This feature is available to customers on subscription plans.
Introduction
This article provides information on connecting to, and troubleshooting the Microsoft Outlook integration via user-based authentication. Please note, for most customers we recommend connecting via app-based authentication for a better experience.
For information on using the feature once you are connected, go here.
Prerequisites
Please ensure the following before enabling the MS365 integration in Logikcull:
E3 or E5 version of MS365 is required.
A Microsoft365 Admin for your organization must Approve the Logikcull App in the Microsoft365 environment..
An Exchange Admin needs to grant
Mailbox Delegation - Full Accesspermissions to each mailbox intended for collection.
Setting up the integration
Click on the Profile icon from the left panel > Integrations > Connect Microsoft 365:
2. Click Accept on this screen.
For admins only: Decide whether you want to check "consent on behalf of your organization". You will only see this checkbox if you are an Admin.
Clicking this checkbox will mean that other users who login will NOT see this permissions screen and will NOT have to reach out to Admins in order to connect to the integration. However, they will still only be able to upload mail data from their own mailbox, and will need any other mailboxes specifically delegated to them.
FAQs
What version of MS365 will this integration work with?
This integration works with both E3 and E5.
What data is available for collection through this integration?
Outlook e-mail data from primary mailboxes and in shared mailboxes are available for collection, including draft messages and attachments.
What data is not available for collection through the integration?
Notes and Tasks are not currently collected in this integration.
Archived emails are not supported/accessible through the Graph API and are not available for collection through the integration. Read more here from Microsoft.
How does a user authenticate with MS365?
Logikcull uses the Microsoft Graph API (Application Programming Interface) to access data in a customer’s Microsoft 365 environment.
Logikcull users creating a new upload from Microsoft 365 must log in with Microsoft 365 (Azure AD) credentials.
If the credentials are valid, Logikcull then asks for consent to access the Microsoft 365 data.
At this time, we request consent for read-only access to the user’s Microsoft 365 profile information, user directory, and email data.
What permission does a user need to have to access the integration?
Logikcull app permissions - A Microsoft365 Admin needs to approve the Logikcull app (grant consent) within Microsoft365 to allow Logikcull to connect to the Microsoft365 environment.
Mailbox permissions - The Exchange Admin needs to grant the Logikcull upload user “Mailbox Delegation - Full Access” permissions for each mailbox from which you need to run collections. This allows a delegate to open this mailbox and behave as the mailbox owner.
How does Logikcull handle multiple email aliases assigned to a single mailbox?
A Microsoft365 Admin will need to grant the primary email address for the mailbox with the proper permissions.
Under Select User in the Cloud Upload form, the users populated in the drop-down list will only display the user's primary name and email address as listed in the tenant directory. Any email alias(es) will not be listed in in this drop-down.
ℹ️ Mailbox permissions are per mailbox and not part of a role within Microsoft365.
Troubleshooting
You do not have Microsoft Exchange Admin Permissions
If you see this screen when you attempt to login:
This means that the account you are using is not a Microsoft 365 Admin. You will need to reach out to your Exchange Admin to either give you the correct permissions on the Microsoft side or you will need to have an Exchange Admin log in with their email address to set up the integration.
You are attempting to upload but see that you have 0 emails for the email and date range you selected
Please check to confirm that the mailbox you have selected has emails in the date range you have set.
If you have confirmed there are emails to pull for that mailbox in the specified date range, you likely need to delegate full permissions to the mailbox you are attempting to pull from.
Delegating full access to mailboxes
Steps:
1. You as an Exchange Admin, will need to log into the Exchange admin center on the Microsoft side and click on Mail flow and select the user you'd like to collect from:
2. Click the Delegation tab and select to Edit “Read and manage (Full Access)” permissions:
Select the user who is performing the collection (you) to grant full access to the desired mailbox:
3. Confirm delegations when prompted. It can take up to 24 hours on the Exchange side for the changes to process, so you may still see 0 emails until you try the upload the next day.
ℹ️ The steps above will need to be performed for each mailbox you need to upload
💡Tips
You can grant full delegation to all the mailboxes you believe you will need to import from when you set up the integration in order to avoid having to delegate on an upload to upload basis.
You can add an Exchange Admin as an Upload Only User and they can set up the integration and create Microsoft 356 uploads.
Permission Details
The Logikcull app requests consent for the following permissions:
openid
profile
email
offline_access
user.read
user.read.all
mail.read
mail.read.shared
Permission | Display String | Description | Admin Consent Required | Microsoft Account supported |
Baseline Permissions to connect; manage tokens |
|
|
|
|
View users' email address | Allows the app to read the users' primary email address. | No | No | |
offline_access | Access user's data anytime | Allows the app to read and update user data, even when they are not currently using the app. | No | No |
openid | Sign users in | Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information. | No | No |
profile | View users' basic profile | Allows the app to see users' basic profile (name, picture, user name). | No | No |
Permissions to list users/custodians |
|
|
|
|
User.Read | Sign-in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. Also allows the app to read basic company information of signed-in users. | No | Yes |
User.Read.All | Read all users' full profiles | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. | Yes | No |
|
|
|
|
|
Permissions to work with Email data |
|
|
|
|
Mail.Read | Read user mail | Allows the app to read emails in user mailboxes. | No | Yes |
Mail.Read.Shared | Read user and shared mail | Allows the app to read mail that the user can access, including the user's own and shared mail. | No | No |
Full reference for graph API permissions: https://docs.microsoft.com/en-us/graph/permissions-reference