span class=\"w\">(<\/span><span class=\"s\">'utf-8'<\/span><span class=\"w\">).<\/span><span class=\"fn\">rstrip<\/span><span class=\"w\">(<\/span><span class=\"s\">'='<\/span><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># 2. Generate code_challenge = BASE64URL(SHA256(code_verifier))<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">code_challenge <\/span><span class=\"k\">=<\/span><span class=\"w\"> base64.<\/span><span class=\"fn\">urlsafe_b64encode<\/span><span class=\"w\">(<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    hashlib.<\/span><span class=\"fn\">sha256<\/span><span class=\"w\">(code_verifier.<\/span><span class=\"fn\">encode<\/span><span class=\"w\">(<\/span><span class=\"s\">'utf-8'<\/span><span class=\"w\">)).<\/span><span class=\"fn\">digest<\/span><span class=\"w\">()<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">).<\/span><span class=\"fn\">decode<\/span><span class=\"w\">(<\/span><span class=\"s\">'utf-8'<\/span><span class=\"w\">).<\/span><span class=\"fn\">rstrip<\/span><span class=\"w\">(<\/span><span class=\"s\">'='<\/span><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Store code_verifier in session - you need it in step 4<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># Send code_challenge in the authorization URL<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"step-label\"><span>Step 2 of 4 &#8211; Authorization Request<\/span><\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-title\">Build the \/authorize URL and redirect the user<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-text\">Redirect the user&#8217;s browser to Microsoft&#8217;s authorization endpoint. The user sees Microsoft&#8217;s login page, authenticates, and consents to your app&#8217;s scopes. Microsoft then redirects back to your redirect_uri with an authorization code.<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"params-box\"><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">client_id<\/div><div class=\"param-val\">Your Application (client) ID from Entra app registration<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">response_type<\/div><div class=\"param-val\"><code>code<\/code> &#8211; requests an authorization code<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">redirect_uri<\/div><div class=\"param-val\">Must exactly match a URI registered in your Entra app. URL-encoded.<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">scope<\/div><div class=\"param-val\">Space-separated list. Always include <code>offline_access<\/code> for refresh tokens.<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">state<\/div><div class=\"param-val\">Opaque value you generate. Returned unchanged in the callback. Use it to prevent CSRF and restore UI state.<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">code_challenge<\/div><div class=\"param-val\">The BASE64URL(SHA256(code_verifier)) value from step 1.<\/div><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"param-row\"><div class=\"param-key\">code_challenge_method<\/div><div class=\"param-val\"><code>S256<\/code> &#8211; always use SHA-256, never plain<\/div><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">authorize_url.sh<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"c\"># Build the authorization URL (format for readability)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">AUTH_URL<\/span><span class=\"k\">=<\/span><span class=\"s\">\"https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/authorize<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  ?client_id=YOUR_CLIENT_ID<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &response_type=code<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &redirect_uri=https%3A%2F%2Fapp.com%2Fauth%2Fms%2Fcb<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &scope=Mail.ReadWrite%20Mail.Send%20offline_access<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &state=RANDOM_STATE_VALUE<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &code_challenge=YOUR_CODE_CHALLENGE<\/span><!-- [et_pb_line_break_holder] --><span class=\"s\">  &code_challenge_method=S256\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Redirect the user to $AUTH_URL<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># Microsoft handles login, MFA, consent screen<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># On success: redirect_uri?code=AUTH_CODE&state=...<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"step-label\"><span>Step 3 of 4 &#8211; Handle the Callback<\/span><\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-title\">Receive the authorization code at your redirect_uri<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-text\">Microsoft redirects to your redirect_uri with a <code>code<\/code> query parameter. Validate the <code>state<\/code> parameter matches what you sent. The code expires in 10 minutes &#8211; exchange it immediately in step 4.<\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"divider\"><\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"step-label\"><span>Step 4 of 4 &#8211; Token Exchange<\/span><\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-title\">Exchange the authorization code for access + refresh tokens<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"step-text\">POST to the token endpoint with the code and your code_verifier. Microsoft returns an access token (valid for ~60-90 minutes) and a refresh token (long-lived). Store both securely.<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">token_exchange.sh<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"c\"># Exchange authorization code for tokens<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">curl -<\/span><span class=\"fn\">X<\/span><span class=\"w\"> POST <\/span><span class=\"s\">\"https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/token\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -H <\/span><span class=\"s\">\"Content-Type: application\/x-www-form-urlencoded\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"client_id=YOUR_CLIENT_ID\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"client_secret=YOUR_CLIENT_SECRET\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"grant_type=authorization_code\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"code=AUTH_CODE_FROM_CALLBACK\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"redirect_uri=https:\/\/app.com\/auth\/ms\/cb\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"code_verifier=YOUR_CODE_VERIFIER\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"scope=Mail.ReadWrite Mail.Send offline_access\"<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"editor-ok\"><!-- [et_pb_line_break_holder] -->      <svg viewBox=\"0 0 24 24\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><!-- [et_pb_line_break_holder] -->      <span>Returns: access_token, refresh_token, expires_in, scope<\/span><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper is-tight\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">token_response.json<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"w\">{<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"token_type\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"Bearer\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"scope\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"Mail.ReadWrite Mail.Send offline_access\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"expires_in\"<\/span><span class=\"w\">: <\/span><span class=\"n\">3600<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"access_token\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"eyJ0eXAiOiJKV1Qi...\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"refresh_token\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"0.ARoAi7W...\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  <\/span><span class=\"s\">\"id_token\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"eyJ0eXAi...\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">}<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph,<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 60px 24px !important; background: #f4f5f7 !important; border-radius: 20px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .caveat-grid { display: grid !important; grid-template-columns: 1fr 1fr !important; gap: 20px !important; margin-bottom: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .caveat-card { background: #ffffff !important; border: 1px solid #e5e7eb !important; border-radius: 14px !important; padding: 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .caveat-title { font-family: 'Poppins', sans-serif !important; font-size: 15px !important; font-weight: 700 !important; color: #0f2736 !important; margin-bottom: 10px !important; display: flex !important; align-items: center !important; gap: 8px !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .caveat-title svg { width: 18px !important; height: 18px !important; flex-shrink: 0 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .caveat-text { font-size: 14px !important; color: #383838 !important; line-height: 1.75 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .code-wrapper { border-radius: 12px !important; overflow: hidden !important; background: #0d1117 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .editor-bar { background: #161b22 !important; padding: 10px 16px !important; display: flex !important; align-items: center !important; gap: 8px !important; border-bottom: 1px solid rgba(255,255,255,0.06) !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .dot { width: 11px !important; height: 11px !important; border-radius: 50% !important; display: inline-block !important; flex-shrink: 0 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .dot-r { background: #ff5f57 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .dot-y { background: #febc2e !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .dot-g { background: #28c840 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .filename { color: #8b949e !important; font-size: 12px !important; margin-left: 6px !important; font-family: 'Courier New', monospace !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .pre { padding: 18px 22px !important; font-size: 13px !important; line-height: 1.8 !important; overflow-x: auto !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .pre code { font-family: 'Courier New', monospace !important; white-space: pre !important; display: block !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .c { color: #8b949e !