Only show these results:

Upgrade an Azure app to use Graph

If you already have an Azure app, but want upgrade it to use Graph, for example to use integrations such as Microsoft Teams, follow all of the steps below.

Add Relevant Graph Scopes

Add the scopes you need for your app to the Azure app.

  1. From the Azure portal home page, click Azure Active Directory.
  2. Click App Registrations.
  3. Click on the application you want to configure.
  4. On the left, click API Permissions.
  5. Click Add a permission.
  6. Click Microsoft Graph.
  7. Depending on the Nylas features you are using, add the permissions below:
    • Email Messages Read only | Mail.Read
    • Email Messages Read and Write | Mail.ReadWrite
    • Email Send | Mail.ReadWrite and Mail.Send
    • Calendar Read and Write | Calendar.ReadWrite
    • Contacts Read only | Contacts.Read
    • Contacts Read and Write | Contacts.ReadWrite
  8. If you will be using integrations like Microsoft Teams, click Delegated permissions, and use the search bar to find and add OnlineMeetings.ReadWrite.

Confirm that you requested all of the correct scopes before you continue.

Keep the existing EWS and EAS scopes

Nylas is migrating services over to Microsoft Graph in phases. Your integration might experience interruptions if you remove Exchange Web Service (EWS) or Exchange ActiveSync (EAS) scopes. You'll receive an update from Nylas when you can remove these scopes.

In the Azure App Manage section, the API permissions tab shows configured permissions for Microsoft Graph.

Re-authenticate Users

You must re-authenticate your users to add Graph-specific scopes for Nylas. These scopes are what switch your app to using Graph. You must re-authenticate for the changes to take effect.

To complete this, do one of the following:

  • Force re-authentication for your users.
  • Communicate the changes to your users for them to re-authenticate.

Add redirect URIs to the Azure app

  1. From within your app in the Azure portal, click Authentication.
  2. Click Add a platform.
  3. Click Web.
  4. The URI is required to complete the authentication flow. The URI you'll add depends on your location:
    • If you're in the United States, use
    • If you're in Europe, use
  5. Click Configure.
  6. Scroll down to the Implicit grant and hybrid flows heading and check both boxes:
    • Access tokens (used for implicit flows)
    • ID tokens (used for implicit and hybrid flows)
  7. Click Save.
  8. Scroll down to the Supported account types heading, and choose which type of application you're using.
    Use single tenant if you need to limit authentication to accounts from your specific organization, otherwise choose Multitenant. If you select Single tenant you need your tenant ID from the Overview page, and you must MDM verify your app before you can publish it.
  9. Click Save.

Get the client secret and value from the Azure app

If you already have your client secret and value, then you can skip this section.

  1. From within your app in the Azure portal, click Certificates & secrets.
  2. Click New client secret.
  3. Fill in the description field and select the duration you'd like it to be valid.
  4. Copy the value and keep it somewhere safe.