📧 Email Configuration

"Send notifications, reminders, and invites through your own email infrastructure."
Connect Brainframe to your email provider to deliver communications directly from your organisation's infrastructure.

Brainframe GRC supports sending emails through your own servers via the "Send emails using my own servers" option in Workspace Settings → Email. This allows you to:

• Send daily reminders and notifications through your own infrastructure.
• Deliver distribution invites and alerts from a recognised sender domain.
• Maintain full control over email delivery and audit trails.

When enabled, you can choose between two delivery methods:

• SMTP — connect via a standard mail server (default).
• Microsoft Graph API — send through Microsoft 365 using Azure App Registration.

1️⃣ SMTP

SMTP is the default delivery method and works with any standard mail server, including Office 365, Google Workspace, or a self-hosted solution.

Configuration Fields

Testing

Once configured, use Save & Test Email to validate your settings. Brainframe will attempt to send a test message to your account email and return a clear success or failure response.

2️⃣ Microsoft Graph API

The Microsoft Graph API option lets you send email through Microsoft 365 without exposing SMTP credentials. Authentication is handled via an Azure App Registration using OAuth 2.0 application permissions.

Prerequisites

Before configuring this option in Brainframe, you need to set up an Azure App Registration in your Microsoft Entra ID (formerly Azure Active Directory) tenant.

Step 1 — Create an App Registration

1. Go to the Azure Portal and navigate to Microsoft Entra ID → App registrations.
2. Click New registration.
3. Give the application a name (e.g. Brainframe GRC Mail).
4. Leave the Redirect URI blank unless your setup requires it.
5. Click Register.

Step 2 — Add API Permissions

1. In your new app registration, go to API permissions → Add a permission.
2. Select Microsoft Graph → Application permissions.
3. Search for and add Mail.Send.
4. Click Grant admin consent for your organisation — this step is required and must be performed by a Microsoft 365 admin.

⚠️ Application permissions (not delegated permissions) are required. Delegated permissions require an interactive user sign-in and are not supported for background email sending.

Step 3 — Create a Client Secret

1. Go to Certificates & secrets → New client secret.
2. Set a description and an expiry period appropriate for your organisation's policy.
3. Copy the secret Value immediately — it will not be shown again.

Step 4 — Note Your Credentials

You will need the following values from the app registration Overview page:

• Directory (tenant) ID
• Application (client) ID
• The Client Secret you just created

Configuration Fields in Brainframe

Once your Azure App Registration is ready, enter the following in Workspace Settings → Email → Microsoft Graph API:

Credentials are encrypted at rest using the same secure credential storage used by other Brainframe integrations. Secret values are never returned in API responses or exposed in logs after saving.

Authentication Status

After saving, Brainframe will display an authentication status indicator confirming whether the credentials are valid and the connection to Microsoft Graph is successful.

Testing

Use Save & Test Email to validate your Microsoft Graph configuration. Brainframe will attempt to authenticate and send a test message to your account email, returning meaningful success or failure feedback.

3️⃣ Switching Between Providers

You can switch between SMTP and Microsoft Graph API at any time from Workspace Settings → Email. Brainframe will:

• Clearly indicate which provider is currently active.
• Preserve your previously saved configuration for each provider when switching.
• Apply the active provider to all outgoing emails — including daily reminders, notifications, and distribution invites.

Updated on: 16/06/2026