Initial Configuration

Before you begin

You need an Azure account with an active subscription. You can create a free one at (you will NOT be charged for the email authentication we are going to set up). The Azure account must be owned by the same organisation which owns your Microsoft 365 email. You cannot use Akeeba Ticket System with a free / email address. It’s not that we don’t want you to, it’s that Microsoft does not allow it starting October 1st, 2022.

The Azure account must have permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions: Application administrator, Application developer, or Cloud application administrator.


The default user account created with a new Azure subscription has the necessary permission

You will need to make sure you have an Azure AD tenant.

  1. Sign into the Azure Portal at (Make sure you are logged in with the correct account for your business / school, not your personal Microsoft account).

  2. Check the upper-right corner. If you have a tenant, you'll automatically be signed in. Hover over your account name to see your name, email address, directory or tenant ID (a GUID), and domain. It takes a second or so to display the popup.

  3. If you do not see a Directory and Domain item in the popup you will need to follow the tutorial in to create an Azure AD tenant.

You will need to create an ‘application’. This is just a way for Microsoft to identify the access requests coming from Akeeba Ticket System installed on your site.

Creating an application

Sign into the Azure Portal at Make sure you are logged in with the correct account for your business / school, not your personal Microsoft account.

If you have access to multiple tenants, use the Directories and Subscriptions filter in the top menu (looks like a funnel in front of a binder notepad) to switch to the tenant in which you want to register the application.

Use the search bar at the top to search for and select Azure Active Directory.

Under Manage, select App registrations, New registration.

In the Name box enter Akeeba Ticket System on My Site’s Name.

In the multiple selection below choose Accounts in this organisational directory only (Your Organisation Name - Single Tenant). Note that any other option requires a manual vetting process which is why we (Akeeba Ltd) cannot provide an application ourselves, also the reason we cannot let you use personal Hotmail/Outlook email addresses.

Don't enter anything for Redirect URI (optional). You'll configure a redirect URI shortly.

Click on the Register button at the bottom of the page.

You will now see the Application (client) ID. Note it down. You will need it to set up Akeeba Ticket System.

Add a redirect URI

On the sidebar menu, under Manage, select Authentication.

Under Platform configurations, select Add a platform.

In the new sidebar click on Web.

In the Redirect URIs text box enter your site URL plus /administrator/index.php?option=com_ats&view=authenticate&task=callback&service=microsoft&tmpl=component. For example, if your site is you would need to enter

Under Select the tokens you would like to be issued by the authorization endpoint: choose Access tokens (used for implicit flows).

Click on the Configure button at the bottom of the page.

Add a client secret

On the sidebar menu, under Manage, select Certificates & Secrets, Client secrets, New client secret.

In the Description enter Akeeba Ticket System.

In the Expires dropdown select 24 months.


You will have to create a new secret (and update your ATS configuration) before that period of time expires.

Click on the Add button at the bottom of the page.

When the secret is created you will see a Value and a Secret ID. Copy the Value.


Note the secret's Value own now. You will not see the Value again once you leave this page. If that happens to you, create a new client secret.

Configure Akeeba Ticket System

Sign into the Azure Portal at Make sure you are logged in with the correct account for your business / school, not your personal Microsoft account)

Use the search bar at the top to search for and select Tenant Properties.

Copy the Tenant ID.

Go to your site’s administrator backend, System, Manage, Plugins and edit the Akeeba Ticket System – Fetch Email plugin.

In the Mail server type field select Microsoft Exchange / Microsoft 365 / Office 365.

Paste the Tenant ID you copied above into the Tenant ID text box.

Put the Secret ID and Value in the next two fields. Remember: you noted down those values while following the “Add a client secret” instructions further above.

Click on the Save button

Click on the Authorise Microsoft Exchange button.

A new popup window opens. If it doesn’t open, check your browser settings and your browser extensions; it’s possible they block the popup.

Log in to your organisation’s Microsoft account.

In the consent page select the Consent on behalf of your organisation box and click on the Accept button.


If you see an error similar to ‘The redirect URI ‘SOME LONG URL HERE' specified in the request does not match the redirect URIs configured for the application ‘LONG STRING ON NUMBERS AND LETTERS'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to to learn more about how to fix this.’ it means that you typed the redirect URL wrong following the “Add a redirect URI” section above. Please repeat that step and be careful as to what you are typing.