Logic app Office 365 'Send Approval Email' step not working

Hi @curious7 ,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Thank you for reaching out to Microsoft Q&A.

The issue occurs because the Logic App approval email relies on the Office 365 Outlook connector, which sends emails on behalf of a specific mailbox. In rebuilt or newly created environments, approval emails can fail even though the connector authenticates successfully. Common causes include the mailbox not being fully provisioned, the use of the default @onmicrosoft.com domain (which has poor sender reputation and is often flagged by spam filters), or Conditional Access/MFA policies interrupting delegated authentication. As a result, the “Send approval email” or “Start and wait for an approval” action may run without errors but the email is never delivered. This behavior is frequently observed after infrastructure rebuilds, tenant changes, or when using test mailboxes or domains.

Refer below points to resolve this issue or as a workaround:

Use a custom verified domain instead of @onmicrosoft.com

• Do not use @tenant.onmicrosoft.com as the sender address.
• Configure and use a custom domain (for example, ******@contoso.com).
• Ensure SPF, DKIM, and DMARC are properly configured for the domain to avoid spam filtering.

Use a dedicated service mailbox for approvals

• Create a dedicated mailbox such as ******@yourdomain.com.
• Assign an Exchange Online license (E1/E3/E5 or Exchange Online Plan 1 is sufficient).
• Avoid using personal user mailboxes for production approval workflows.

Ensure the mailbox is fully provisioned and initialized

• Sign in to Outlook Web (https://outlook.office.com) with the service mailbox at least once.
• Send and receive a test email to confirm the mailbox is active.
• Avoid recently deleted/recreated or soft-deleted mailboxes.

Review Conditional Access and MFA policies

• The Office 365 Outlook connector uses delegated user authentication.
• Exclude the service mailbox from MFA and restrictive Conditional Access policies where appropriate.
• Ensure policies do not block token refresh or background sign-ins used by Logic Apps.

Recreate the Office 365 Outlook connection after rebuilding infrastructure

• Delete the existing Outlook connector connection in the Logic App.
• Recreate the connection after the mailbox and domain are fully ready.
• Re-authenticate using the dedicated service mailbox.

Use Office 365 Outlook approvals for production (recommended)

• Use “Start and wait for an approval” or “Send approval email” actions for approval scenarios.
• These actions are natively supported, auditable, and designed for approval workflows.
• Avoid SendGrid for approvals; it is suitable only for notifications or bulk/system emails, not interactive approval flows.

Check the following areas that commonly cause Office 365 Outlook “Send approval email” actions in Logic Apps to fail:

1. Authorize the Office 365 Outlook connection
   The Logic App must have a valid, authorized Office 365 Outlook API connection.
   • In the Azure portal, open Logic Apps → select the logic app → API connections.
   • Locate the Office 365 Outlook connection (for example, <location>-office365).
   • Open it, select Edit API connection, then select Authorize, sign in with the mailbox account, and Save.
   • After authorizing, go back to the logic app Overview and use Run Trigger to test whether the email is now sent.
2. Confirm the mailbox is a valid Office 365 mailbox
   If the mailbox is on a dedicated Exchange server or is a non‑Office 365 mailbox, the connection can fail with errors such as “REST API isn't yet supported for this mailbox.”
   • Ensure the user account used to authorize the Office 365 connection has a valid Exchange Online mailbox in Microsoft 365, not an on‑premises or unsupported mailbox.
3. Check the run history and step error details
   • In the logic app Overview, open Runs history and select a failed run.
   • Inspect the Send approval email action to see the exact error message (for example, authorization failure, invalid recipient, throttling, etc.).
   • If the error indicates an authorization or connector issue, re‑authorize as in step 1.
4. Verify the recipient address in the action
   • Open the Logic App designer, select the Send approval email action, and confirm the To field contains a correct, fully qualified email address (for example, ******@contoso.com) and not a malformed or single‑label domain (such as user@contoso).
   • Correct any invalid recipient addresses and save the workflow.
5. Check Outlook/Power Automate email behavior if you’re testing with flows
   If testing similar behavior in Power Automate, note:
   • The Mail connector has strict limits; prefer the Office 365 Outlook connector to avoid hitting low API limits.
   • If emails appear “stuck,” verify that the connector isn’t throttled and that the endpoints/IPs required for Power Automate/Logic Apps are allowed by your network.
6. Tenant‑level requirements for approval emails
   For actionable approval emails to work directly in Outlook, the tenant must have actionable messages enabled. If disabled, the approval email might still send but won’t be actionable in‑client. Use this mainly as a check if the email arrives but isn’t actionable.

After applying the above, re‑run the logic app and re‑check Runs history to confirm the Send approval email action succeeds.

References:

• Tutorial: Create approval-based workflows using Azure Logic Apps
• Troubleshoot common issues with email in flows
• Create an example Standard logic app workflow using the Azure portal
• Email Azure Backup Reports
• Issues with flow approval emails in Outlook Desktop and Web