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .k { color: #ff7b72 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .s { color: #a5d6ff !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .w { color: #e6edf3 !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .fn { color: #d2a8ff !important; }<!-- [et_pb_line_break_holder] -->#upl-refresh-msgraph.refresh-wrapper .n { color: #79c0ff !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) { #upl-refresh-msgraph.refresh-wrapper h2 { font-size: 28px !important; } #upl-refresh-msgraph.refresh-wrapper .caveat-grid { grid-template-columns: 1fr !important; } }<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) { #upl-refresh-msgraph.refresh-wrapper h2 { font-size: 26px !important; } #upl-refresh-msgraph.refresh-wrapper { padding: 40px 16px !important; } }<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-refresh-msgraph\" class=\"refresh-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-refresh\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Token Lifecycle<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Refresh Token Handling: Rotation, Expiry, and Conditional Access<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Microsoft Graph refresh tokens are long-lived but not permanent. Several conditions can invalidate them silently. Understanding these edge cases is what separates a production-grade Microsoft OAuth integration from one that breaks randomly for enterprise users.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"caveat-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"caveat-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-title\"><svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#8a6800\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><line x1=\"12\" y1=\"8\" x2=\"12\" y2=\"12\"\/><line x1=\"12\" y1=\"16\" x2=\"12.01\" y2=\"16\"\/><\/svg><span>90-day inactivity expiry<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-text\">Microsoft refresh tokens expire after 90 days of inactivity. If a user does not use your app for 90 days, their refresh token becomes invalid and they must re-authenticate. There is no way to extend this without user interaction. Always handle <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">invalid_grant<\/code> errors gracefully and prompt re-auth.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"caveat-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-title\"><svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z\"\/><line x1=\"12\" y1=\"9\" x2=\"12\" y2=\"13\"\/><line x1=\"12\" y1=\"17\" x2=\"12.01\" y2=\"17\"\/><\/svg><span>Conditional Access policy changes<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-text\">Enterprise tenants use Conditional Access policies (MFA requirements, device compliance, location restrictions). If a policy changes after a user authenticated, their refresh token may be invalidated on the next use. This is a customer-side decision &#8211; you cannot control or predict it. Always propagate auth errors back to users with a clear re-auth prompt.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"caveat-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-title\"><svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"1 4 1 10 7 10\"\/><path d=\"M3.51 15a9 9 0 1 0 .49-3.1\"\/><\/svg><span>Refresh token rotation<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-text\">When you use a refresh token to get a new access token, Microsoft may issue a new refresh token. Always save the new refresh token from the response, replacing the old one. If you keep using the old refresh token after it has been rotated, you will eventually hit an <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">invalid_grant<\/code> error.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"caveat-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-title\"><svg viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#0078d4\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><rect x=\"3\" y=\"11\" width=\"18\" height=\"11\" rx=\"2\" ry=\"2\"\/><path d=\"M7 11V7a5 5 0 0 1 10 0v4\"\/><\/svg><span>Admin revocation<\/span><\/div><!-- [et_pb_line_break_holder] -->      <div class=\"caveat-text\">A tenant admin can revoke all refresh tokens for a user or the entire organization at any time (e.g., when an employee leaves, or during a security incident). Your app receives <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">invalid_grant<\/code>. This is expected behavior &#8211; handle it by marking the linked account as needing re-authorization.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">refresh_token.sh<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"c\"># Refresh the access token using the stored refresh token<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">curl -<\/span><span class=\"fn\">X<\/span><span class=\"w\"> POST <\/span><span class=\"s\">\"https:\/\/login.microsoftonline.com\/common\/oauth2\/v2.0\/token\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -H <\/span><span class=\"s\">\"Content-Type: application\/x-www-form-urlencoded\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"client_id=YOUR_CLIENT_ID\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"client_secret=YOUR_CLIENT_SECRET\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"grant_type=refresh_token\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"refresh_token=STORED_REFRESH_TOKEN\"<\/span><span class=\"w\"> \\<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">  -d <\/span><span class=\"s\">\"scope=Mail.ReadWrite Mail.Send offline_access\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># ALWAYS check for a new refresh_token in the response.<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># If present, replace the stored one immediately.<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># If you get invalid_grant, prompt the user to re-authenticate.<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-errors-msgraph,<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 0 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(234,67,53,0.1) !important; color: #c0392b !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .table-wrap { overflow-x: auto !important; border-radius: 12px !important; border: 1px solid #e5e7eb !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper table { width: 100% !important; border-collapse: collapse !important; background: #ffffff !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper thead tr { background: #0f2736 !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper thead th { padding: 14px 18px !important; text-align: left !important; font-size: 12px !important; font-weight: 700 !important; color: #ffffff !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; white-space: nowrap !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper tbody tr { border-bottom: 1px solid #f0f1f3 !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper tbody tr:last-child { border-bottom: none !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper tbody td { padding: 16px 18px !important; font-size: 13.5px !important; color: #383838 !important; vertical-align: top !important; line-height: 1.6 !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper tbody td:first-child { font-family: 'Courier New', monospace !important; font-size: 12.5px !important; color: #c0392b !important; font-weight: 700 !important; white-space: nowrap !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .fix-tag { display: inline-block !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 2px 8px !important; border-radius: 5px !important; font-size: 11px !important; font-weight: 600 !important; margin-top: 6px !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .cta-strip { margin-top: 40px !important; display: flex !important; justify-content: center !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .cta-primary { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: #DDDF4C !important; color: #0f2736 !important; padding: 14px 28px !important; border-radius: 8px !important; font-size: 0.95rem !important; font-weight: 600 !important; border: 2px solid #DDDF4C !important; transition: transform 0.3s ease !important; cursor: pointer !important; text-decoration: none !important; }<!-- [et_pb_line_break_holder] -->#upl-errors-msgraph.errors-wrapper .cta-primary:hover { transform: translateY(-5px) !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) { #upl-errors-msgraph.errors-wrapper h2 { font-size: 28px !important; } }<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) { #upl-errors-msgraph.errors-wrapper h2 { font-size: 26px !important; } }<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-errors-msgraph\" class=\"errors-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-errors\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>Troubleshooting<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Common AADSTS Errors Decoded<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Microsoft Graph OAuth errors follow a consistent AADSTS error code pattern. These are the most common ones you will encounter during development and production, with exact root causes and fixes.<\/pee><!-- [et_pb_line_break_holder] -->  <div class=\"table-wrap\"><!-- [et_pb_line_break_holder] -->    <table><!-- [et_pb_line_break_holder] -->      <thead><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <th>Error Code<\/th><!-- [et_pb_line_break_holder] -->          <th>What it means<\/th><!-- [et_pb_line_break_holder] -->          <th>Root cause and fix<\/th><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/thead><!-- [et_pb_line_break_holder] -->      <tbody><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS65001<\/td><!-- [et_pb_line_break_holder] -->          <td>Consent has not been granted for one or more of the requested scopes<\/td><!-- [et_pb_line_break_holder] -->          <td>The user has not consented to your app&#8217;s scopes, or a tenant admin has blocked user consent for your app. Fix: Include <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">prompt=consent<\/code> in your authorization URL to force a fresh consent screen, or send the admin consent URL to the tenant admin.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Add prompt=consent or request admin consent<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS50011<\/td><!-- [et_pb_line_break_holder] -->          <td>Redirect URI mismatch<\/td><!