I have a fairly complex Flow that uses modern approvals which fails when attempting to send confirmation emails with error "You are not authorized to send mail on behalf of the specified sending account. clientRequestId: cbb9644e-1cba-42d3-9e8a-e7e38bd7f3d2"
The strange thing here is that I have added the Approver Email in the From (Send as) field
so I'm perplexed as to why this would be causing the Flow to fail, can't this revert to the default Flow Account as below:
The issue here should be related with the Mail Account permission used for the Send Email Action.
Generally we would take use of Office 365 Outlook Connections and then work with the corresponding MailBox, which mostly is our own.
And if you want to switch the From field, it would need to configure settings under the Mail Account for Delegate Access.
It would need to give the Flow building Account permission of the corresponding mailBox to send Email On behalf of the MailBox owner.
Also there is an idea submitted on this:
And a thread talking about the same issue:
Check the response from staff kartikraop for the proper workaround:
The Outlook connector will be able to send emails only using those email accounts that your credentials have access to. You cannot use the connector to send a mail on behalf of some other user - for obvious security reasons. This behavior and so the error you get are by design.
If you don't want to use your own account for sending the "notification e-mails", you could consider using a service account to send out the emails.
Unfortunately the workaround won't work for me because the approvers are mainly directors so I would prefere the email to come from them or a generic account.
I'[ll work something out in the meantime and avoid using the From field from now on
Hi @JanSomers91, yes I've worked around this issue by creating a donotreply@-----.com mailbox in exchange and making the connection email address the owner of that mailbox, now all emails in the flow are sent using that address instead of the connection address.
You have the ability to keep the account performing the connection to Outlook the same. This may be desired if you do not have extra Office 365 licenses lying around.
From there, you can keep the "Send As" address that you would like (i.e. a Distribution List), and then just grant permission to the workflow account (delegating) to allow it to send emails.