Skip to Content
Welcome to the new DatumOS documentation!
DocumentationFeaturesConnectorsMicrosoft 365 Connector

Microsoft 365 Connector

Connect DatumOS to your Microsoft 365 account to search OneDrive files, Outlook emails, and manage calendar events directly from AI conversations.

Overview

The Microsoft 365 connector integrates with Microsoft Graph API to provide access to:

  • OneDrive - Search personal and shared files across OneDrive and SharePoint
  • Outlook - Search emails with advanced query filters
  • Calendar - View and create calendar events with Microsoft Teams integration
  • Email Attachments - Retrieve and analyze email attachments

Prerequisites

Before connecting Microsoft 365, ensure you have:

  • Microsoft 365 Account - Personal, business, or education account
  • Active Subscription - Valid Microsoft 365 license
  • Browser Access - Modern web browser with cookies enabled for OAuth
  • Admin Consent (Business accounts) - May require IT administrator approval for certain permissions

Connecting Your Microsoft Account

Step 1: Navigate to Settings

  1. Click your profile icon in the top-right corner
  2. Select Settings from the dropdown menu
  3. Go to the Connectors tab

Step 2: Initiate Connection

  1. Find Microsoft 365 in the connector list
  2. Click the Connect button
  3. You’ll be redirected to Microsoft’s login page

Step 3: Sign In and Authorize

  1. Sign in with your Microsoft account credentials
  2. Review the requested permissions (see OAuth Scopes)
  3. If using a work/school account, you may see an Admin Consent Required message
  4. Click Accept to grant DatumOS access to your Microsoft 365 data
  5. You’ll be redirected back to DatumOS Settings

Step 4: Verify Connection

Once connected, the Microsoft 365 connector will show a Connected status with a green indicator. You can now use Microsoft 365 data in your conversations.

If you’re using a Microsoft 365 work or school account, certain permissions require administrator approval:

  • Files.Read.All - Access to SharePoint shared files
  • Mail.Read - Reading emails from shared mailboxes
  • Calendars.Read.Shared - Viewing other users’ calendars
  1. During the OAuth flow, you’ll see an Approval Required notice
  2. Click Request Approval to send a notification to your IT administrator
  3. Your admin will receive an email with the permission request
  4. Once approved, reconnect the Microsoft 365 connector

For IT Administrators

Administrators can pre-approve DatumOS for their organization:

  1. Go to Azure AD Admin Center 
  2. Navigate to Enterprise Applications → All Applications
  3. Find DatumOS in the application list
  4. Review and grant admin consent for requested permissions

Supported Services

OneDrive

Search files stored in OneDrive for Business or personal OneDrive:

Supported File Types:

  • Microsoft Office files (Word, Excel, PowerPoint)
  • PDF documents
  • Images and photos
  • Text files and code
  • SharePoint documents (if shared)

Search Capabilities:

  • Full-text search across file names and content
  • Filter by file type, date range, or owner
  • Access recently modified files
  • Search shared files from teams and colleagues

Example Questions:

  • “Find the Q4 budget spreadsheet in my OneDrive”
  • “Search for PowerPoint presentations about product roadmap”
  • “Show me Word documents shared by Sarah last week”

Outlook

Search and retrieve emails from your Outlook mailbox:

Search Capabilities:

  • Full-text search across subject, body, and sender
  • Filter by date range, sender, or folder
  • Search by importance or read/unread status
  • Access email attachments

Example Questions:

  • “Find emails from John about the construction project”
  • “Show me unread messages from last Friday”
  • “Search for emails with PDF attachments from this week”

Note: The sendEmail tool is currently disabled due to Microsoft tenant delivery issues. Email reading and search remain fully functional.

Email Attachments

Retrieve and analyze attachments from Outlook emails:

Supported Attachment Types:

  • PDF documents
  • Microsoft Office files (Word, Excel, PowerPoint)
  • Images and photos
  • Text files

Example Questions:

  • “Download the invoice attachment from Sarah’s email yesterday”
  • “Show me the project timeline spreadsheet attached to the last email from the PM”

Calendar

View and create calendar events with Microsoft Teams meeting integration:

Capabilities:

  • Search Events - Find meetings by title, attendee, or date range
  • View Details - See event time, location, attendees, and description
  • Create Events - Schedule meetings with automatic Teams links
  • Timezone Support - Handle multiple timezones with IANA identifiers

Example Questions:

  • “What meetings do I have tomorrow?”
  • “Show me all-day events next week”
  • “Create a meeting with the design team for Thursday at 2 PM”
  • “Schedule a Teams call with John on Friday afternoon”

Teams Meeting Integration:

When creating calendar events, you can automatically generate Microsoft Teams meeting links:

  • Set isOnlineMeeting: true in event parameters
  • Teams link is generated automatically
  • Meeting join info included in calendar invite
  • Works for internal and external attendees

OAuth Scopes

The Microsoft 365 connector requests the following permissions:

ScopeDescriptionUsage
openidUser identityAuthentication
profileUser profile informationDisplay name and avatar
emailUser email addressUnique identifier
offline_accessRefresh tokensLong-term access without re-login
Files.Read.AllRead files in OneDrive/SharePointFile search and retrieval
Mail.ReadRead emailsEmail search and attachments
Calendars.Read.SharedRead calendar eventsView meetings and availability
Calendars.ReadWriteCreate/modify calendar eventsSchedule meetings with Teams links
User.ReadRead user profileDisplay user information

Disabled Scopes

The following scope is not requested due to known issues:

