Microsoft 365 Outlook

This article describes how to set up a Microsoft 365 Outlook integration for the Email Listener. To learn more about the Email Listener, see Email Listener.

• Sign in to the Azure portal.

• Search for and select Azure Active Directory.

• Under Manage in the left-hand panel, go to App registrations > New registration.

• Enter a Name for your application.

• Under Supported account types, select Accounts in this organizational directory only.

• Do not enter anything in Redirect URI (optional).

• Click Register to complete the initial app registration.

Your registration page should look similar to the example below.

3. Find the Application (client) ID and Directory (tenant) ID.When registration finishes, the Azure portal displays the app registration's Overview pane. You can go to the Overview pane from the left-hand sidebar at any time. In the Overview pane, you can see the values for Application (client) ID and Directory (tenant) ID. Record both of these values, as you will need them when setting up the Email Listener. Your Overview pane should look similar to the example below:4. Add credentials.By adding credentials to the registered application, you allow the application to authenticate as itself, requiring no interaction from a user at runtime.To add credentials:

• In App registrations, click on the name of your application.

• Under Manage in the left-hand sidebar, go to Certificates & secrets > Client secrets > New client secret.

• Enter a description for your client secret.

• Select an expiration for the secret, or specify a custom lifetime.

• Client secret lifetime is limited to two years (24 months) or less. You cannot specify a custom lifetime longer than 24 months.

• Microsoft recommends that you set an expiration value of less than 12 months.

• Click Add.

IMPORTANT: Record the secret's value (as opposed to Secret ID), which you will enter when configuring the Email Listener block. This secret value will not be visible again after you leave the page.5. Add permissions.The Email Listener needs to read, fetch, move, and delete emails in an email account. Therefore, the registered application should have proper permissions in Azure Active Directory. To add the required permissions to your application, follow these steps:

• In App registrations, click on the name of your application.

• Under Manage in the left-hand sidebar, go to API permissions > Add a permission.

• In the opened window under the Microsoft APIs tab, click Microsoft Graph.

• In the next window, click Application permissions.

• In the opened list, under Mail, select Mail.ReadWrite. Under User, select User.Read.All.

• Click Add permissions.

Initially, the status of these permissions is “Not granted.”6. Have an admin grant the permissions.After proper API permissions have been requested, an admin should grant those permissions to the registered application. An admin can follow these steps to grant permissions:

• In App registrations, click on the name of your application.

• Under Manage in the left-hand sidebar, go to API permissions > Grant admin consent for tenant_name.

• In the Grant admin consent confirmation dialog that appears, click Yes.

Important security considerationsBy default, granting the above permissions to the registered application gives it access to all mailboxes in an organization on Exchange Online. There are scenarios where administrators may want to limit an app’s access (and, in turn, the Hyperscience Email Listener) to only specific mailboxes instead of all Exchange Online mailboxes in the organization. To do so, follow the steps in Microsoft’s Limiting application permissions to specific Exchange Online mailboxes. One of the steps in this process is creating a new mail-enabled security group or using an existing one if it already exists. To create a mail-enabled security group, follow the steps in Microsoft’s Manage mail-enabled security groups in Exchange Online.