-- [et_pb_line_break_holder] -->          <td>The <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">redirect_uri<\/code> in your request does not exactly match any registered redirect URI in your Entra app registration. Even a trailing slash difference causes this. Fix: Copy the exact URI from your Entra app registration and use it verbatim.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Fix: exact URI match in Entra app registration<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS700016<\/td><!-- [et_pb_line_break_holder] -->          <td>Application not found in tenant<\/td><!-- [et_pb_line_break_holder] -->          <td>The <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">client_id<\/code> does not exist in the tenant being authenticated against. Common when using a tenant-specific authority (<code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">\/{tenant-id}<\/code>) for a multi-tenant app. Fix: Use <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">\/common<\/code> or <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">\/organizations<\/code> authority for multi-tenant apps.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Fix: switch to \/common or \/organizations authority<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS90099<\/td><!-- [et_pb_line_break_holder] -->          <td>Application has not been authorized in this tenant (consent_required)<\/td><!-- [et_pb_line_break_holder] -->          <td>The app exists but has not been consented to in the user&#8217;s tenant. Differs from AADSTS65001 in that the entire app is blocked, not just specific scopes. Fix: Send the admin consent URL to the customer&#8217;s IT admin.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Fix: admin consent URL to customer tenant admin<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS70011<\/td><!-- [et_pb_line_break_holder] -->          <td>Provided grant is invalid or expired<\/td><!-- [et_pb_line_break_holder] -->          <td>The refresh token or authorization code has expired or been revoked. Authorization codes expire in 10 minutes. Refresh tokens expire after 90 days of inactivity or admin revocation. Fix: Prompt user to re-authenticate from the beginning of the OAuth flow.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Fix: prompt full re-authentication<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS50076<\/td><!-- [et_pb_line_break_holder] -->          <td>MFA is required by Conditional Access policy<\/td><!-- [et_pb_line_break_holder] -->          <td>The user&#8217;s tenant requires multi-factor authentication for your app. This is a customer-side decision enforced by the tenant admin. Your app cannot bypass it. The user needs to complete MFA. If using the auth code flow, Microsoft will show the MFA prompt automatically in the browser. Issues arise in automated flows (client credentials) that cannot complete MFA.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Expected: user must complete MFA<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS50020<\/td><!-- [et_pb_line_break_holder] -->          <td>User account from external identity provider does not exist in tenant<\/td><!-- [et_pb_line_break_holder] -->          <td>The user is trying to authenticate with a personal Microsoft account into a tenant that only allows organizational accounts, or vice versa. Fix: Check your authority endpoint &#8211; if using <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">\/organizations<\/code>, personal accounts cannot authenticate. Switch to <code style=\"font-family:'Courier New',monospace!important;background:#f4f5f7!important;color:#0078d4!important;padding:1px 4px!important;border-radius:3px!important;font-size:12px!important;\">\/common<\/code> if you need both.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Fix: switch authority to \/common<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->        <tr><!-- [et_pb_line_break_holder] -->          <td>AADSTS53003<\/td><!-- [et_pb_line_break_holder] -->          <td>Access blocked by Conditional Access policy<\/td><!-- [et_pb_line_break_holder] -->          <td>The tenant&#8217;s Conditional Access policy has blocked this authentication attempt entirely (e.g., blocked country, unmanaged device, blocked app). This is a customer-side decision. You cannot override it. Surface the error to the user and advise them to contact their IT admin.<!\u2013- [et_pb_br_holder] -\u2013><span class=\"fix-tag\">Customer-side: advise user to contact IT admin<\/span><\/td><!-- [et_pb_line_break_holder] -->        <\/tr><!-- [et_pb_line_break_holder] -->      <\/tbody><!-- [et_pb_line_break_holder] -->    <\/table><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] -->  <div class=\"cta-strip\"><!-- [et_pb_line_break_holder] -->    <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-primary\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><span>Let Unipile handle all of this for you<\/span><\/a><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.0&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; background_color=&#8221;RGBA(255,255,255,0)&#8221; sticky_enabled=&#8221;0&#8243;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph,<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important; padding: 0 !important; box-sizing: border-box !important; border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important; font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important; letter-spacing: normal !important; text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important; list-style: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper { max-width: 1100px !important; margin: 0 auto !important; padding: 0 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .section-eyebrow { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: rgba(59,185,139,0.12) !important; color: #2aaa7e !important; padding: 6px 14px !important; border-radius: 20px !important; font-size: 12px !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; margin-bottom: 16px !important; width: fit-content !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper h2 { font-family: 'Poppins', sans-serif !important; font-size: 35px !important; font-weight: 700 !important; color: #0f2736 !important; line-height: 1.2 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .section-desc { font-size: 17px !important; color: #383838 !important; line-height: 1.8 !important; margin-bottom: 48px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-grid { display: grid !important; grid-template-columns: 1fr 1fr !important; gap: 24px !important; margin-bottom: 48px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card { border-radius: 16px !important; padding: 28px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.diy { background: #ffffff !important; border: 1px solid #e5e7eb !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.unipile { background: #0f2736 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-title { font-family: 'Poppins', sans-serif !important; font-size: 16px !important; font-weight: 700 !important; margin-bottom: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.diy .contrast-title { color: #0f2736 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.unipile .contrast-title { color: #DDDF4C !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-list { display: flex !important; flex-direction: column !important; gap: 9px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-item { display: flex !important; align-items: flex-start !important; gap: 9px !important; font-size: 14px !important; line-height: 1.6 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.diy .contrast-item { color: #383838 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .contrast-card.unipile .contrast-item { color: rgba(255,255,255,0.85) !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .code-section-title { font-family: 'Poppins', sans-serif !important; font-size: 22px !important; font-weight: 700 !important; color: #0f2736 !important; margin-bottom: 10px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .code-section-desc { font-size: 15px !important; color: #383838 !important; line-height: 1.7 !important; margin-bottom: 24px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .code-wrapper { border-radius: 14px !important; overflow: hidden !important; background: #0d1117 !important; margin-bottom: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .editor-bar { background: #161b22 !important; padding: 12px 18px !important; display: flex !important; align-items: center !important; gap: 8px !important; border-bottom: 1px solid rgba(255,255,255,0.06) !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .dot { width: 12px !important; height: 12px !important; border-radius: 50% !important; display: inline-block !important; flex-shrink: 0 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .dot-r { background: #ff5f57 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .dot-y { background: #febc2e !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .dot-g { background: #28c840 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .filename { color: #8b949e !important; font-size: 13px !important; margin-left: 6px !important; font-family: 'Courier New', monospace !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .pre { padding: 22px 24px !important; font-size: 13.5px !important; line-height: 1.8 !important; overflow-x: auto !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .pre code { font-family: 'Courier New', monospace !important; white-space: pre !important; display: block !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .c { color: #8b949e !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .k { color: #ff7b72 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .s { color: #a5d6ff !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .w { color: #e6edf3 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .fn { color: #d2a8ff !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .n { color: #79c0ff !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .editor-ok { background: rgba(59,185,139,0.1) !important; border-top: 1px solid rgba(59,185,139,0.25) !important; color: #3BB98B !important; padding: 11px 24px !important; font-size: 12px !important; font-family: 'Courier New', monospace !important; display: flex !important; align-items: center !important; gap: 8px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .features-grid { display: grid !important; grid-template-columns: repeat(3, 1fr) !important; gap: 16px !