Microsoft Office 365
Microsoft Office 365 is a comprehensive suite of cloud-based productivity and collaboration tools. The Microsoft Office 365 connector enables you to access Microsoft Graph API endpoints to retrieve user information, service health data, DLP audit logs, and other Office 365 management data. This connector is particularly useful for applications that need to extract user data, monitor service health, analyze security and compliance events, or integrate Office 365 data with other systems.
Power end-to-end data operations for your Microsoft Office 365 API with Nexla. Our bi-directional Microsoft Office 365 connector is purpose-built for Microsoft Office 365, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Microsoft Office 365 or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Microsoft Office 365 workflows fast, secure, and fully governed.
Features
Type: API
- Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
- Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
- API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
- Request optimization with intelligent batching, retry, and caching to minimize API calls and costs
Prerequisites
Before creating a Microsoft Office 365 credential, you'll need to register an application in Azure Active Directory (Azure AD) and obtain OAuth 2.0 credentials (Client ID, Client Secret, and Tenant ID). Microsoft Office 365 uses OAuth 2.0 client credentials flow for API authentication via Microsoft Graph API.
To obtain Microsoft Office 365 API credentials:
-
Log in to the Azure Portal with an account that has permissions to register applications.
-
Navigate to Azure Active Directory > App registrations (or Microsoft Entra ID > App registrations in newer portals).
-
Click New registration to create a new application registration.
-
Enter a name for your application (e.g., "Nexla Office 365 Integration") and select the supported account types. For most integrations, select Accounts in this organizational directory only.
-
Click Register to create the application.
-
After registration, you'll be taken to the application overview page. Note the Application (client) ID and Directory (tenant) ID - you'll need these for your credential.
-
Navigate to Certificates & secrets in the left menu, then click New client secret.
-
Enter a description for the secret and select an expiration period. Click Add to create the secret.
-
Important: Copy the Value of the client secret immediately, as it will only be displayed once. Store it securely, as you'll need it to authenticate API requests.
-
Navigate to API permissions in the left menu. Click Add a permission and select Microsoft Graph.
-
Select Application permissions (not Delegated permissions) and add the required permissions. For Office 365 Management API access, you typically need:
ServiceHealth.Read.All- For reading service health informationUser.Read.All- For reading user informationAuditLog.Read.All- For reading audit logs (if needed)
-
Click Grant admin consent to grant the permissions to your application. This step is required for application permissions.
Microsoft Office 365 uses OAuth 2.0 client credentials flow (2-legged OAuth), which means you don't need user authorization. The Client ID, Client Secret, and Tenant ID are used to obtain an access token directly. The application must have the necessary API permissions granted and admin consent provided.
For detailed information about Microsoft Office 365 API authentication and Azure AD app registration, refer to the Microsoft Graph API Documentation and Office 365 Management Activity API Reference.
Authenticate
Credentials required
OAuth2 client credentials authentication for Microsoft Graph Service Health API
| Field | Required | Secret | Description |
|---|---|---|---|
| Client ID | Yes | No | The Client ID (Application ID) of your registered Azure AD application. |
| Client Secret | Yes | Yes | The Client Secret generated for your Azure AD application. |
| Tenant ID | Yes | No | The Directory (tenant) ID of your Azure AD application. |
Create a credential in Nexla
- After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
New Credential Overlay – Microsoft Office 365

-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
-
In the Client ID field, enter the Application (client) ID that you obtained from your Azure AD application registration. This is the unique identifier for your registered application.
-
In the Client Secret field, enter the Client Secret value that you obtained from your Azure AD application registration. This is the secret value generated in the Certificates & secrets section.
The Client Secret is sensitive information and should be kept secure. If you've lost your Client Secret, you'll need to generate a new one in your Azure AD application registration. Client secrets expire based on the expiration period you set when creating them.
-
In the Tenant ID field, enter the Directory (tenant) ID that you obtained from your Azure AD application registration. This is the unique identifier for your Azure AD tenant.
-
Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.
Use as a data source
To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Microsoft Office 365 connector tile, then select the credential that will be used to connect to the Microsoft Office 365 API, and click Next; or, create a new Microsoft Office 365 credential for use in this flow.
Endpoint templates
Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Microsoft Graph API endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.
Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.
Manual configuration
Microsoft Office 365 data sources can also be manually configured to ingest data from any valid Microsoft Graph API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom authentication headers. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.
Microsoft Graph API endpoints typically follow the pattern https://graph.microsoft.com/v1.0/{resource} or https://graph.microsoft.com/beta/{resource} for beta endpoints. For Path to Data, common paths include $ for the entire response, $.value[*] for arrays of results, or $.value for the value array. The Authorization header with Bearer token is automatically included from your credential and does not need to be added manually.
Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Microsoft Office 365 data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.
Use as a destination
Click the + icon on the Nexset that will be sent to the Microsoft Office 365 destination, and select the Send to Destination option from the menu. Select the Microsoft Office 365 connector from the list of available destination connectors, then select the credential that will be used to connect to the Microsoft Office 365 instance, and click Next; or, create a new Microsoft Office 365 credential for use in this flow.
Manual configuration
Microsoft Office 365 destinations can be manually configured to send data to any valid Microsoft Graph API endpoint. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.
Microsoft Graph API endpoints typically follow the pattern https://graph.microsoft.com/v1.0/{resource} or https://graph.microsoft.com/beta/{resource} for beta endpoints. The Authorization header with Bearer token is automatically included from your credential, and Content-Type is typically set to application/json for ingestion endpoints. If the endpoint requires a specific request body structure, use the Request Body Template field with {message.json} to send the entire record as JSON, or reference individual fields using dot notation (e.g., {message.field_name}).
Save & activate
Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured Microsoft Office 365 endpoint, open the destination resource menu, and select Activate.
The Nexset data will not be sent to the Microsoft Office 365 endpoint until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.