ShareDo provides the ability to send outbound emails. Sending these from ShareDo allows the case and task audit history to track communications sent to participants on the case, and for responses to those emails to be tracked and associated with expectations. You can configure outbound email using the Outbound Email global feature.
Outbound email mechanisms
ShareDo supports the following outbound email mechanisms.
| Mechanism | Supported Integrations |
|---|---|
| SMTP | Supported in a wide variety of environments. In O365, a default endpoint of smtp.office365.com is provided on port 587 |
| Exchange Web Services | Supported in Exchange on-premise environments (EWS) services are available from Exchange 2010 SP2 to support outbound email. |
| Graph API | Supported for O365 and providing OAuth 2.0 authentication |
Sending emails using SMTP
SMTP has the advantage of being simple to set up and get going. However, this mechanism uses legacy/basic authentication. Email is sent from ShareDo via O365 secure SMTP (smtp.office365.com / port 587).
For implementations where ShareDo will be used for notification emails or sending from team email inboxes exclusively, this is a simple choice. Where there are requirements to send ‘from’ user mailboxes, and consistently view sent items, the setup becomes more complex and we recommend using the Graph API for sending emails.
Configure ShareDo to use SMTP for outbound email
In ShareDo, navigate to Features > Outbound email.
Select the Exchange Online – SMTP option.
Setup team mailboxes
As per the previous section, configure team inboxes as normal via the O365 portal.
Configure a service account in O365
For ShareDo to send email via O365, you will need to configure a service account with appropriate permissions. Configure this via the O365 portal as normal. If you have already configured a service account for using SharePoint as a DMS (see section 4), you can use the same service account, or provision a separate one.
It is important (presently) that if a password expiration policy is in place, that the account is either excluded from this policy, or passwords are kept in sync with the ShareDo deployment. Similarly, if 2FA is being used, an app password will need to be generated through the portal and this be used instead. (See introductory note about Q3 2019 release and how this configuration will change in the next release).
Configure sent items behaviour in O365
This is an optional step, but recommended to achieve expected behaviour for “Sent Items”.
By default, when an account is used to send mail from another mailbox, the email is placed in the sent items of the service account. Normally however, it is more desirable for the sent email to appear in the sent items folder of the account it was sent from.
In other words, if serviceaccount@mytenant.com is being used as the service account to send email from team address team1@mytenant.com, we would normally expect sent items to appear in team1's sent items folder, rather than the service accounts sent items folder.
Grant “send as” permissions for the service account
The final step is to allow our service account to send mail by granting it “send as” permission on the mailboxes it needs to send ‘from’. Note that this is different from “send on behalf of” permission. To configure, open https://admin.microsoft.com in your browser and find the mailbox under “Users”.
The selected user opens in a new blade. Select the “Mail” tab and click “Manage mailbox permissions”.
This then displays 3 permission categories – “Read and manage”, “Send as” and “Send on behalf”. Click the Edit link beside “Send as”.
Then click “Add permissions”.
Search for the service account user you set up earlier, select its checkbox and click Save.
This can also be setup using Exchange Online PowerShell.
To configure this behaviour correctly, use office 365 powershell (either locally or from azure cloud shell) and issue the following command for each mailbox.
Set-Mailbox [delegated-account] -MessageCopyForSentAsEnabled $true
The service account can now send emails from this inbox. You can test that by creating a new outbound email in ShareDo and selecting the email address to send from.
The Graph API mechanism is more complex to setup. To do this we require an Azure App Registration (you can use the same one being configured for Authentication and DMS integration) and some additional permissions.
Sending emails using Graph API
The Microsoft Graph API is a set of operations that cover functionality available across a wide range of O365 services.
Configure ShareDo to use Graph API for outbound email
In ShareDo, navigate to Features > Outbound email.
Select the Exchange Online –Graph API option.
Create a ShareDo App Registration in Office 365
Note, if you are also using O365 for authentication, you can skip this step and use the same application registered above. In that case, proceed from the next step.
Open the azure portal at https://portal.azure.com
From the left-hand menu select the “Azure Active Directory” resource.
Select the “App registrations” option.
Click on the “New registration” toolbar button.
Which will present this form.
Give the application a name (suggest “ShareDo[environment] – Exchange Online”), set “Accounts in this organizational directory only”.
Setup the redirect Uri
Next, click the “Authentication” button from the left-hand menu.
And in the Redirect URIs section, add a new redirect of type “Web”, with a value of https://[your-ShareDo-instance]/externalServices/replyFrom, then press the Save button.
Create a Client Secret
Client the “Certificates and Secrets” button.
Create a new Client Secret, ensuring that you capture the secret as it is created. You cannot retrieve this after creation.
Setup API Permissions
To allow the App Registration to interact with ShareDo on a user’s behalf a set of delegated API permissions are required.
In some organisations, these API permissions require Admin Consent to be granted. This allows users to agree to the API being used on their behalf.
The following delegated API Permissions should be added.
- offline_access
- Mail.Send
- Mail.ReadWrite
Once added, the permissions need to be given explicit admin consent.
All the permissions should now show they have been granted.
Gather information for configuring ShareDo
To configure the integration between O365 and ShareDo, you will need to gather the following information whilst in the azure portal’s app registration page.
- Tenant Id
- Client Id
- Client secret
You should have already copied the client secret when it was setup above. To get the tenant id and client id, click the “Overview” left-hand navigation option.
And this will show a summary as follows.
Copy the values for “Application (client) ID” and “Directory (tenant) ID”.
Setup the Exchange Online DMS linked service in ShareDo
Now that O365 is configured to know about ShareDo, we need to link ShareDo to O365. Go to your ShareDo installation and sign in as an administrator, then open the admin console and select Security > Manage Linked Services (/admin/oauth).
Select to Configure the Office 365 – Email link.
Click the “Configure” button on the “Office 365 – Email” card. (It’s presently red as its configuration is invalid, making the service entirely unavailable). You will be presented with the configuration blade for this service, as shown to the left.
Fill in the blanks under “Service Configuration” using the details from the app registration above.
- Tenant Id: Set this to the “Directory (tenant) ID” value.
- App Id: Set this to the “Application (client) ID” value.
- Client secret: Set this to the client secret configured earlier.
Once those fields are configured, click “Save and close” from the ribbon to return to the card list, where the “Office 365 – Sharepoint” card should update to show that it’s configuration is now valid.
Configure a service account for sending system email
ShareDo can send notification emails, which are sent by the system as a background process.
When the Graph API mechanism is being used, an O365 account needs to be linked to the system account of the integration. This O365 account should have full control over the mailbox being used to send notifications.
The mailbox for notifications is configured in the “Notifications” feature.
Sending from team email addresses using Graph API
ShareDo has configuration that allows users to send from their personal email accounts, or from team email addresses. The available team email addresses are determined by the teams that a user belongs to in ShareDo and the contact email addresses assigned to those teams.
For a user to be able to send from these addresses using the Graph API, they need to also have permission in Exchange Online for their specific user account to be able to send from these email addresses.
External Email Warning
If you want to warn the user they are sending email to people outside their organisation, configure it at the bottom of the Outbound Email blade.