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .feature-card { background: #ffffff !important; border-radius: 12px !important; padding: 20px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .feature-title { font-family: 'Poppins', sans-serif !important; font-size: 14px !important; font-weight: 700 !important; color: #0f2736 !important; margin-bottom: 8px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .feature-text { font-size: 13px !important; color: #383838 !important; line-height: 1.65 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-it-works { background: #0f2736 !important; border-radius: 16px !important; padding: 32px !important; margin-bottom: 40px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-title { font-family: 'Poppins', sans-serif !important; font-size: 20px !important; font-weight: 700 !important; color: #ffffff !important; margin-bottom: 8px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-desc { font-size: 15px !important; color: rgba(255,255,255,0.8) !important; line-height: 1.7 !important; margin-bottom: 20px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-steps { display: flex !important; flex-direction: column !important; gap: 12px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-step { display: flex !important; align-items: flex-start !important; gap: 12px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-step-num { width: 26px !important; height: 26px !important; min-width: 26px !important; border-radius: 50% !important; background: rgba(221,223,76,0.2) !important; color: #DDDF4C !important; display: flex !important; align-items: center !important; justify-content: center !important; font-size: 12px !important; font-weight: 700 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .how-step-text { font-size: 14px !important; color: rgba(255,255,255,0.85) !important; line-height: 1.6 !important; padding-top: 3px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .compliance-block { background: #ffffff !important; border: 1px solid #e5e7eb !important; border-left: 4px solid #3BB98B !important; border-radius: 12px !important; padding: 22px 24px !important; margin-bottom: 32px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .compliance-title { font-size: 14px !important; font-weight: 700 !important; color: #2aaa7e !important; margin-bottom: 8px !important; text-transform: uppercase !important; letter-spacing: 0.5px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .compliance-text { font-size: 14px !important; color: #383838 !important; line-height: 1.75 !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .cta-actions { display: flex !important; align-items: center !important; gap: 14px !important; flex-wrap: wrap !important; margin-top: 16px !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .cta-primary { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: #DDDF4C !important; color: #0f2736 !important; padding: 14px 28px !important; border-radius: 8px !important; font-size: 0.95rem !important; font-weight: 600 !important; border: 2px solid #DDDF4C !important; transition: transform 0.3s ease !important; cursor: pointer !important; text-decoration: none !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .cta-primary:hover { transform: translateY(-5px) !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .cta-secondary { display: inline-flex !important; align-items: center !important; gap: 8px !important; background: transparent !important; color: #0f2736 !important; padding: 12px 24px !important; border-radius: 8px !important; border: 2px solid #0f2736 !important; font-size: 0.95rem !important; font-weight: 600 !important; transition: all 0.3s ease !important; cursor: pointer !important; text-decoration: none !important; }<!-- [et_pb_line_break_holder] -->#upl-unipile-msgraph.unipile-wrapper .cta-secondary:hover { background: #0f2736 !important; color: #ffffff !important; }<!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper h2 { font-size: 28px !important; }<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper .contrast-grid { grid-template-columns: 1fr !important; }<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper .features-grid { grid-template-columns: 1fr 1fr !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper h2 { font-size: 26px !important; }<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper .features-grid { grid-template-columns: 1fr !important; }<!-- [et_pb_line_break_holder] -->  #upl-unipile-msgraph.unipile-wrapper .cta-actions { flex-direction: column !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><div id=\"upl-unipile-msgraph\" class=\"unipile-wrapper\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-unipile\"><\/span><!-- [et_pb_line_break_holder] -->  <div class=\"section-eyebrow\"><span>The Unipile Alternative<\/span><\/div><!-- [et_pb_line_break_holder] -->  <h2>Skip 5 Weeks of OAuth Plumbing with Unipile<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"section-desc\">Everything in this guide &#8211; Entra app registration, authority endpoints, scope selection, PKCE, token rotation, AADSTS error handling &#8211; is engineering time that does not move your product forward. Unipile handles the entire Microsoft Graph OAuth stack as a managed service, so your team writes one API call instead of 500 lines of OAuth plumbing.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"contrast-grid\"><!-- [et_pb_line_break_holder] -->    <div class=\"contrast-card diy\"><!-- [et_pb_line_break_holder] -->      <div class=\"contrast-title\">Building it yourself<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"contrast-list\"><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Entra app registration and configuration<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>PKCE implementation and code challenge generation<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Refresh token storage, rotation, and expiry handling<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Admin consent flow for enterprise customers<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>AADSTS error handling and re-auth prompts<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Client secret rotation before expiry<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Conditional Access caveat handling per tenant<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#EA4335\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><line x1=\"18\" y1=\"6\" x2=\"6\" y2=\"18\"\/><line x1=\"6\" y1=\"6\" x2=\"18\" y2=\"18\"\/><\/svg><span>Separate OAuth stacks for Gmail and IMAP providers<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"contrast-card unipile\"><!-- [et_pb_line_break_holder] -->      <div class=\"contrast-title\">Using Unipile<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"contrast-list\"><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>One POST to generate a hosted auth link<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Unipile manages PKCE, tokens, and refresh automatically<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Tokens never stored in your database &#8211; Unipile handles it<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Same API for Microsoft, Gmail, and IMAP accounts<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Webhook notifications when accounts need re-auth<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Branded consent screen with your own Entra app credentials<\/span><\/div><!-- [et_pb_line_break_holder] -->        <div class=\"contrast-item\"><svg width=\"14\" height=\"14\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"#3BB98B\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Ship your email integration in hours, not weeks<\/span><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"code-section-title\">How Unipile hosted Microsoft OAuth works<\/div><!-- [et_pb_line_break_holder] -->  <div class=\"code-section-desc\">Your backend calls one endpoint to generate a hosted auth link. Your user clicks it, authenticates with Microsoft, and Unipile manages the full OAuth flow &#8211; Entra redirect, scope handling, token exchange, and refresh. The linked account is then available via Unipile&#8217;s unified email API.<\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"code-wrapper\"><!-- [et_pb_line_break_holder] -->    <div class=\"editor-bar\"><span class=\"dot dot-r\"><\/span><span class=\"dot dot-y\"><\/span><span class=\"dot dot-g\"><\/span><span class=\"filename\">unipile_microsoft_oauth.py<\/span><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"pre\"><code><span class=\"k\">import<\/span><span class=\"w\"> requests<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"w\">UNIPILE_API_URL <\/span><span class=\"k\">=<\/span><span class=\"w\"> <\/span><span class=\"s\">\"https:\/\/apiXXX.unipile.com:XXX\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">UNIPILE_API_KEY <\/span><span class=\"k\">=<\/span><span class=\"w\"> <\/span><span class=\"s\">\"your-api-key\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Step 1: Generate a hosted auth link for Microsoft<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">response = requests.<\/span><span class=\"fn\">post<\/span><span class=\"w\">(<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"{UNIPILE_API_URL}\/api\/v1\/hosted\/accounts\/link\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    headers={<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"X-API-KEY\"<\/span><span class=\"w\">: UNIPILE_API_KEY,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"Content-Type\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"application\/json\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    },<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    json={<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"type\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"create\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"providers\"<\/span><span class=\"w\">: [<\/span><span class=\"s\">\"MICROSOFT\"<\/span><span class=\"w\">],<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"api_url\"<\/span><span class=\"w\">: UNIPILE_API_URL,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"expiresOn\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"2026-12-31T23:59:59Z\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"c\"># Optional: tie this link to a specific user<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"name\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"user_id_123\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"c\"># Optional: get notified when account is linked<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">        <\/span><span class=\"s\">\"notify_url\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"https:\/\/app.yourproduct.com\/webhooks\/account-linked\"<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    }<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">)<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Step 2: Redirect your user to this URL<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">hosted_auth_url <\/span><span class=\"k\">=<\/span><span class=\"w\"> response.