Skip to main content

Microsoft Office 365

Microsoft Office 365 is a comprehensive suite of cloud-based productivity and collaboration tools. The Microsoft Office 365 connector enables you to access Microsoft Graph API endpoints to retrieve user information, service health data, DLP audit logs, and other Office 365 management data. This connector is particularly useful for applications that need to extract user data, monitor service health, analyze security and compliance events, or integrate Office 365 data with other systems.

Microsoft Office 365 icon

Power end-to-end data operations for your Microsoft Office 365 API with Nexla. Our bi-directional Microsoft Office 365 connector is purpose-built for Microsoft Office 365, making it simple to ingest data, sync it across systems, and deliver it anywhere — all with no coding required. Nexla turns API-sourced data into ready-to-use, reusable data products and makes it easy to send data to Microsoft Office 365 or any other destination. With comprehensive monitoring, lineage tracking, and access controls, Nexla keeps your Microsoft Office 365 workflows fast, secure, and fully governed.

Features

Type: API

SourceDestination

  • Seamless API Integration: Connect to any endpoint as source or destination without coding, with automatic data product creation
  • Visual Composition & Chaining: Build complex integrations using visual templates, chain API calls, and compose workflows with data validation and filtering
  • API Proxy: Expose curated slices of your data securely with a secure and customizable API proxy that validates and transforms data on the fly
  • Request optimization with intelligent batching, retry, and caching to minimize API calls and costs

Prerequisites

Before creating a Microsoft Office 365 credential, you'll need to register an application in Azure Active Directory (Azure AD) and obtain OAuth 2.0 credentials (Client ID, Client Secret, and Tenant ID). Microsoft Office 365 uses OAuth 2.0 client credentials flow for API authentication via Microsoft Graph API.

To obtain Microsoft Office 365 API credentials:

  1. Log in to the Azure Portal with an account that has permissions to register applications.

  2. Navigate to Azure Active Directory > App registrations (or Microsoft Entra ID > App registrations in newer portals).

  3. Click New registration to create a new application registration.

  4. Enter a name for your application (e.g., "Nexla Office 365 Integration") and select the supported account types. For most integrations, select Accounts in this organizational directory only.

  5. Click Register to create the application.

  6. After registration, you'll be taken to the application overview page. Note the Application (client) ID and Directory (tenant) ID - you'll need these for your credential.

  7. Navigate to Certificates & secrets in the left menu, then click New client secret.

  8. Enter a description for the secret and select an expiration period. Click Add to create the secret.

  9. Important: Copy the Value of the client secret immediately, as it will only be displayed once. Store it securely, as you'll need it to authenticate API requests.

  10. Navigate to API permissions in the left menu. Click Add a permission and select Microsoft Graph.

  11. Select Application permissions (not Delegated permissions) and add the required permissions. For Office 365 Management API access, you typically need:

    • ServiceHealth.Read.All - For reading service health information
    • User.Read.All - For reading user information
    • AuditLog.Read.All - For reading audit logs (if needed)
  12. Click Grant admin consent to grant the permissions to your application. This step is required for application permissions.

Microsoft Office 365 uses OAuth 2.0 client credentials flow (2-legged OAuth), which means you don't need user authorization. The Client ID, Client Secret, and Tenant ID are used to obtain an access token directly. The application must have the necessary API permissions granted and admin consent provided.

For detailed information about Microsoft Office 365 API authentication and Azure AD app registration, refer to the Microsoft Graph API Documentation and Office 365 Management Activity API Reference.

Authenticate

Credentials required

OAuth2 client credentials authentication for Microsoft Graph Service Health API

FieldRequiredSecretDescription
Client IDYesNoThe Client ID (Application ID) of your registered Azure AD application.
Client SecretYesYesThe Client Secret generated for your Azure AD application.
Tenant IDYesNoThe Directory (tenant) ID of your Azure AD application.

Create a credential in Nexla

  1. After selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

New Credential Overlay – Microsoft Office 365

MicrosoftOffice365Cred.png
  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

  2. In the Client ID field, enter the Application (client) ID that you obtained from your Azure AD application registration. This is the unique identifier for your registered application.

  3. In the Client Secret field, enter the Client Secret value that you obtained from your Azure AD application registration. This is the secret value generated in the Certificates & secrets section.

    The Client Secret is sensitive information and should be kept secure. If you've lost your Client Secret, you'll need to generate a new one in your Azure AD application registration. Client secrets expire based on the expiration period you set when creating them.

  4. In the Tenant ID field, enter the Directory (tenant) ID that you obtained from your Azure AD application registration. This is the unique identifier for your Azure AD tenant.

  5. Click the Save button at the bottom of the overlay. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation.

Use as a data source

To create a new data flow, navigate to the Integrate section, and click the New Data Flow button. Select the Microsoft Office 365 connector tile, then select the credential that will be used to connect to the Microsoft Office 365 API, and click Next; or, create a new Microsoft Office 365 credential for use in this flow.

Endpoint templates

Nexla provides pre-built templates that can be used to rapidly configure data sources to ingest data from common Microsoft Graph API endpoints. Select the endpoint from which this source will fetch data from the Endpoint pulldown menu. Available endpoint templates are listed in the expandable boxes below.

Get User (Graph)

This endpoint retrieves a specific user's profile using their ID or User Principal Name (UPN) via Microsoft Graph API. Use this endpoint when you need to extract user information, get user profiles, or retrieve user details for a specific user.

