Graph API Email account types for D365 BC

 

Previous post in this series: Fixing Email for Guest Users in D365 Business Central

Back in April I wrote about a long-standing gap in Business Central: guest users can't send email from their own home tenancy address. BC's built-in connectors simply don't work for Entra B2B guests. I built an open source extension to fix that, and Phase 3 is now complete - with some significant changes since that first post.

If you haven't read the original post, the link above is worth a quick read for context. This post covers what's changed and where it's heading next.

What's Changed

The original proof of concept used an OAuth 2.0 Authorization Code + PKCE delegated flow - meaning each user had to go through a consent step to connect their account. It worked, but it wasn't ideal. The current app has rearchitected the approach significantly.

The extension now uses Client Credentials (app-only) authentication via AJ Kauffmann's RestClientOAuth library. No browser popup, no per-user consent, no token storage per user. An admin registers one or more Entra app registrations - one per home domain - and that's the entire setup. Every user then sends email automatically.

This is a fundamentally cleaner model for enterprise environments. There is nothing for end users to do.

What Phase 3 Delivers

• ✅ Token security hardened - SecretText, [NonDebuggable], encrypted IsolatedStorage
• ✅ Full multi-tenancy support - one App Registration per home domain, matched automatically at send time
• ✅ User mailbox and shared mailbox support via Graph API
• ✅ CC, BCC and attachment support

How It Works Now

The architecture is straightforward. A single email account called Current User (Microsoft Graph) is registered with BC's email framework and set as the default once by an admin.

At send time, the connector reads the current user's BC identity, decodes their home domain, and selects the matching App Registration. Internal users send as user@contoso.com; B2B guests send as user@their-domain.com. No routing flags, no per-user config, no ongoing admin work.

Multi-Tenancy in Practice

As more larger organisations adopt Business Central, we're increasingly seeing multi-tenant environments. Organisations with complex structures, subsidiaries, or shared service arrangements often have BC users from more than one Entra tenancy. This is where the guest email problem really bites - and where this extension adds the most value.

The setup for a multi-tenant environment is an admin-only, one-time task: create an App Registration in Azure for each home domain you need to support, enter the details in BC's App Registrations page, and you're done. The Domain Filter on each registration tells the connector which users it applies to. The connector does the rest automatically at send time.

Email Accounts page showing Current User (Microsoft Graph) set as default

App Registrations page - multiple tenancy support

Built with AI

As with the earlier phases, the code was written almost entirely by GitHub Copilot (Claude Sonnet), with me providing direction, testing, and debugging. The Lessons Learned file documents the journey in detail - including the diagnostics approach that eventually tracked down the SingleInstance/TryFunction issue.

AI-assisted development is genuinely fast for AL extension work, but it absolutely requires someone who understands the platform to review what's being generated. The subtle edge cases - like the collectible error behaviour described above - are not something an AI is likely to get right first time without being pointed at the right documentation.

Big thanks to Arend-Jan Kauffmann for the RestClientOAuth library that underpins the entire OAuth flow, and for his code review and feedback on the security implementation.

What's Next

• ✅ Submit to AppSource as a free app - the big next step
• ✅ System Application module adoption

Publishing to AppSource is the next challenge.

Try It / Contribute

The extension is open source (MIT licence) and available on GitHub:

github.com/andywingate/D365BC-graph-api-email

The QUICKSTART guide walks through the full setup: creating the Entra app registration, deploying the extension to BC, and configuring the App Registrations. If you're running BC in a multi-tenant environment and guest email is a problem, it's worth a look.

Feedback, issues, and pull requests are all welcome on GitHub.

Resources

• GitHub - D365BC-graph-api-email
• QUICKSTART setup guide
• AJ Kauffmann's RestClientOAuth library
• Microsoft Learn - Set up email in Business Central
• Microsoft Graph - sendMail API reference
• Previous post - Fixing Email for Guest Users in D365 BC

Connect or follow me on LinkedIn to get all my updates - Andrew Wingate | LinkedIn