<\/span><span class=\"fn\">json<\/span><span class=\"w\">()[<\/span><span class=\"s\">\"url\"<\/span><span class=\"w\">]<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># Example: https:\/\/account.unipile.com\/[encoded-token]<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Unipile handles: Entra redirect, consent screen, PKCE,<\/span><!-- [et_pb_line_break_holder] --><span class=\"c\"># token exchange, refresh token storage, scope management<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\"><!-- [et_pb_line_break_holder] --><\/span><span class=\"c\"># Step 3: After auth, use Unipile's email API to read\/send<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">emails = requests.<\/span><span class=\"fn\">get<\/span><span class=\"w\">(<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    <\/span><span class=\"s\">f\"{UNIPILE_API_URL}\/api\/v1\/emails\"<\/span><span class=\"w\">,<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    headers={<\/span><span class=\"s\">\"X-API-KEY\"<\/span><span class=\"w\">: UNIPILE_API_KEY},<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">    params={<\/span><span class=\"s\">\"account_id\"<\/span><span class=\"w\">: <\/span><span class=\"s\">\"linked-account-id\"<\/span><span class=\"w\">}<\/span><!-- [et_pb_line_break_holder] --><span class=\"w\">)<\/span><\/code><\/div><!-- [et_pb_line_break_holder] -->    <div class=\"editor-ok\"><svg width=\"12\" height=\"12\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><polyline points=\"20 6 9 17 4 12\"\/><\/svg><span>Microsoft OAuth complete. Mailbox available via unified API.<\/span><\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"features-grid\" style=\"margin-top:40px!important;\"><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Hosted auth flow<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">Unipile hosts the OAuth consent screen. Your users see a clean branded flow. No redirect URI maintenance, no CORS issues, no localhost vs production URL juggling.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Token management<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">Unipile stores and rotates Microsoft OAuth tokens on your behalf. Refresh token rotation, 90-day inactivity monitoring, and re-auth notifications are handled automatically.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Unified email API<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">After linking, Microsoft, Gmail, and IMAP mailboxes all respond to the same Unipile email endpoints. One integration serves all three providers.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Your own Entra credentials<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">Configure your own Microsoft Entra app credentials in the Unipile dashboard. Your users see your app name on Microsoft&#8217;s consent screen, not Unipile&#8217;s.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Webhook notifications<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">Receive a webhook when a linked account needs re-authentication (expired refresh token, admin revocation, Conditional Access change). Surface the re-auth prompt immediately in your product.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->    <div class=\"feature-card\"><!-- [et_pb_line_break_holder] -->      <div class=\"feature-title\">Read, send, and sync<\/div><!-- [et_pb_line_break_holder] -->      <div class=\"feature-text\">After Microsoft OAuth via Unipile, you can read emails, send emails, sync threads, manage folders, and handle attachments &#8211; all via Unipile&#8217;s unified email API. No separate Microsoft Graph client needed.<\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"compliance-block\"><!-- [et_pb_line_break_holder] -->    <div class=\"compliance-title\">How Unipile operates<\/div><!-- [et_pb_line_break_holder] -->    <div class=\"compliance-text\">Unipile is an independent technical intermediary that acts on behalf of each authenticated user via Microsoft-issued OAuth tokens. When a user links their Outlook or Microsoft 365 mailbox, Unipile operates exclusively using that user&#8217;s delegated permissions. Unipile is not affiliated with, endorsed by, or sponsored by Microsoft. We use the public Microsoft Graph API on behalf of authenticated end users. Each account operates within that user&#8217;s own Microsoft Entra identity and their organization&#8217;s Conditional Access policies.<\/div><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"cta-actions\"><!-- [et_pb_line_break_holder] -->    <a href=\"https:\/\/dashboard.unipile.com\/signup\/\" target=\"_blank\" class=\"cta-primary\"><svg width=\"16\" height=\"16\" viewBox=\"0 0 24 24\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\"><path d=\"M13 2L3 14h9l-1 8 10-12h-9l1-8z\"\/><\/svg><span>Start building your Microsoft OAuth flow<\/span><\/a><!-- [et_pb_line_break_holder] -->    <a href=\"https:\/\/www.unipile.com\/microsoft-graph-api-email-integration-guide\/\" class=\"cta-secondary\"><span>MS Graph Email Guide<\/span><\/a><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.27.4&#8243; background_color=&#8221;transparent&#8221; custom_padding=&#8221;50px|0px|50px|0px|true|false&#8221; da_disable_devices=&#8221;off|off|off&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221; da_is_popup=&#8221;off&#8221; da_exit_intent=&#8221;off&#8221; da_has_close=&#8221;on&#8221; da_alt_close=&#8221;off&#8221; da_dark_close=&#8221;off&#8221; da_not_modal=&#8221;on&#8221; da_is_singular=&#8221;off&#8221; da_with_loader=&#8221;off&#8221; da_has_shadow=&#8221;on&#8221;][et_pb_row _builder_version=&#8221;4.27.0&#8243; custom_padding=&#8221;0px|0px|0px|0px&#8221; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.27.0&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;][et_pb_code _builder_version=&#8221;4.27.4&#8243; global_colors_info=&#8221;{}&#8221; theme_builder_area=&#8221;post_content&#8221;]<link href=\"https:\/\/fonts.googleapis.com\/css2?family=Inter:wght@400;500;600;700&#038;family=Poppins:wght@700;800&#038;display=swap\" rel=\"stylesheet\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><script type=\"application\/ld+json\"><!-- [et_pb_line_break_holder] -->{<!-- [et_pb_line_break_holder] -->  \"@context\": \"https:\/\/schema.org\",<!-- [et_pb_line_break_holder] -->  \"@type\": \"FAQPage\",<!-- [et_pb_line_break_holder] -->  \"mainEntity\": [<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"Does Microsoft Graph OAuth work for both Outlook.com and Microsoft 365 accounts?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"Yes. Using the \/common authority endpoint, a single Microsoft Entra app registration handles authentication for both personal Outlook.com accounts and Microsoft 365 work\/school accounts. The key is selecting 'Accounts in any organizational directory and personal Microsoft accounts' when registering your app.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"What happens to OAuth tokens when a Microsoft 365 user leaves their company?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"When an IT admin disables or deletes a user account in Microsoft Entra ID, all of that user's refresh tokens are immediately revoked. Your next attempt to use the refresh token will return an invalid_grant error. Handle it by marking the linked account as needing re-authentication and surfacing a re-auth prompt to the user.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"Is admin consent required to read Outlook emails via Microsoft Graph OAuth?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"No, for standard Delegated permissions. Mail.Read, Mail.ReadWrite, and Mail.Send are user-consent scopes - individual users can approve them during the OAuth flow without IT admin involvement. Admin consent is only required for Application permissions or high-privilege scopes like User.Read.All.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"How long do Microsoft Graph refresh tokens last?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"Microsoft Graph refresh tokens expire after 90 days of inactivity. As long as the user actively uses your app and you refresh the access token before it expires, the refresh token renews on use. Conditional Access policy changes, admin revocation, or password changes can also invalidate refresh tokens before the 90-day mark.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"What is the difference between AADSTS65001 and AADSTS90099?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"AADSTS65001 means the user has not yet consented to one or more specific scopes your app is requesting. Fix: include prompt=consent in your authorization URL. AADSTS90099 means the entire application has not been authorized in that user's tenant. Fix: send the admin consent URL to the tenant administrator.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"Can I use the same Entra app registration for both reading and sending emails?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"Yes. Request both Mail.ReadWrite and Mail.Send in the same scope string. Note that Mail.ReadWrite and Mail.Send are separate scopes - having read\/write access does not automatically grant send permission. Always include offline_access to ensure you receive a refresh token.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"Does Unipile store Microsoft OAuth tokens in my database?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"No. When you use Unipile's hosted Microsoft auth flow, Unipile manages all OAuth tokens on your behalf. Your application never handles or stores Microsoft access tokens or refresh tokens directly. You interact with linked accounts exclusively through Unipile's API using your Unipile API key.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    },<!