How to Send Emails from Shopify Flow Using Microsoft 365

Decide which mailbox FlowRelay will authenticate as. This can be a normal user mailbox, but a dedicated mailbox (something like [email protected]) is the cleaner choice: it keeps automated mail separate from a person’s inbox, and you can manage its password and permissions without disrupting anyone.

Whatever you pick, it has to be a licensed mailbox with Exchange Online. In the Microsoft 365 admin center under Users → Active users, the mailbox needs a license assigned; if there’s no Mail tab on the user, there’s no mailbox to send from yet.

Note the full email address now, you’ll use it as both the SMTP username and, by default, the From address on your emails.

Microsoft 365 disables SMTP sending (it calls this Authenticated SMTP) for most mailboxes by default, so you have to turn it on for the one you chose.

In the Microsoft 365 admin center, go to Users → Active users, select the mailbox, open the Mail tab, and click Manage email apps. Find Authenticated SMTP, check it, and save. (Admins who prefer PowerShell can run Set-CASMailbox -Identity [email protected] -SmtpClientAuthenticationDisabled $false instead.)

Two tenant-wide settings can override this and block SMTP even after you’ve enabled it on the mailbox:

• Security Defaults. If your tenant has Security Defaults turned on, it blocks basic-auth SMTP across the whole tenant, no matter what the mailbox setting says. Sending through Microsoft 365 over SMTP generally requires Security Defaults to be off (or the sending account excluded via a Conditional Access policy). This is an admin-level decision, so loop in whoever owns your tenant security if you’re not sure.
• The organization-wide SMTP setting. An admin can confirm it with Get-TransportConfig | Format-List SmtpClientAuthenticationDisabled. If that comes back True, SMTP is disabled tenant-wide and the per-mailbox checkbox won’t help until it’s changed.

What you use as the SMTP password depends on whether the mailbox has multi-factor authentication (MFA).

No MFA on this mailbox: use the mailbox’s normal password as the SMTP password. This is the simplest setup and is a common reason to use a dedicated sending mailbox.

MFA enabled on this mailbox: the regular password won’t work for SMTP, because SMTP can’t answer an MFA prompt. You need to generate an App Password and use that instead. App passwords are available when the account uses per-user MFA (or Security Defaults); sign in as that user, go to Security info at mysignins.microsoft.com/security-info, choose Add method → App password, name it (e.g. “FlowRelay SMTP”), and copy the generated password. It’s shown only once. Note that some tenants that enforce MFA purely through Conditional Access don’t offer app passwords at all; in that case the practical path is a dedicated sending mailbox without interactive MFA.

Keep this password handy for the connect step.

Microsoft 365’s SMTP settings are the same for every tenant:

• Host: smtp.office365.com
• Port: 587 (STARTTLS)
• Username: the full email address of the mailbox from step one
• Password: the mailbox password, or the app password from the previous step

Use port 587. Microsoft 365 doesn’t accept SMTP submission on port 465 at this host, and port 25 is for server-to-server mail and is widely blocked, so 587 with STARTTLS is the only client-submission option. The connection also requires TLS 1.2 or higher, which FlowRelay uses by default.

Install FlowRelay from the Shopify App Store and accept the requested permissions.

On first launch, FlowRelay shows a short setup checklist: set your sender name and email, connect a provider, and send a test email. The next step covers connecting Microsoft 365 over SMTP.

In FlowRelay, open Settings, find Email delivery, and click Manage providers to open the Connect email provider dialog.

Pick SMTP from the provider list and fill in the Microsoft 365 details: host smtp.office365.com, port 587, your mailbox address as the username, and the mailbox or app password. FlowRelay tests the connection before saving it, so a wrong password or a mailbox that still has SMTP disabled shows up immediately rather than after your first real send.

By default Microsoft 365 sends mail as the mailbox you authenticated with. If you want emails to go out under a different name or address, open Override sender and fill those in, but be aware Microsoft 365 will reject a From address the mailbox isn’t allowed to use (see the common issues below).

Click Connect. Whichever provider you connect first becomes your Primary, and FlowRelay routes all outbound mail through it. You can connect a second provider later as an automatic Fallback, which is worth doing here since a single Microsoft 365 mailbox has daily sending limits you could hit at volume.

Open Shopify Flow, create a new workflow, and pick a trigger (Order created is a common one to start with). Add the Send transactional email action; it shows up in the action list once FlowRelay is installed.

You’ll need to fill in a few fields on the action: an email address for the recipient (this can pull straight from the trigger, like the customer’s email), a subject line, and the body, which is the actual HTML content of the email. There’s also an optional preview text field for the snippet shown in inbox previews. For the body, you can write plain HTML or use Liquid to pull in order details, customer names, and other data from the workflow.

Save the workflow and turn it on.

Before you trust a live trigger, use the Send test email button in FlowRelay’s settings. It confirms your Microsoft 365 connection is wired up correctly and shows you where the message lands.

Once that test email arrives, run your Flow workflow under real conditions, like placing a test order, and check FlowRelay’s delivery log to confirm the email went out and see its delivery status.