SwarmMarshal connects to Outlook.com, Hotmail, Live, and Microsoft 365 mailboxes through Microsoft's official OAuth flow. Microsoft — like Google — restricts which apps can ship that capability to the public, so the cleanest path today is to create a small Azure app registration of your own and paste the client ID into SwarmMarshal. Plan on ten minutes; you only need to do it once per Microsoft account.
Microsoft gates mass distribution of mailbox access behind publisher verification and per-tenant review. SwarmMarshal is a local desktop app with no central server, so instead of going through that process we let you register a personal Azure app. Your OAuth tokens stay on your machine, Microsoft only ever sees your own registration requesting access to your own mailbox, and SwarmMarshal sits outside the exchange entirely.
Sign in at portal.azure.com with the Microsoft account you want to connect — a personal @outlook.com, @hotmail.com, or @live.com address works, and so does a Microsoft 365 work account. Azure is free for this use; you'll land on a dashboard once you sign in.
In the top search bar type App registrations and click the matching service. Alternatively open this direct link. Click + New registration at the top of the list.
Give it a name you'll recognize (SwarmMarshal Personal is fine). For
Supported account types choose
Accounts in any organizational directory and personal Microsoft accounts — this
is the option that works for both Outlook.com and Microsoft 365. Under
Redirect URI pick Public client/native (mobile & desktop)
from the dropdown and enter http://localhost. Click Register.
On the new app's page, open Authentication from the left menu. Scroll to Advanced settings, find Allow public client flows, and switch it to Yes. Click Save at the top. This tells Microsoft it's okay for SwarmMarshal to sign in without storing a client secret — the right setup for a desktop app.
Click Overview in the left menu. You'll see a field called Application (client) ID with a UUID next to it — copy that value. You do not need to create a client secret and you do not need to pre-configure API permissions; SwarmMarshal requests Mail, Calendar, and Contacts access at sign-in time and Microsoft handles consent then.
In SwarmMarshal open Settings → Accounts & Channels → Outlook. Paste the Client ID into the field and click Connect Outlook account. Your browser will open Microsoft's sign-in page; approve the permissions (Mail, Calendar, Contacts, and offline_access so SwarmMarshal can refresh tokens in the background) and you'll be returned to SwarmMarshal with the account linked.
"AADSTS7000218: The request body must contain the following parameter: client_secret". Allow public client flows is still off. Go back to Step 4, flip it to Yes, and click Save.
"AADSTS50011: The reply URL specified in the request does not match".
The redirect URI isn't registered correctly. Re-open the app's Authentication
page and make sure http://localhost appears under Mobile and desktop
applications (not Web). Add it there and save.
Work or school account says the admin must approve. Microsoft 365 tenants can block personal app registrations. Ask your IT admin to grant consent for the app, or register it inside the tenant instead of on a personal account.
Sign-in says IMAP is disabled. Microsoft 365 disables IMAP for some mailbox policies. An admin has to enable IMAP access on the mailbox; the personal Outlook.com service has it on by default.
The Application (client) ID identifies your Azure registration to Microsoft. On its own it can't read any mailbox — it only becomes useful after you sign in and consent to specific scopes. SwarmMarshal encrypts the ID and the refresh token Microsoft issues at rest.
You can revoke access at any time at account.live.com/consent/Manage for personal accounts, or myaccount.microsoft.com for work accounts. Deleting the Azure app registration cuts off every session immediately; clearing the credentials inside SwarmMarshal clears every token stored on this machine.