-- [et_pb_line_break_holder] -->    {<!-- [et_pb_line_break_holder] -->      \"@type\": \"Question\",<!-- [et_pb_line_break_holder] -->      \"name\": \"Is Unipile affiliated with Microsoft?\",<!-- [et_pb_line_break_holder] -->      \"acceptedAnswer\": {<!-- [et_pb_line_break_holder] -->        \"@type\": \"Answer\",<!-- [et_pb_line_break_holder] -->        \"text\": \"No. Unipile is not affiliated with, endorsed by, or sponsored by Microsoft. Unipile is an independent technical intermediary that uses the public Microsoft Graph API on behalf of authenticated end users. Each integration operates via Microsoft-issued OAuth tokens under that user's own identity and their organization's Conditional Access policies.\"<!-- [et_pb_line_break_holder] -->      }<!-- [et_pb_line_break_holder] -->    }<!-- [et_pb_line_break_holder] -->  ]<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/script><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><style><!-- [et_pb_line_break_holder] -->#upl-faq-msgraph,<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph *,<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph *::before,<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph *::after {<!-- [et_pb_line_break_holder] -->  margin: 0 !important;<!-- [et_pb_line_break_holder] -->  padding: 0 !important;<!-- [et_pb_line_break_holder] -->  box-sizing: border-box !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->  outline: none !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif !important;<!-- [et_pb_line_break_holder] -->  line-height: normal !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: normal !important;<!-- [et_pb_line_break_holder] -->  text-transform: none !important;<!-- [et_pb_line_break_holder] -->  text-decoration: none !important;<!-- [et_pb_line_break_holder] -->  list-style: none !important;<!-- [et_pb_line_break_holder] -->  background: transparent !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->#upl-faq-msgraph {<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->  width: 100% !important;<!-- [et_pb_line_break_holder] -->  max-width: 860px !important;<!-- [et_pb_line_break_holder] -->  margin: 0 auto !important;<!-- [et_pb_line_break_holder] -->  padding: 60px 20px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-badge {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 7px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  padding: 5px 13px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 20px !important;<!-- [et_pb_line_break_holder] -->  font-size: 11px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  text-transform: uppercase !important;<!-- [et_pb_line_break_holder] -->  letter-spacing: 0.6px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 16px !important;<!-- [et_pb_line_break_holder] -->  width: fit-content !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-badge-dot {<!-- [et_pb_line_break_holder] -->  width: 6px !important;<!-- [et_pb_line_break_holder] -->  height: 6px !important;<!-- [et_pb_line_break_holder] -->  background: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  border-radius: 50% !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-h2 {<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 35px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.2 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 10px !important;<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-subtitle {<!-- [et_pb_line_break_holder] -->  font-size: 15px !important;<!-- [et_pb_line_break_holder] -->  color: #64748b !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.7 !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 36px !important;<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->  max-width: 640px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-list {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  flex-direction: column !important;<!-- [et_pb_line_break_holder] -->  gap: 10px !important;<!-- [et_pb_line_break_holder] -->  margin-bottom: 32px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item {<!-- [et_pb_line_break_holder] -->  background: #ffffff !important;<!-- [et_pb_line_break_holder] -->  border: 1.5px solid #e5e7eb !important;<!-- [et_pb_line_break_holder] -->  border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->  transition: border-color 0.22s ease, box-shadow 0.22s ease !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item:hover {<!-- [et_pb_line_break_holder] -->  border-color: #c8e8de !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item.umg-open {<!-- [et_pb_line_break_holder] -->  border-color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  box-shadow: 0 4px 20px rgba(59,185,139,0.10) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-question {<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 14px !important;<!-- [et_pb_line_break_holder] -->  padding: 18px 20px !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  user-select: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-num {<!-- [et_pb_line_break_holder] -->  width: 34px !important;<!-- [et_pb_line_break_holder] -->  height: 34px !important;<!-- [et_pb_line_break_holder] -->  min-width: 34px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 9px !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.10) !important;<!-- [et_pb_line_break_holder] -->  color: #2aaa7e !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Poppins', sans-serif !important;<!-- [et_pb_line_break_holder] -->  font-size: 12px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  transition: background 0.2s, color 0.2s !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item.umg-open .umg-num {<!-- [et_pb_line_break_holder] -->  background: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-q-text {<!-- [et_pb_line_break_holder] -->  flex: 1 !important;<!-- [et_pb_line_break_holder] -->  font-size: 14.5px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 600 !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.4 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-icon {<!-- [et_pb_line_break_holder] -->  width: 26px !important;<!-- [et_pb_line_break_holder] -->  height: 26px !important;<!-- [et_pb_line_break_holder] -->  min-width: 26px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 7px !important;<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: center !important;<!-- [et_pb_line_break_holder] -->  flex-shrink: 0 !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.25s ease, background 0.2s !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item.umg-open .umg-icon {<!-- [et_pb_line_break_holder] -->  transform: rotate(45deg) !important;<!-- [et_pb_line_break_holder] -->  background: rgba(59,185,139,0.12) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-icon svg {<!-- [et_pb_line_break_holder] -->  width: 14px !important;<!-- [et_pb_line_break_holder] -->  height: 14px !important;<!-- [et_pb_line_break_holder] -->  stroke: #94a3b8 !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2.5 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->  transition: stroke 0.2s !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item.umg-open .umg-icon svg {<!-- [et_pb_line_break_holder] -->  stroke: #3BB98B !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-answer {<!-- [et_pb_line_break_holder] -->  max-height: 0 !important;<!-- [et_pb_line_break_holder] -->  overflow: hidden !important;<!-- [et_pb_line_break_holder] -->  transition: max-height 0.35s ease !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-item.umg-open .umg-answer {<!-- [et_pb_line_break_holder] -->  max-height: 600px !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-answer-inner {<!-- [et_pb_line_break_holder] -->  padding: 0 20px 22px 68px !important;<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: #383838 !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.75 !important;<!-- [et_pb_line_break_holder] -->  display: block !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-answer-inner code {<!-- [et_pb_line_break_holder] -->  background: #f4f5f7 !important;<!-- [et_pb_line_break_holder] -->  padding: 2px 6px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 4px !important;<!-- [et_pb_line_break_holder] -->  font-family: 'Courier New', monospace !important;<!-- [et_pb_line_break_holder] -->  font-size: 12.5px !important;<!-- [et_pb_line_break_holder] -->  color: #0078d4 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-answer-inner a {<!-- [et_pb_line_break_holder] -->  color: #3BB98B !important;<!-- [et_pb_line_break_holder] -->  text-decoration: underline !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-answer-inner strong {<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta {<!-- [et_pb_line_break_holder] -->  background: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  border-radius: 14px !important;<!-- [et_pb_line_break_holder] -->  padding: 22px 26px !important;<!-- [et_pb_line_break_holder] -->  display: flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  justify-content: space-between !important;<!-- [et_pb_line_break_holder] -->  gap: 16px !important;<!-- [et_pb_line_break_holder] -->  flex-wrap: wrap !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta-text {<!-- [et_pb_line_break_holder] -->  font-size: 14px !important;<!-- [et_pb_line_break_holder] -->  color: rgba(255,255,255,0.75) !important;<!-- [et_pb_line_break_holder] -->  line-height: 1.5 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta-text strong {<!-- [et_pb_line_break_holder] -->  color: #ffffff !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta-btn {<!-- [et_pb_line_break_holder] -->  display: inline-flex !important;<!-- [et_pb_line_break_holder] -->  align-items: center !important;<!-- [et_pb_line_break_holder] -->  gap: 7px !important;<!-- [et_pb_line_break_holder] -->  background: #DDDF4C !important;<!-- [et_pb_line_break_holder] -->  color: #0f2736 !important;<!-- [et_pb_line_break_holder] -->  padding: 10px 20px !important;<!-- [et_pb_line_break_holder] -->  border-radius: 8px !important;<!-- [et_pb_line_break_holder] -->  font-size: 13.5px !important;<!-- [et_pb_line_break_holder] -->  font-weight: 700 !important;<!-- [et_pb_line_break_holder] -->  cursor: pointer !important;<!-- [et_pb_line_break_holder] -->  white-space: nowrap !important;<!-- [et_pb_line_break_holder] -->  transition: transform 0.2s, box-shadow 0.2s !important;<!-- [et_pb_line_break_holder] -->  border: none !