Microsoft / Outlook Setup Guide

Connect your Outlook.com personal account or Microsoft 365 organization account to FormBlade via SMTP or Microsoft Graph API.

This guide covers two connection methods:

• Outlook / O365 SMTP — traditional SMTP with app password or direct credentials. Simpler setup.
• Microsoft Graph API — OAuth-based connection through Azure AD (Entra ID). More secure, no stored passwords.

Outlook / Microsoft 365 SMTP

SMTP settings

Step 1: Check if SMTP AUTH is enabled (Microsoft 365 only)

Microsoft 365 administrators can disable SMTP AUTH for the entire organization. If you are on a work or school account, check with your IT administrator first.

Set-CASMailbox -Identity user@yourdomain.com -SmtpClientAuthenticationDisabled $false

Step 2: Generate an App Password (if using 2-Step Verification)

If your Microsoft account has 2-Step Verification (MFA) enabled, you need an App Password instead of your regular password.

For personal Outlook.com accounts:

1. Go to account.live.com/proofs/manage/additional
2. Under "App passwords", click Create a new app password
3. Copy the generated password

For Microsoft 365 accounts:

1. Go to mysignins.microsoft.com/security-info
2. Click Add sign-in method
3. Select App password
4. Name it "FormBlade" and click Next
5. Copy the generated password

Step 3: Configure FormBlade

1. Log in to your FormBlade dashboard
2. Open your form and go to the Settings tab
3. Under Email Provider, select Outlook (for personal) or Microsoft 365 (for work/school)
4. The host, port, and encryption are pre-filled based on your selection
5. Enter your full email address as the Username
6. Paste your App Password (or account password) as the Password
7. Set your From Email to the same address as the username
8. Click Save

Step 4: Send a test email

1. Click Send Test Email
2. Check your inbox for the test notification
3. If it fails, see the troubleshooting section below

Outlook SMTP limits

Microsoft Graph API Setup

The Microsoft Graph API uses OAuth 2.0, so no passwords are stored. Instead, FormBlade requests a token from Azure AD (now called Microsoft Entra ID) to send emails on your behalf.

Overview

The setup flow:

1. Register an application in Azure AD (Entra ID)
2. Configure API permissions for mail sending
3. Create a client secret
4. Connect in FormBlade via OAuth authorization

Step 1: Register an application in Azure AD

1. Go to Azure Portal → App registrations
2. Click New registration
3. Enter a name (e.g., "FormBlade Email")
4. Under "Supported account types", choose:
   • Single tenant — if only your organization needs access
   • Multitenant + personal accounts — if you want personal Outlook.com accounts to work too
5. Under Redirect URI, select Web and enter the callback URL shown in FormBlade's email provider settings (typically https://formblade.com/api/auth/microsoft/callback)
6. Click Register
7. Note the Application (client) ID and Directory (tenant) ID from the overview page

Step 2: Configure API permissions

1. In your app registration, go to API permissions
2. Click Add a permission
3. Select Microsoft Graph
4. Choose Delegated permissions (not Application permissions)
5. Search for Mail.Send and check the box
6. Click Add permissions

Step 3: Create a client secret

1. In your app registration, go to Certificates & secrets
2. Under "Client secrets", click New client secret
3. Enter a description (e.g., "FormBlade") and choose an expiration period
4. Click Add
5. Copy the secret Value immediately (it is only shown once)

Step 4: Connect in FormBlade

1. In your form's Settings tab, select Microsoft (Graph API) as the email provider
2. Enter the Application (client) ID from Azure AD
3. Enter the Client Secret you created
4. Enter the Tenant ID (or use "common" for multitenant apps)
5. Click Connect Microsoft
6. A Microsoft login window will open — sign in with the account you want to send from
7. Grant permission for FormBlade to send email on your behalf
8. You will be redirected back to FormBlade with the connection confirmed

Step 5: Send a test email

1. Click Send Test Email
2. Check your inbox for the test notification

Troubleshooting

SMTP: "Authentication unsuccessful" error

• O365 users: SMTP AUTH may be disabled for your mailbox. Ask your admin to enable it (see Step 1 in the SMTP section above)
• Personal accounts: Make sure you are using an App Password if 2-Step Verification is enabled
• Check that the username is your full email address (including the domain)
• Microsoft may temporarily block sign-ins from new locations. Check your email for a "suspicious activity" notice and approve it

SMTP: "Sending limit exceeded" error

• Personal Outlook.com accounts are limited to 300 emails/day, with a rate limit of 30 per minute
• New accounts may have even lower limits initially
• Wait 24 hours for the daily limit to reset. FormBlade will fall back to the default mail server in the meantime

Graph API: "AADSTS50011: redirect_uri does not match"

• The redirect URI in Azure AD must exactly match the one FormBlade uses
• Check for trailing slashes, http vs. https, or typos
• Go to your app registration → Authentication → Redirect URIs and verify the value

Graph API: "Insufficient privileges" error

• Make sure you added the Mail.Send permission under Delegated permissions (not Application permissions)
• If your organization requires admin consent, ask your IT admin to grant consent for the app in the Azure portal

Graph API: "Client secret expired"

• Azure AD client secrets expire after the period you set (6 months, 12 months, or 24 months max)
• Go to Azure Portal → App registrations → your app → Certificates & secrets
• Create a new client secret and update it in FormBlade's email provider settings
• Delete the expired secret from Azure AD

Emails not arriving from O365

• Check if your organization has outbound email policies or transport rules that block external sending from SMTP clients
• Verify that the sending account has an Exchange Online mailbox (shared mailboxes may not support SMTP AUTH)
• Check your organization's Exchange admin center for any delivery reports or quarantine actions

Sending limits summary

Microsoft 365 provides the highest free sending limits of any provider listed here (10,000/day), making it an excellent choice for organizations already using Office 365. Personal Outlook.com accounts are more limited at 300/day but still sufficient for low-traffic forms.

Common gotchas

• SMTP AUTH disabled by default in many orgs — Microsoft recommends modern authentication (OAuth), and many O365 administrators have disabled basic SMTP AUTH organization-wide. If you see "Authentication unsuccessful" errors, your admin needs to enable SMTP AUTH for your specific mailbox via the Microsoft 365 admin center or PowerShell.
• "From" address must match the login — Microsoft SMTP does not allow you to send from a different address than the one you authenticate with, unless the admin has granted explicit "Send As" permissions for that mailbox.
• New Outlook.com accounts have low initial limits — Recently created personal accounts may start with as few as 10–30 emails/day. These limits increase gradually as the account builds reputation over weeks of normal use.
• Azure AD client secrets expire — When using the Graph API, the client secret you create in Azure AD has a maximum lifetime of 24 months. Set a calendar reminder to rotate the secret before it expires, or your emails will stop sending.
• Redirect URI must match exactly — For the Graph API OAuth flow, the redirect URI configured in Azure AD must be a character-for-character match. Even a trailing slash difference will cause the authorization to fail.
• Delegated vs. Application permissions — Always use Delegated permissions (Mail.Send) for FormBlade. Application-level Mail.Send gives access to send as any user in the entire tenant, which is a serious security risk.
• Shared mailboxes may not support SMTP AUTH — If you are trying to send from a shared mailbox in O365, SMTP AUTH may not work. Use a regular user mailbox or the Graph API instead.

Quick reference: where to find things