All Collections
Integrations
Microsoft Office 365 Integration
Microsoft Office 365 Integration
Kick off cloud-to-cloud uploads directly from MS365 / O365
Susha Goettsch avatar
Written by Susha Goettsch
Updated over a week ago

This feature is available to customers on subscription plans.

Introduction

Through a simple integration with your organization's Microsoft 365 instance, Logikcull streamlines the data upload process so that you can collect and upload Outlook E-mail data (including Draft messages and Attachments) directly from the source.

Prerequisites

Please ensure the following before enabling the MS365 integration in Logikcull:

  1. E3 or E5 version of MS365 is required.

  2. A Microsoft365 Admin for your organization must Approve the Logikcull App in the Microsoft365 environment..

  3. An Exchange Admin needs to grant Mailbox Delegation - Full Access permissions to each mailbox intended for collection.

Setting up the integration

Click on your profile picture > integrations > connect Microsoft 365:

Accept on this screen but do NOT check "consent on behalf of your organization":

Using the Integration

Once you've connected the Microsoft 365 integration on your user profile, click on Create a new > Cloud upload > Import from Microsoft 365:

Pick your mailbox, date range, and custodian and then start your upload:

The upload will then appear in your upload tab and begin transferring/processing:

Video Walkthrough

FAQs

What version of MS365 will this integration work with?

This integration works with both E3 and E5.

What data is collected through this integration?

  • Email data is collected, including draft messages and attachments.

  • Notes and Tasks are not currently collected in this integration.

How does a user authenticate with MS365?

  • Logikcull uses the Microsoft Graph API (Application Programming Interface) to access data in a customer’s Microsoft 365 environment.

  • Logikcull users creating a new upload from Microsoft 365 must log in with Microsoft 365 (Azure AD) credentials.

  • If the credentials are valid, Logikcull then asks for consent to access the Microsoft 365 data.

  • At this time, we request consent for read-only access to the user’s Microsoft 365 profile information, user directory, and email data.

What permission does a user need to have to access the integration?

  • Logikcull app permissions - A Microsoft365 Admin needs to approve the Logikcull app (grant consent) within Microsoft365 to allow Logikcull to connect to the Microsoft365 environment.

  • Mailbox permissions - The Exchange Admin needs to grant the Logikcull upload user “Mailbox Delegation - Full Access” permissions for each mailbox from which you need to run collections. This allows a delegate to open this mailbox and behave as the mailbox owner.

How does Logikcull handle multiple email aliases assigned to a single mailbox?

  • A Microsoft365 Admin will need to grant the primary email address for the mailbox with the proper permissions.

  • Under Select User in the Cloud Upload form, the users populated in the drop-down list will only display the user's primary name and email address as listed in the tenant directory. Any email alias(es) will not be listed in in this drop-down.

ℹ️ Mailbox permissions are per mailbox and not part of a role within Microsoft365.

Troubleshooting

You do not have Microsoft Exchange Admin Permissions

If you see this screen when you attempt to login:

This means that the account you are using is not a Microsoft 365 Admin. You will need to reach out to your Exchange Admin to either give you the correct permissions on the Microsoft side or you will need to have an Exchange Admin log in with their email address to set up the integration.

You are attempting to upload but see that you have 0 emails for the email and date range you selected

Please check to confirm that the mailbox you have selected has emails in the date range you have set.

If you have confirmed there are emails to pull for that mailbox in the specified date range, you likely need to delegate full permissions to the mailbox you are attempting to pull from.

Delegating full access to mailboxes

Steps:
1. You as an Exchange Admin, will need to log into the Exchange admin center on the Microsoft side and click on Mail flow and select the user you'd like to collect from:

2. Click the Delegation tab and select to Edit “Read and manage (Full Access)” permissions:

Select the user who is performing the collection (you) to grant full access to the desired mailbox:

3. Confirm delegations when prompted. It can take up to 24 hours on the Exchange side for the changes to process, so you may still see 0 emails until you try the upload the next day.

ℹ️ The steps above will need to be performed for each mailbox you need to upload

💡Tips

  • You can grant full delegation to all the mailboxes you believe you will need to import from when you set up the integration in order to avoid having to delegate on an upload to upload basis.

  • You can add an Exchange Admin as an Upload Only User and they can set up the integration and create Microsoft 356 uploads.


Permission Details

The Logikcull app requests consent for the following permissions:

openid

profile

email

offline_access

user.read

user.read.all

mail.read

mail.read.shared

Permission

Display String

Description

Admin Consent Required

Microsoft Account supported

Baseline Permissions to connect; manage tokens









email

View users' email address

Allows the app to read the users' primary email address.

No

No

offline_access

Access user's data anytime

Allows the app to read and update user data, even when they are not currently using the app.

No

No

openid

Sign users in

Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information.

No

No

profile

View users' basic profile

Allows the app to see users' basic profile (name, picture, user name).

No

No











Permissions to list users/custodians









User.Read

Sign-in and read user profile

Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. Also allows the app to read basic company information of signed-in users.

No

Yes

User.Read.All

Read all users' full profiles

Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.

Yes

No











Permissions to work with Email data









Mail.Read

Read user mail

Allows the app to read emails in user mailboxes.

No

Yes

Mail.Read.Shared

Read user and shared mail

Allows the app to read mail that the user can access, including the user's own and shared mail.

No

No

Full reference for graph API permissions: https://docs.microsoft.com/en-us/graph/permissions-reference

Did this answer your question?