ScopeStatusReason
Mail.SendDisabledMicrosoft tenant email delivery failures (see Known Issues)

Sync Frequency

The Microsoft 365 connector operates in real-time mode:

  • No Background Sync - Data is fetched only when you ask questions
  • Always Current - Every search retrieves the latest data from Microsoft 365
  • No Data Storage - DatumOS does not cache or store email or file contents
  • Live Connection - Requires active internet connection

Connection Status

Monitor your Microsoft 365 connector status in Settings → Connectors:

  • Connected (Green) - Authentication valid, ready to use
  • Expired (Yellow) - OAuth token expired, click Reconnect
  • Error (Red) - Connection failed, check credentials or network

Token Expiration

OAuth tokens for Microsoft 365 refresh automatically using offline_access scope. However, if unused for 90 days, tokens may expire. When your token expires:

  1. Go to Settings → Connectors
  2. Click Reconnect next to Microsoft 365
  3. Complete the OAuth flow again
  4. Resume using Microsoft 365 data immediately

Timezone Handling

Calendar events use IANA timezone identifiers (e.g., America/New_York, Europe/London, UTC).

Timezone Resolution Priority

When creating or searching calendar events, DatumOS determines timezone in this order:

  1. Explicit timezone - Provided in your question or tool parameters
  2. User preference - Stored in your DatumOS Settings
  3. Browser timezone - Detected from your browser
  4. Fallback - UTC

Example:

  • “Schedule a meeting at 2 PM Eastern” → Uses America/New_York
  • “What meetings do I have tomorrow?” → Uses your browser timezone
  • “Create an event at 9 AM UTC” → Uses UTC

Rate Limits

Microsoft Graph API enforces rate limits per user:

  • Search Operations - 100 requests per minute
  • Write Operations (Calendar) - 30 requests per minute
  • Attachment Downloads - 50 requests per minute

If you encounter rate limiting:

  • DatumOS automatically retries with exponential backoff
  • Rate limit errors include retryAfterSeconds for client backoff
  • Wait indicated time before retrying manually

Known Issues

Email Sending Disabled

The sendEmail tool was disabled on December 5, 2025 due to Microsoft tenant-level email delivery failures.

Symptoms:

  • API returns HTTP 202 Accepted (success)
  • Emails appear in Outlook Sent Items
  • Recipients do not receive emails

Root Cause:

The issue is at the Microsoft tenant/transport level, not application code. Possible causes:

  • SPF/DKIM/DMARC policies on receiving domains
  • Microsoft tenant mail flow rules blocking external sends
  • IP reputation of Outlook.com shared sending infrastructure
  • Transport layer policies applied after API acceptance

Status: Under investigation with Microsoft support.

Workaround: Use the Calendar Event feature with Teams meetings to send meeting invites, which use a different mail flow path and work correctly.

Troubleshooting

Common Issues

IssueCauseSolution
”Microsoft account not connected”Not authenticatedConnect Microsoft 365 in Settings → Connectors
”Connection has expired”Token expired or refresh failedClick Reconnect in Settings
”Permission is missing”Scope not authorizedReconnect and authorize required permissions
”Admin consent required”Business account requires IT approvalRequest admin consent (see above)
“Invalid recipient”Bad email address in event creationVerify email format and domain
”Invalid time range”Event end time before start timeCheck start/end times and timezone
”Rate limited”Too many API requestsWait indicated seconds and retry

OneDrive Access Issues

If you can’t find files you know exist:

  1. Check Permissions - Verify you have access in OneDrive web portal
  2. Refresh Connection - Disconnect and reconnect to refresh permissions
  3. SharePoint Files - Ensure Files.Read.All scope is authorized
  4. File Type - Verify file type is supported for content search
  5. Indexing Delay - New files may take 1-2 minutes to appear in search results

Calendar Issues

If calendar events aren’t showing or creation fails:

  1. Timezone Validation - Ensure timezone is valid IANA identifier
  2. Time Format - Use ISO 8601 format (YYYY-MM-DDTHH:mm:ss)
  3. Required Fields - Subject, start time, and end time are required
  4. Attendee Emails - Verify all attendee emails are valid
  5. Calendar Permissions - Ensure Calendars.ReadWrite scope is authorized

If admin consent fails or times out:

  1. Contact IT - Reach out to your IT administrator directly
  2. Application ID - Provide DatumOS application ID to your admin
  3. Permission List - Share the OAuth Scopes table
  4. Azure AD Logs - Admins can check Azure AD sign-in logs for errors

Security & Compliance

Data Privacy

  • No Content Storage - DatumOS does not permanently store email or file contents
  • Metadata Only - Only filenames, properties, and search results are cached temporarily
  • User Isolation - You can only access data you have permission to view
  • Token Security - OAuth tokens are encrypted at rest and in transit

Audit Logging

All Microsoft 365 connector operations are logged for compliance:

  • User ID and timestamp
  • Operation type (search, retrieve, create)
  • Resource IDs accessed (file IDs, email IDs, event IDs)
  • Response times and result counts
  • Success/error status

Logs are retained for 90 days and available to account administrators.

Compliance Certifications

DatumOS follows Microsoft’s security best practices:

  • OAuth 2.0 - Industry-standard authentication
  • Least Privilege - Requests only required permissions
  • Token Refresh - Automatic token rotation
  • Revocation Support - Disconnect at any time

Next Steps

Autodesk ACCConnect your construction projectsGoogle WorkspaceAccess Google Drive and GmailHelp CenterTroubleshooting and FAQ

Further Reading

Google Workspace ConnectorOverview