Connecting Office365
Last updated: October 8, 2024
After this article...
You'll be able to connect the Office365 integration to Lumos and resolve common issues that arise when connecting.
Required plan & roles
There's no required Microsoft plan to connect this integration.
Your Microsoft user should have access to the admin panel.
Before you begin
Allow Lumos to get employee usage data for Microsoft products by following the steps below.
Go to the Microsoft 365 admin center.
Go to Settings > Org Settings > Services.
Select Reports.
Un-check "Display concealed user, group, and site names in all reports" and click Save.
There are limitations to the activity data Lumos can get from Office365. For more info on how Lumos shows you Office365 activity, check out this article:π Interpreting Office365 Last Activity
Instructions
1. Find the Office365 card in your Lumos integrations (Reconnect or add new)
2. Click on the card, make sure you've completed the steps above ("Before you begin"), then click Connect Office365.
3. You'll be prompted to approve scopes via OAuth.
4. Youβre finished! β
Scopes
While you canβt selectively pick and choose when connecting the integration, you can revoke scopes after connecting. See more info here.
Scope | Required | Description |
User.Read | β | Sign in and read user profile. Allows the application to sign in the user and read the user's profile information. |
Directory.AccessAsUser.All | β | Access directory as the signed-in user. Allows the application to access the directory as the signed-in user. This includes permissions to perform any operation that the signed-in user has privileges to perform within the directory. |
User.ReadWrite.All | β | Read and write all users' full profiles. Allows the app to read and update user profiles without a signed in user. |
Mail.ReadBasic.All | β | Read basic mail in all mailboxes. Allows the app to read basic mail properties in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties. |
Directory.ReadWrite.All | β | Read and write directory data. Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. |
AppRoleAssignment.ReadWrite.All | β | Manage app permission grants and app role assignments. Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user. |
MailboxSettings.ReadWrite | β | Read and write all user mailbox settings. Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail. |
Reports.Read.All | β | Read all usage reports. Allows the application to read all reports related to activity, usage, and insights across various Microsoft 365 services. |
Β