Connect M365 Tenant

Register a customer Microsoft 365 organization whose mailboxes you want to send from. The QOP1 app must have admin consent on their tenant before connecting.

Step 1 — Admin consent (do this first)

Have the M365 tenant admin open this URL and click Accept:

https://login.microsoftonline.com/{THEIR-TENANT-ID}/adminconsent?client_id=8bc6bc65-577b-484f-96a2-f850d4772bbf

Replace {THEIR-TENANT-ID} with their Entra Directory ID (found in Azure Portal → Entra ID → Overview).

Step 2 — Exchange Online RBAC scoping (after consent)

In Exchange Online PowerShell on the customer tenant:

New-ServicePrincipal -AppId 8bc6bc65-577b-484f-96a2-f850d4772bbf -ObjectId <service-principal-object-id>
New-ManagementScope -Name "CEE-Senders" \
  -RecipientRestrictionFilter "MemberOfGroup -eq 'cee-senders@theirdomain.com'"
New-ManagementRoleAssignment -App "QOP Cold Email" \
  -Role "Application Mail.Send" -CustomResourceScope "CEE-Senders"

Service principal Object ID: find it in Entra ID → Enterprise Applications → search QOP Cold Email → Object ID

Friendly label shown in the UI.

Azure Portal → Entra ID → Overview → Directory (tenant) ID of the customer organization.

8bc6bc65-577b-484f-96a2-f850d4772bbf

QOP1 — auto-applied to all tenants. No action needed.

Root sending domain registered on this tenant.

Maximum sending mailboxes on this tenant (default 5).

After connecting:

Upload your certificate via the tenant detail page. Auth stays in INACTIVE state until a valid certificate is registered.