Create at least one user account with access to the appropriate service.
If the user account is managed by a corporate Microsoft Entra account, the administrator account has enabled the option “User can consent to apps accessing company data on their behalf” for this user (see the Microsoft Entra documentation).
Some Microsoft services require extra information for OAuth2. Refer to Service-specific settings for more guidance on those services.For self-hosted users, there are two main steps to configure OAuth2 from scratch:
In Supported account types, select Accounts in any organizational directory (Any Azure AD directory - Multi-tenant) and personal Microsoft accounts (for example, Skype, Xbox).
In Register an application:
Copy the OAuth Callback URL from your credential.
Paste it into the Redirect URI (optional) field.
Select Select a platform > Web.
Select Register to finish creating your application.
Copy the Application (client) ID and paste it as the Client ID.
Outlook OAuth2 supports the credential accessing a user’s primary email inbox or a shared inbox. By default, the credential will access a user’s primary email inbox. To change this behavior:
Turn on Use Shared Inbox.
Enter the target user’s UPN or ID as the User Principal Name.
SharePoint OAuth2 requires information about your SharePoint Subdomain.To complete the credential, enter the Subdomain part of your SharePoint URL. For example, if your SharePoint URL is https://tenant123.sharepoint.com, the subdomain is tenant123.
When attempting to add credentials for a Microsoft360 or Microsoft Entra account, users may see a message when following the procedure that this action requires admin approval.This message will appear when the account attempting to grant permissions for the credential is managed by a Microsoft Entra. In order to issue the credential, the administrator account needs to grant permission to the user (or “tenant”) for that application.The procedure for this is covered in the Microsoft Entra documentation.