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta-btn:hover {<!-- [et_pb_line_break_holder] -->  transform: translateY(-2px) !important;<!-- [et_pb_line_break_holder] -->  box-shadow: 0 6px 18px rgba(221,223,76,0.30) !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->#upl-faq-msgraph .umg-cta-btn svg {<!-- [et_pb_line_break_holder] -->  width: 13px !important;<!-- [et_pb_line_break_holder] -->  height: 13px !important;<!-- [et_pb_line_break_holder] -->  stroke: currentColor !important;<!-- [et_pb_line_break_holder] -->  fill: none !important;<!-- [et_pb_line_break_holder] -->  stroke-width: 2.5 !important;<!-- [et_pb_line_break_holder] -->  stroke-linecap: round !important;<!-- [et_pb_line_break_holder] -->  stroke-linejoin: round !important;<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->@media (max-width: 900px) {<!-- [et_pb_line_break_holder] -->  #upl-faq-msgraph .umg-h2 { font-size: 28px !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 600px) {<!-- [et_pb_line_break_holder] -->  #upl-faq-msgraph .umg-h2 { font-size: 26px !important; }<!-- [et_pb_line_break_holder] -->  #upl-faq-msgraph .umg-answer-inner { padding: 0 14px 18px 14px !important; }<!-- [et_pb_line_break_holder] -->  #upl-faq-msgraph .umg-cta { flex-direction: column !important; align-items: flex-start !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] -->@media (max-width: 400px) {<!-- [et_pb_line_break_holder] -->  #upl-faq-msgraph .umg-h2 { font-size: 26px !important; }<!-- [et_pb_line_break_holder] -->}<!-- [et_pb_line_break_holder] --><\/style><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><div id=\"upl-faq-msgraph\"><!-- [et_pb_line_break_holder] -->  <span id=\"msgraph-faq\" style=\"display:block;position:relative;top:-80px;visibility:hidden;\"><\/span><!-- [et_pb_line_break_holder] -->  <span class=\"umg-badge\"><span class=\"umg-badge-dot\"><\/span> FAQ<\/span><!-- [et_pb_line_break_holder] -->  <h2 class=\"umg-h2\">Frequently Asked Questions<\/h2><!-- [et_pb_line_break_holder] -->  <pee class=\"umg-subtitle\">The most common questions about Microsoft Graph OAuth for email integration, from scope selection to token lifecycle to enterprise consent flows.<\/pee><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"umg-list\" id=\"umg-faq-list\"><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item umg-open\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">01<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">Does Microsoft Graph OAuth work for both Outlook.com and Microsoft 365 accounts?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">Yes. Using the <code>\/common<\/code> authority endpoint, a single Microsoft Entra app registration handles authentication for both personal Outlook.com accounts and Microsoft 365 work\/school accounts. The key is selecting &#8220;Accounts in any organizational directory and personal Microsoft accounts&#8221; when registering your app in the Azure portal.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">02<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">What happens to OAuth tokens when a Microsoft 365 user leaves their company?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">When an IT admin disables or deletes a user account in Microsoft Entra ID, all of that user&#8217;s refresh tokens are immediately revoked. Your next token refresh attempt returns an <code>invalid_grant<\/code> error. Handle this gracefully: mark the linked account as requiring re-authentication and surface a clear re-auth prompt in your product. This is expected behavior &#8211; a customer-side decision beyond your control.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">03<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">Is admin consent required to read Outlook emails via Microsoft Graph OAuth?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">No, for standard Delegated permissions. <code>Mail.Read<\/code>, <code>Mail.ReadWrite<\/code>, and <code>Mail.Send<\/code> are user-consent scopes &#8211; individual users can approve them during the OAuth flow. Admin consent is only required for Application permissions or high-privilege scopes like <code>User.Read.All<\/code>. Some enterprise tenants configure policies that block all third-party app consent &#8211; that is a customer-side decision.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">04<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">How long do Microsoft Graph refresh tokens last?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">Refresh tokens expire after 90 days of inactivity. As long as your app uses the refresh token regularly (which happens automatically when refreshing access tokens before they expire every 60-90 minutes), the refresh token stays alive. Conditional Access policy changes, password resets, or admin revocation can invalidate them early. Always handle <code>invalid_grant<\/code> errors and replace old refresh tokens with the new one returned in each token response.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">05<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">What is the difference between AADSTS65001 and AADSTS90099?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\"><strong>AADSTS65001<\/strong>: The user has not yet consented to one or more specific scopes. Fix: add <code>prompt=consent<\/code> to your authorization URL to force a fresh consent screen. <strong>AADSTS90099<\/strong>: The entire application has not been authorized in that tenant &#8211; the tenant admin needs to pre-approve your app. Send the admin consent URL to the customer&#8217;s IT admin. Both errors are common in enterprise scenarios where tenants restrict user consent.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">06<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">Can I use the same Entra app registration for both reading and sending emails?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">Yes. Request both <code>Mail.ReadWrite<\/code> and <code>Mail.Send<\/code> in the same scope string. Note that <code>Mail.ReadWrite<\/code> and <code>Mail.Send<\/code> are separate scopes &#8211; having read\/write access does not automatically grant send permission. Always include <code>offline_access<\/code> to ensure you receive a refresh token. See the <a href=\"https:\/\/www.unipile.com\/communication-api\/email-api\/\">email API page<\/a> for implementation details.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">07<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">Does Unipile store Microsoft OAuth tokens in my database?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">No. When you use Unipile&#8217;s hosted Microsoft auth flow, Unipile manages all OAuth tokens on your behalf. Your application never handles Microsoft access tokens or refresh tokens directly. You interact with linked accounts exclusively through Unipile&#8217;s unified email API using your Unipile API key. This eliminates token storage, rotation, and security requirements from your own infrastructure.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->    <div class=\"umg-item\"><!-- [et_pb_line_break_holder] -->      <div class=\"umg-question\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-num\">08<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-q-text\">Is Unipile affiliated with Microsoft?<\/div><!-- [et_pb_line_break_holder] -->        <div class=\"umg-icon\"><svg viewBox=\"0 0 24 24\"><line x1=\"12\" y1=\"5\" x2=\"12\" y2=\"19\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><line x1=\"5\" y1=\"12\" x2=\"19\" y2=\"12\" stroke=\"#94a3b8\" stroke-width=\"2.5\" stroke-linecap=\"round\"\/><\/svg><\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->      <div class=\"umg-answer\"><!-- [et_pb_line_break_holder] -->        <div class=\"umg-answer-inner\">No. Unipile is not affiliated with, endorsed by, or sponsored by Microsoft. Unipile is an independent technical intermediary that uses the public Microsoft Graph API on behalf of authenticated end users. Each integration operates via Microsoft-issued OAuth tokens under that user&#8217;s own identity and their organization&#8217;s Conditional Access policies. Microsoft Graph and Microsoft Entra are trademarks of Microsoft Corporation.<\/div><!-- [et_pb_line_break_holder] -->      <\/div><!-- [et_pb_line_break_holder] -->    <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] -->  <div class=\"umg-cta\"><!-- [et_pb_line_break_holder] -->    <div class=\"umg-cta-text\"><strong>Still have questions?<\/strong> Our team can walk you through Microsoft Graph OAuth for your specific use case.<\/div><!-- [et_pb_line_break_holder] -->    <button class=\"umg-cta-btn\" onclick=\"if(window.$crisp){$crisp.push(['do','chat:open'])}\"><!-- [et_pb_line_break_holder] -->      Talk to an expert<!-- [et_pb_line_break_holder] -->      <svg viewBox=\"0 0 24 24\" aria-hidden=\"true\"><path d=\"M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2z\" stroke=\"currentColor\" stroke-width=\"2.5\" stroke-linecap=\"round\" stroke-linejoin=\"round\" fill=\"none\"\/><\/svg><!-- [et_pb_line_break_holder] -->    <\/button><!-- [et_pb_line_break_holder] -->  <\/div><!-- [et_pb_line_break_holder] --><\/div><!-- [et_pb_line_break_holder] --><!-- [et_pb_line_break_holder] --><script><!-- [et_pb_line_break_holder] -->(function(){<!-- [et_pb_line_break_holder] -->  function umgFaqInit(){<!-- [et_pb_line_break_holder] -->    var list = document.getElementById('umg-faq-list');<!-- [et_pb_line_break_holder] -->    if(!list) return;<!-- [et_pb_line_break_holder] -->    var items = list.querySelectorAll('.umg-item');<!-- [et_pb_line_break_holder] -->    items.forEach(function(item){<!-- [et_pb_line_break_holder] -->      var q = item.querySelector('.umg-question');<!-- [et_pb_line_break_holder] -->      if(!q) return;<!-- [et_pb_line_break_holder] -->      q.addEventListener('click', function(){<!-- [et_pb_line_break_holder] -->        var isOpen = item.classList.contains('umg-open');<!-- [et_pb_line_break_holder] -->        items.forEach(function(i){ i.classList.remove('umg-open'); });<!-- [et_pb_line_break_holder] -->        if(!isOpen){ item.classList.add('umg-open'); }<!-- [et_pb_line_break_holder] -->      });<!-- [et_pb_line_break_holder] -->    });<!-- [et_pb_line_break_holder] -->  }<!-- [et_pb_line_break_holder] -->  if(document.readyState === 'loading'){<!-- [et_pb_line_break_holder] -->    document.addEventListener('DOMContentLoaded', umgFaqInit);<!-- [et_pb_line_break_holder] -->  } else { umgFaqInit(); }<!