  • Enter the User ID or User Principal Name (UPN) in the USER_ID_OR_UPN field. This can be either the user's object ID (GUID) or their UPN (e.g., user@domain.com).

The Get User endpoint uses GET requests to retrieve user profile information from Microsoft Graph API. The endpoint returns user details including display name, email, job title, department, and other user properties. For more information about the Get User endpoint, refer to the Microsoft Graph API Documentation.

Get Service Health Overview (Graph)

This endpoint retrieves an overview of the current health status for subscribed services via Microsoft Graph API. Use this endpoint when you need to monitor Office 365 service health, track service status, or integrate service health data with monitoring systems.

  • This endpoint automatically retrieves the current service health overview for all subscribed Office 365 services. No additional configuration is required beyond selecting this endpoint template.

The Get Service Health Overview endpoint uses GET requests to retrieve service health information from Microsoft Graph API. The endpoint returns health status for various Office 365 services including Exchange Online, SharePoint Online, Teams, and others. For more information about the Get Service Health Overview endpoint, refer to the Microsoft Graph API Documentation.

List Historical Service Issues (Graph)

This endpoint retrieves historical service health issues within a specified time range via Microsoft Graph API. Use this endpoint when you need to extract historical service issues, analyze service incidents, or track service health over time.

  • Enter the start time for the time range in ISO 8601 format (e.g., 2024-01-01T00:00:00Z) in the START_TIME field. This specifies the beginning of the time range for retrieving historical service issues.
  • Enter the end time for the time range in ISO 8601 format (e.g., 2024-01-31T23:59:59Z) in the END_TIME field. This specifies the end of the time range for retrieving historical service issues.

The List Historical Service Issues endpoint uses GET requests with OData filters to retrieve historical service health issues from Microsoft Graph API. The endpoint supports pagination through nextLink and automatically fetches additional pages. For more information about the List Historical Service Issues endpoint, refer to the Microsoft Graph API Documentation.

Create DLP Audit Log Query (Graph Purview)

This endpoint starts an asynchronous query for DLP (Data Loss Prevention) audit logs via the Microsoft Graph Purview Audit Search API. Use this endpoint when you need to extract DLP audit logs, analyze data loss prevention events, or integrate compliance data with security systems.

  • Enter the start time for the audit log query in ISO 8601 format (e.g., 2024-01-01T00:00:00Z) in the START_TIME field. This specifies the beginning of the time range for the audit log query.
  • Enter the end time for the audit log query in ISO 8601 format (e.g., 2024-01-31T23:59:59Z) in the END_TIME field. This specifies the end of the time range for the audit log query.

The Create DLP Audit Log Query endpoint uses a two-step process: first creating an asynchronous query, then retrieving the query results. The endpoint automatically handles both steps and supports pagination through nextLink. For more information about the Create DLP Audit Log Query endpoint, refer to the Microsoft Graph API Documentation.

Once the selected endpoint template has been configured, click the Test button to the right of the endpoint selection menu to retrieve a sample of the data that will be fetched. Sample data will be displayed in the Endpoint Test Result panel on the right, allowing you to verify that the source is configured correctly before saving.

Manual configuration

Microsoft Office 365 data sources can also be manually configured to ingest data from any valid Microsoft Graph API endpoint, including endpoints not covered by the pre-built templates, chained API calls, or custom authentication headers. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, endpoint URL, date/time and lookup macros, path to data, metadata, and request headers.

Microsoft Graph API endpoints typically follow the pattern https://graph.microsoft.com/v1.0/{resource} or https://graph.microsoft.com/beta/{resource} for beta endpoints. For Path to Data, common paths include $ for the entire response, $.value[*] for arrays of results, or $.value for the value array. The Authorization header with Bearer token is automatically included from your credential and does not need to be added manually.

Once all of the relevant settings have been configured, click the Create button in the upper right corner of the screen to save and create the new Microsoft Office 365 data source. Nexla will now begin ingesting data from the configured endpoint and will organize any data that it finds into one or more Nexsets.

Use as a destination

Click the + icon on the Nexset that will be sent to the Microsoft Office 365 destination, and select the Send to Destination option from the menu. Select the Microsoft Office 365 connector from the list of available destination connectors, then select the credential that will be used to connect to the Microsoft Office 365 instance, and click Next; or, create a new Microsoft Office 365 credential for use in this flow.

Manual configuration

Microsoft Office 365 destinations can be manually configured to send data to any valid Microsoft Graph API endpoint. Select the Advanced tab at the top of the configuration screen, and follow the instructions in Connect to Any API to configure the API method, data format, endpoint URL, request headers, attribute exclusions, record batching, and response webhooks.

Microsoft Graph API endpoints typically follow the pattern https://graph.microsoft.com/v1.0/{resource} or https://graph.microsoft.com/beta/{resource} for beta endpoints. The Authorization header with Bearer token is automatically included from your credential, and Content-Type is typically set to application/json for ingestion endpoints. If the endpoint requires a specific request body structure, use the Request Body Template field with {message.json} to send the entire record as JSON, or reference individual fields using dot notation (e.g., {message.field_name}).

Save & activate

Once all endpoint settings have been configured, click the Done button in the upper right corner of the screen to save and create the destination. To send the data to the configured Microsoft Office 365 endpoint, open the destination resource menu, and select Activate.

The Nexset data will not be sent to the Microsoft Office 365 endpoint until the destination is activated. Destinations can be activated immediately or at a later time, providing full control over data movement.