Skip to main content
The Microsoft 365 connector enables Omni to index and search content from your Microsoft 365 tenant, including OneDrive files, SharePoint documents, Outlook emails, and Calendar events.

Overview

What Gets Indexed

SourceContent
OneDriveFiles and documents from user drives
SharePointDocuments from site libraries
Outlook MailEmail subjects, bodies, senders, and recipients
Outlook CalendarCalendar events with titles, descriptions, and attendees

How It Works

  1. You register an Entra ID application with the required Microsoft Graph API permissions
  2. The connector syncs content from all four services in a single setup
  3. Group membership-based permissions ensure users only see content they have access to
  4. Supports both full and incremental sync modes
The connector uses read-only access. Omni cannot modify, delete, or create any content in your Microsoft 365 tenant.

Prerequisites

Before setting up the Microsoft 365 connector, ensure you have:
  • Entra ID admin access to register applications and grant admin consent
  • Microsoft 365 tenant with the services you want to index
  • Omni deployment with the Microsoft connector service running

Setup

Step 1: Register an Entra ID Application

  1. Go to the Azure Portal
  2. Navigate to Microsoft Entra IDApp registrations
  3. Click New registration
  4. Set the name: Omni MS365 Connector
  5. Supported account types: Single-tenant (this directory only)
  6. Leave Redirect URI blank
  7. Click Register
  8. Note the Application (client) ID and Directory (tenant) ID

Step 2: Configure API Permissions

  1. Go to API permissions in your app registration
  2. Click Add a permissionMicrosoft GraphApplication permissions
  3. Add the following permissions:
PermissionPurpose
Files.Read.AllRead files in OneDrive and SharePoint
Mail.ReadRead mail in all mailboxes
Calendars.ReadRead calendars in all mailboxes
Sites.Read.AllRead SharePoint site content
User.Read.AllRead user profiles (for permission mapping)
Group.Read.AllRead groups (for permission resolution)
GroupMember.Read.AllRead group memberships (for permission inheritance)
  1. Click Grant admin consent and confirm
Admin consent is required. These are application-level permissions that apply across the entire tenant.

Step 3: Create a Client Secret

  1. Go to Certificates & secrets
  2. Click New client secret
  3. Set an expiry period and click Add
  4. Copy the secret value immediately — it won’t be shown again
Store the client secret securely. Rotate it before expiry to avoid service disruption.

Step 4: Connect in Omni

  1. Navigate to SettingsIntegrations in Omni
  2. Find Microsoft 365 and click Connect
  3. Enter your Tenant ID, Client ID, and Client Secret
  4. Click Connect
  5. Click Sync Now to start the initial sync
All four source types (OneDrive, SharePoint, Outlook Mail, Calendar) are created automatically in a single setup flow.
Your Microsoft 365 connector is now configured. Initial indexing may take a while depending on the amount of content in your tenant.

Managing the Integration

Viewing Sync Status

Navigate to SettingsIntegrations to view:
  • Last sync time for each of the four source types
  • Number of indexed items per source
  • Any sync errors

Sync Modes

The Microsoft 365 connector supports two sync modes:
ModeDescription
FullSyncs all content across OneDrive, SharePoint, Mail, and Calendar (used for initial sync)
IncrementalSyncs only items modified since last sync (used for updates)
After the initial full sync, the connector automatically performs incremental syncs to capture new and updated content.

Removing the Integration

  1. Navigate to SettingsIntegrations → Click Configure against the source you wish to remove
  2. Click Delete Permanently
  3. Optionally, delete the app registration from Entra ID

Troubleshooting

Common causes:
  • Admin consent was not granted for all required permissions
  • Sync has not completed yet for the relevant source type
Solution: Verify admin consent was granted in Entra ID, then check the sync status for each source type in SettingsIntegrationsMicrosoft 365.
The credentials may be incorrect or the client secret may have expired.Solution:
  1. Verify the Tenant ID, Client ID, and Client Secret are correct
  2. Check if the client secret has expired in Entra ID
  3. If expired, create a new client secret and update it in Omni via SettingsIntegrationsMicrosoft 365
API permissions may be missing or admin consent was not granted.Solution: Go to your app registration in Entra ID, verify all required API permissions are added, and ensure Grant admin consent has been clicked and confirmed for each permission.
The connector uses application permissions. If a user’s content is not appearing, the issue may be related to group membership sync.Solution: Check group membership sync status and verify the user exists in the tenant. Ensure User.Read.All and GroupMember.Read.All permissions are granted.

Security Considerations

  • Read-only access: The connector only has read permissions
  • Application permissions: Uses app-level access (not delegated), requiring admin consent
  • Group-based permissions: Users only see content based on their Microsoft 365 group memberships
  • Secret rotation: Monitor client secret expiry and rotate before it expires
  • Encrypted storage: Credentials are encrypted at rest in Omni

What’s Next

Search Your Data

Learn how to search across Microsoft 365 content

AI Assistant

Ask questions about your documents and emails

Add More Connectors

Connect additional data sources