Your application must have an access token to call Microsoft Graph. The access token specifies the permissions that your application needs to use Microsoft Graph. You obtain the access token by registering your application in the Microsoft Azure portal.

To prepare your application to integrate with Microsoft Graph, complete the following steps:

1. Register your application in Microsoft Azure. For more information, see your Microsoft Azure developer documentation.
   Result: Registration provides the client ID and client secret. You need this information to create an OAuth 2.0 authentication profile in step 3. You also need the OAuth 2.0 token endpoint, for example, https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token. You get the tenant ID when you create a new tenant in the Microsoft Azure portal.
2. Make sure that you grant the appropriate permissions in your registered application.
   • Mail.Send
   • User.Read
   • Mail.ReadWrite
   The permissions that you grant depend on your email configuration in Pega Platform.

   Configuration choices	Mail.Send	User.Read	Mail.ReadWrite
   Use Microsoft Graph to send emails from Pega Platform	✔	✔	✔
   Use Microsoft Graph to receive emails in Pega Platform		✔	✔
   Use Microsoft Graph to both send and receive emails in Pega Platform	✔	✔	✔

   For more information, see your Microsoft Azure developer documentation.

3. Create an OAuth 2.0 authentication profile in your Pega Platform application by using the client ID, client secret, and OAuth 2.0 token endpoint from your registered Microsoft Azure application.
   Microsoft Graph supports the Client credentials and Password credentials grant types. For more information, see Configuring an OAuth 2.0 authentication profile.