-- [et_pb_line_break_holder] -->})();<!-- [et_pb_line_break_holder] --><\/script>[\/et_pb_code][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Graph OAuth 2026 Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes A complete 2026 guide to Microsoft Graph OAuth for SaaS developers. Covers Microsoft Entra app registration, authority endpoints, Mail scopes, delegated vs application permissions, admin consent, auth code + PKCE, refresh token rotation, AADSTS error codes, and how Unipile eliminates 5 weeks [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":278782,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[105,73],"tags":[],"post_folder":[],"class_list":["post-278774","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-email-api-for-microsoft-outlook-integration","category-email-api-integration"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide) - Unipile<\/title>\n<meta name=\"description\" content=\"Step-by-step guide to Microsoft Graph OAuth for SaaS developers. Entra app registration, Mail scopes, PKCE flow, refresh tokens, and common AADSTS errors.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.unipile.com\/br\/microsoft-graph-oauth-email\/\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide) - Unipile\" \/>\n<meta property=\"og:description\" content=\"Step-by-step guide to Microsoft Graph OAuth for SaaS developers. Entra app registration, Mail scopes, PKCE flow, refresh tokens, and common AADSTS errors.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.unipile.com\/br\/microsoft-graph-oauth-email\/\" \/>\n<meta property=\"og:site_name\" content=\"Unipile\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/unipilefr\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-12T08:32:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-12T08:34:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2400\" \/>\n\t<meta property=\"og:image:height\" content=\"1260\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Damien Girardeau\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@UnipileAPI\" \/>\n<meta name=\"twitter:site\" content=\"@UnipileAPI\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Damien Girardeau\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"23 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/\"},\"author\":{\"name\":\"Damien Girardeau\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#\\\/schema\\\/person\\\/a2ac44e22bdc27d497ce8b58716a673e\"},\"headline\":\"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide)\",\"datePublished\":\"2026-05-12T08:32:10+00:00\",\"dateModified\":\"2026-05-12T08:34:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/\"},\"wordCount\":6994,\"publisher\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/microsoft-graph-oauth-email.png\",\"articleSection\":[\"Email API for Microsoft Outlook Integration\",\"Email API Integration\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/\",\"url\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/\",\"name\":\"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide) - Unipile\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/microsoft-graph-oauth-email.png\",\"datePublished\":\"2026-05-12T08:32:10+00:00\",\"dateModified\":\"2026-05-12T08:34:14+00:00\",\"description\":\"Step-by-step guide to Microsoft Graph OAuth for SaaS developers. Entra app registration, Mail scopes, PKCE flow, refresh tokens, and common AADSTS errors.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/microsoft-graph-oauth-email.png\",\"contentUrl\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/microsoft-graph-oauth-email.png\",\"width\":2400,\"height\":1260,\"caption\":\"Microsoft Graph OAuth featured image\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/microsoft-graph-oauth-email\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.unipile.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#website\",\"url\":\"https:\\\/\\\/www.unipile.com\\\/\",\"name\":\"Unipile\",\"description\":\"Integrate Messaging &amp; Email, Connect with Ease via API\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.unipile.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#organization\",\"name\":\"Unipile\",\"url\":\"https:\\\/\\\/www.unipile.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/logo-unipile.png\",\"contentUrl\":\"https:\\\/\\\/www.unipile.com\\\/wp-content\\\/uploads\\\/2021\\\/05\\\/logo-unipile.png\",\"width\":200,\"height\":49,\"caption\":\"Unipile\"},\"image\":{\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/unipilefr\",\"https:\\\/\\\/x.com\\\/UnipileAPI\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/unipile\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.unipile.com\\\/#\\\/schema\\\/person\\\/a2ac44e22bdc27d497ce8b58716a673e\",\"name\":\"Damien Girardeau\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g\",\"caption\":\"Damien Girardeau\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Graph OAuth: Autenticando Caixas de Correio do Outlook e Microsoft 365 (Guia 2026) - Unipile","description":"Guia passo a passo para Microsoft Graph OAuth para desenvolvedores SaaS. Registro de aplicativo Entra, escopos de Mail, fluxo PKCE, tokens de atualiza\u00e7\u00e3o e erros comuns do AADSTS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.unipile.com\/br\/microsoft-graph-oauth-email\/","og_locale":"pt_BR","og_type":"article","og_title":"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide) - Unipile","og_description":"Step-by-step guide to Microsoft Graph OAuth for SaaS developers. Entra app registration, Mail scopes, PKCE flow, refresh tokens, and common AADSTS errors.","og_url":"https:\/\/www.unipile.com\/br\/microsoft-graph-oauth-email\/","og_site_name":"Unipile","article_publisher":"https:\/\/www.facebook.com\/unipilefr","article_published_time":"2026-05-12T08:32:10+00:00","article_modified_time":"2026-05-12T08:34:14+00:00","og_image":[{"width":2400,"height":1260,"url":"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png","type":"image\/png"}],"author":"Damien Girardeau","twitter_card":"summary_large_image","twitter_creator":"@UnipileAPI","twitter_site":"@UnipileAPI","twitter_misc":{"Escrito por":"Damien Girardeau","Est. tempo de leitura":"23 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#article","isPartOf":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/"},"author":{"name":"Damien Girardeau","@id":"https:\/\/www.unipile.com\/#\/schema\/person\/a2ac44e22bdc27d497ce8b58716a673e"},"headline":"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide)","datePublished":"2026-05-12T08:32:10+00:00","dateModified":"2026-05-12T08:34:14+00:00","mainEntityOfPage":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/"},"wordCount":6994,"publisher":{"@id":"https:\/\/www.unipile.com\/#organization"},"image":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#primaryimage"},"thumbnailUrl":"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png","articleSection":["Email API for Microsoft Outlook Integration","Email API Integration"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/","url":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/","name":"Microsoft Graph OAuth: Autenticando Caixas de Correio do Outlook e Microsoft 365 (Guia 2026) - Unipile","isPartOf":{"@id":"https:\/\/www.unipile.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#primaryimage"},"image":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#primaryimage"},"thumbnailUrl":"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png","datePublished":"2026-05-12T08:32:10+00:00","dateModified":"2026-05-12T08:34:14+00:00","description":"Guia passo a passo para Microsoft Graph OAuth para desenvolvedores SaaS. Registro de aplicativo Entra, escopos de Mail, fluxo PKCE, tokens de atualiza\u00e7\u00e3o e erros comuns do AADSTS.","breadcrumb":{"@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#primaryimage","url":"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png","contentUrl":"https:\/\/www.unipile.com\/wp-content\/uploads\/2026\/05\/microsoft-graph-oauth-email.png","width":2400,"height":1260,"caption":"Microsoft Graph OAuth featured image"},{"@type":"BreadcrumbList","@id":"https:\/\/www.unipile.com\/microsoft-graph-oauth-email\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.unipile.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft Graph OAuth: Authenticate Outlook and Microsoft 365 Mailboxes (2026 Guide)"}]},{"@type":"WebSite","@id":"https:\/\/www.unipile.com\/#website","url":"https:\/\/www.unipile.com\/","name":"Unipile","description":"Integre mensagens e e-mail, conecte-se com facilidade via API","publisher":{"@id":"https:\/\/www.unipile.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.unipile.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.unipile.com\/#organization","name":"Unipile","url":"https:\/\/www.unipile.com\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.unipile.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.unipile.com\/wp-content\/uploads\/2021\/05\/logo-unipile.png","contentUrl":"https:\/\/www.unipile.com\/wp-content\/uploads\/2021\/05\/logo-unipile.png","width":200,"height":49,"caption":"Unipile"},"image":{"@id":"https:\/\/www.unipile.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/unipilefr","https:\/\/x.com\/UnipileAPI","https:\/\/www.linkedin.com\/company\/unipile\/"]},{"@type":"Person","@id":"https:\/\/www.unipile.com\/#\/schema\/person\/a2ac44e22bdc27d497ce8b58716a673e","name":"Damien Girardeau","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/12dd140720736a8db29f540c42a17d2680cd54a04fb26bb7b55423c179b065a9?s=96&d=mm&r=g","caption":"Damien Girardeau"}}]}},"_links":{"self":[{"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/posts\/278774","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/comments?post=278774"}],"version-history":[{"count":12,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/posts\/278774\/revisions"}],"predecessor-version":[{"id":278793,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/posts\/278774\/revisions\/278793"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/media\/278782"}],"wp:attachment":[{"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/media?parent=278774"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/categories?post=278774"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/tags?post=278774"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/www.unipile.com\/br\/wp-json\/wp\/v2\/post_folder?post=278774"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}