Microsoft Graph API
Email Delivery
電郵傳送

HRPro now supports Microsoft Graph API as a secure, modern alternative to traditional SMTP for sending system emails. This aligns HRPro with Microsoft’s recommended approach for email delivery in Microsoft 365. 

Microsoft has deprecated basic authentication for SMTP in Exchange Online, which blocks legacy email sending from applications like HRPro. The Graph API resolves this with modern OAuth 2.0, eliminating the need for password storage and enabling reliable delivery from shared mailboxes or service accounts. 

Additional benefits include higher deliverability rates, no SMTP relay limits, and native support for Microsoft 365 features like modern auth and anti-spam compliance. 

Why It Matters

• Security & Compliance: Uses modern OAuth 2.0 authentication, eliminating stored passwords and meeting Microsoft’s security standards.

• Reliability: Ensures higher deliverability rates and avoids legacy SMTP relay limits.

• Future‑proofing: Microsoft has retired older “basic authentication” methods. Graph API ensures HRPro remains compatible with Microsoft 365 going forward.

• Business Continuity: Critical HR/payroll notifications (e.g., pay slips, compliance notices, onboarding emails, approval notifications) are delivered securely and consistently.

What’s Required 

To enable Microsoft Graph email in HRPro, the following are required:

• A Microsoft 365 tenant with Exchange Online.

• At least one licensed mailbox  (e.g., a dedicated HRPro “noreply” account).

• A one‑time Azure app registration with Mail.Send permission.  (typically Global Administrator or Application Administrator).

• HRPro has been updated to the version that supports the “Graph” email method.

No on‑premises Exchange or hybrid configuration is required; all communication is via Microsoft 365 cloud services. 

Step 1 – Register an Azure App and get IDs/secrets  

A one‑time Azure App Registration is needed to let HRPro call Microsoft Graph.

1. Sign in to Azure Portal (https://portal.azure.com) with an admin account.

2. Go to Microsoft Entra ID (Azure AD) → App registrations → New registration.

• Name: e.g., HRPro Graph Email.

• Supported account types: Accounts in this organizational directory only.

• Click Register.

3. On the app Overview page, copy:

• Application (client) ID → this will be Client ID in HRPro.

• Directory (tenant) ID → this will be Tenant ID in HRPro.

4. In the left menu, go to Certificates & secrets → New client secret.

• Add a description (e.g., “HRPro email”).

• Choose an expiry period (e.g., 1 or 2 years).

• Click Add, then copy the Value immediately → this will be Client Secret in HRPro.

5. In the left menu, go to API permissions → Add a permission.

• Select Microsoft Graph → Application permissions.

• Search and add Mail.Send.

• Click Grant admin consent for <YourTenant> and confirm.

The User Email Address (Graph User Address) used by HRPro is simply the SMTP address of the mailbox you want HRPro to send from, such as hrpro@yourdomain.com or a shared mailbox like noreply@yourdomain.com.

Step 2 – Choose the sending mailbox 

Decide which mailbox HRPro should use:

• Dedicated service/shared mailbox (recommended): e.g., hrpro-noreply@yourdomain.com.

• Real user mailbox: e.g., HR department account.

The mailbox must:

• Exist in Exchange Online.

• Have a valid primary or proxy SMTP address matching your chosen “User Address".

• Be mail‑enabled and licensed according to your Microsoft 365 subscription.

Step 3 – Configure Microsoft Graph in HRPro 

In HRPro, go to the Email Server tab in Company Setup:

1. Set Email Delivery Method to Microsoft Graph API.

2. Enter:

• Client ID: paste the Application (client) ID from Azure.

• Tenant ID: paste the Directory (tenant) ID from Azure.

• Client Secret: paste the client secret value created under Certificates & secrets.

• User Address: the chosen mailbox email address (for example, hrpro@yourdomain.com).

3. Save the settings.

4. Use the “Test email” function  to send a test message and confirm that:

• The email is delivered successfully.

• The From address is the expected mailbox.

If the test fails with a permission error, re‑check Mail.Send permission and admin consent in Azure, and verify that the Graph User Address matches an actual mailbox in your tenant.

Summary

For most HRPro customers, the required steps are:

• Register an Azure App, grant Mail.Send (Application), and generate a Client Secret.

• Choose a sending mailbox and note its email address.

• Enter Client ID, Tenant ID, Client Secret, and User Address into HRPro’s Graph email settings and switch Email Delivery Method to Microsoft Graph API.

Once configured, HRPro will send emails via Microsoft Graph using modern OAuth 2.0, aligning your HRPro notifications with Microsoft’s recommended, secure email integration model.

