Upgrade an Azure app to use Graph
If you already have an Azure app, but want upgrade it to use Graph, for example to use integrations such as Microsoft Teams, follow all of the steps below.
Add Relevant Graph Scopes
Add the scopes you need for your app to the Azure app.
- From the Azure portal home page, click Azure Active Directory.
- Click App Registrations.
- Click on the application you want to configure.
- On the left, click API Permissions.
- Click Add a permission.
- Click Microsoft Graph.
- Depending on the Nylas features you are using, add the permissions below:
- Email Messages Read only |
Mail.Read
- Email Messages Read and Write |
Mail.ReadWrite
- Email Send |
Mail.ReadWrite
andMail.Send
- Calendar Read and Write |
Calendar.ReadWrite
- Contacts Read only |
Contacts.Read
- Contacts Read and Write |
Contacts.ReadWrite
- Email Messages Read only |
- If you will be using integrations like Microsoft Teams, click Delegated permissions, and use the search bar to find and add
OnlineMeetings.ReadWrite
.
Confirm that you requested all of the correct scopes before you continue.
Keep the existing EWS and EAS scopes
Nylas is migrating services over to Microsoft Graph in phases. Your integration might experience interruptions if you remove Exchange Web Service (EWS) or Exchange ActiveSync (EAS) scopes. You'll receive an update from Nylas when you can remove these scopes.

Re-authenticate Users
You must re-authenticate your users to add Graph-specific scopes for Nylas. These scopes are what switch your app to using Graph. You must re-authenticate for the changes to take effect.
To complete this, do one of the following:
- Force re-authentication for your users.
- Communicate the changes to your users for them to re-authenticate.
Add redirect URIs to the Azure app
- From within your app in the Azure portal, click Authentication.
- Click Add a platform.
- Click Web.
- The URI is required to complete the authentication flow. The URI you'll add depends on your location:
- If you're in the United States, use
https://beta.us.nylas.com/connect/callback
- If you're in Europe, use
https://beta.eu.nylas.com/connect/callback
- If you're in the United States, use
- Click Configure.
- Scroll down to the Implicit grant and hybrid flows heading and check both boxes:
- Access tokens (used for implicit flows)
- ID tokens (used for implicit and hybrid flows)
- Click Save.
- Scroll down to the Supported account types heading, and choose which type of application you're using.
Use single tenant if you need to limit authentication to accounts from your specific organization, otherwise choose Multitenant. If you select Single tenant you need your tenant ID from the Overview page, and you must MDM verify your app before you can publish it. - Click Save.
Get the client secret and value from the Azure app
If you already have your client secret and value, then you can skip this section.
- From within your app in the Azure portal, click Certificates & secrets.
- Click New client secret.
- Fill in the description field and select the duration you'd like it to be valid.
- Copy the value and keep it somewhere safe.