HRPro 現已支援 Microsoft Graph API，作為取代傳統 SMTP 的安全及現代化郵件傳送方式。此功能讓 HRPro 與 Microsoft 在 Microsoft 365 上推薦的郵件傳送標準保持一致。

由於 Microsoft 已在 Exchange Online 中停用 SMTP 基本驗證（Basic Authentication），傳統應用程式（如 HRPro）將無法再使用舊式帳號密碼方式發送電郵。Graph API 採用現代化的 OAuth 2.0 驗證，無需儲存密碼，並可從共用信箱或服務帳戶可靠發送郵件。

除此之外，Graph API 亦提供更高的郵件送達率、無 SMTP relay 限制，以及對 Microsoft 365 現代驗證及防垃圾郵件策略的原生支援。

為何重要

• 安全及合規性：採用現代化 OAuth 2.0 驗證機制，消除密碼儲存風險，符合 Microsoft 安全標準。  

• 可靠性： 提高郵件送達率，避免傳統 SMTP relay 限制問題。  

• 前瞻性： Microsoft 已淘汰舊式基本驗證，Graph API 確保 HRPro 能持續兼容 Microsoft 365。  

• 業務持續性： 重要的 HR／薪酬通知（如薪金單、合規通告、入職郵件、審批通知）可安全及穩定傳送。

系統需求

啟用 HRPro 的 Microsoft Graph 電郵功能需具備以下條件：

• 已訂閱 Exchange Online 的 Microsoft 365 租戶。

• 至少有一個具授權的郵箱（如專用 HRPro「noreply」帳號）。

•  一次性 Azure 應用程式註冊（App Registration），並授予 Mail.Send 權限（通常由全域系統管理員或應用程式管理員執行）。

• HRPro 已更新至支援「Graph」郵件傳送模式的版本。

- 不需本地 Exchange 或混合架構設定，所有通訊均透過 Microsoft 365 雲端服務進行。

步驟一：註冊 Azure 應用程式並取得 ID／密鑰

要讓 HRPro 呼叫 Microsoft Graph，需先進行一次性 Azure 應用程式註冊。

1. 以系統管理員登入 [Azure Portal](https://portal.azure.com)。  

2. 前往 Microsoft Entra ID (Azure AD) → App registrations → New registration。  

3. 名稱：例如「HRPro Graph Email」。  

4. 支援的帳戶類型：只限本組織目錄帳戶。  

5. 按 Register 註冊。  

6. 在應用程式概覽頁面中複製：

•    Application (client) ID → 將用作 HRPro 的 Client ID。  

•    Directory (tenant) ID → 將用作 HRPro 的 Tenant ID。  

7. 左側選單點選 Certificates & secrets → New client secret。  

•   輸入描述（如「HRPro email」）。  

•   選擇到期時間（如 1 或 2 年）。  

•   按 Add 後即時複製 Value → 將用作 HRPro 的 Client Secret。  

8. 左側選單點選 API permissions → Add a permission。  

•    選擇 Microsoft Graph → Application permissions。  

•    搜尋並新增 Mail.Send。  

•    按 Grant admin consent for <YourTenant> 並確認。

Graph 使用者電郵地址（Graph User Address）即為發送信件的郵箱 SMTP 地址，例如  

[hrpro@yourdomain.com](mailto:hrpro@yourdomain.com) 或共用信箱 [noreply@yourdomain.com](mailto:noreply@yourdomain.com)。

步驟二：選擇發送郵箱

決定 HRPro 使用的郵箱類型：

• 建議方式： 專用服務或共用郵箱（例如 [hrpro‑noreply@yourdomain.com](mailto:hrpro‑noreply@yourdomain.com)）。  

• 替代方案： 實際用戶郵箱（如 HR 部門帳戶）。

郵箱條件如下：

• 必須存在於 Exchange Online。  

• 具有效的主要或代理 SMTP 地址，與設定的「User Address」一致。  

• 須根據 Microsoft 365 訂閱授權啟用郵件功能。

步驟三：於 HRPro 設定 Microsoft Graph

於 HRPro 內進入「公司設定」中的 Email Server 分頁：

1. 將 Email Delivery Method 設為 Microsoft Graph API。  

2. 輸入以下欄位：

•   Client ID： 貼上從 Azure 取得的 Application (client) ID。  

•   Tenant ID： 貼上從 Azure 取得的 Directory (tenant) ID。  

•   Client Secret： 貼上於 Certificates & secrets 建立的密鑰值。  

•   User Address： 指定的郵箱地址（例如 hrpro@yourdomain.com）。  

3. 儲存設定。  

4. 使用「測試郵件（Test email）」功能以驗證設定：

•   郵件能成功發送。  

•   發件者地址正確為預期信箱。

如測試失敗並出現權限錯誤，請檢查 Azure 中的 Mail.Send 權限及管理員同意設定，並確認 Graph 使用者郵址確實為租戶內的有效郵箱。

總結

對大多數 HRPro 客戶而言，步驟如下：

1. 註冊 Azure App，授予 Mail.Send（Application）權限並建立 Client Secret。  

2. 選擇發送郵箱並記錄其郵址。  

3. 於 HRPro 內輸入 Client ID、Tenant ID、Client Secret、User Address，並將郵件傳送方式改為 Microsoft Graph API。

設定完成後，HRPro 將透過 Microsoft Graph 以現代 OAuth 2.0 驗證發送郵件，讓系統通知與 Microsoft 所推薦的安全郵件整合模式保持一致。