> ## Documentation Index
> Fetch the complete documentation index at: https://docs.getomni.co/llms.txt
> Use this file to discover all available pages before exploring further.
# Microsoft 365
> Connect Microsoft 365 to Omni for unified search across OneDrive, SharePoint, Outlook, Calendar, and Teams
The Microsoft 365 connector enables Omni to index and search content from your Microsoft 365 tenant, including OneDrive files, SharePoint documents, Outlook emails, Calendar events, and Teams chats.
## Overview
### What Gets Indexed
| Source | Content |
| ---------------- | -------------------------------------------------------- |
| OneDrive | Files and documents from user drives |
| SharePoint | Documents from site libraries |
| Outlook Mail | Email subjects, bodies, senders, and recipients |
| Outlook Calendar | Calendar events with titles, descriptions, and attendees |
| Teams Chats | 1:1 and group chat messages, with attachment metadata |
### How It Works
1. You register an Entra ID application with the required Microsoft Graph API permissions
2. The connector syncs content from all five services in a single setup
3. Group membership-based permissions ensure users only see content they have access to
4. Supports both full and incremental sync modes, with state checkpointing so large syncs can resume
The connector uses read-only access. Omni cannot modify, delete, or create any content in your Microsoft 365 tenant.
## Prerequisites
Before setting up the Microsoft 365 connector, ensure you have:
* **Entra ID admin access** to register applications and grant admin consent
* **Microsoft 365 tenant** with the services you want to index
* **Omni deployment** with the Microsoft connector service running
## Setup
### Step 1: Register an Entra ID Application
1. Go to the [Azure Portal](https://portal.azure.com)
2. Navigate to **Microsoft Entra ID** → **App registrations**
3. Click **New registration**
4. Set the name: **Omni MS365 Connector**
5. Supported account types: Single-tenant (this directory only)
6. Leave **Redirect URI** blank
7. Click **Register**
8. Note the **Application (client) ID** and **Directory (tenant) ID**
### Step 2: Configure API Permissions
1. Go to **API permissions** in your app registration
2. Click **Add a permission** → **Microsoft Graph** → **Application permissions**
3. Add the following permissions:
| Permission | Type | Purpose |
| ------------------------- | ----------- | --------------------------------------------------------------- |
| `Files.Read.All` | Application | Read files in OneDrive and SharePoint |
| `Sites.Read.All` | Application | Read items in all SharePoint site collections |
| `Mail.Read` | Application | Read mail in all mailboxes |
| `Calendars.Read` | Application | Read calendars in all mailboxes |
| `Chat.Read.All` | Application | Read all Teams 1:1 and group chat messages |
| `ChatMessage.Read.All` | Application | Read all chat messages |
| `Team.ReadBasic.All` | Application | List all teams |
| `Channel.ReadBasic.All` | Application | Read channel names and descriptions |
| `ChannelMember.Read.All` | Application | Read members of all channels |
| `ChannelMessage.Read.All` | Application | Read all channel messages |
| `User.Read.All` | Application | Read user profiles (for permission mapping) |
| `Group.Read.All` | Application | Read groups (for permission resolution) |
| `GroupMember.Read.All` | Application | Read group memberships (for permission inheritance) |
| `User.Read` | Delegated | Sign in and read user profile (used during initial app consent) |
4. Click **Grant admin consent** and confirm
Admin consent is required. These are application-level permissions that apply across the entire tenant.
### Step 3: Create a Client Secret
1. Go to **Certificates & secrets**
2. Click **New client secret**
3. Set an expiry period and click **Add**
4. Copy the secret value immediately — it won't be shown again
Store the client secret securely. Rotate it before expiry to avoid service disruption.
### Step 4: Connect in Omni
1. Navigate to **Settings** → **Integrations** in Omni
2. Find **Microsoft 365** and click **Connect**
3. Enter your **Tenant ID**, **Client ID**, and **Client Secret**
4. Click **Connect**
5. Click **Sync Now** to start the initial sync
All five source types (OneDrive, SharePoint, Outlook Mail, Calendar, Teams Chats) are created automatically in a single setup flow.
Your Microsoft 365 connector is now configured. Initial indexing may take a while depending on the amount of content in your tenant.
## Managing the Integration
### Viewing Sync Status
Navigate to **Settings** → **Integrations** to view:
* Last sync time for each of the four source types
* Number of indexed items per source
* Any sync errors
### Sync Modes
The Microsoft 365 connector supports two sync modes:
| Mode | Description |
| --------------- | ------------------------------------------------------------------------------------------------------ |
| **Full** | Syncs all content across OneDrive, SharePoint, Mail, Calendar, and Teams Chats (used for initial sync) |
| **Incremental** | Syncs only items modified since last sync (used for updates) |
After the initial full sync, the connector automatically performs incremental syncs to capture new and updated content.
### Removing the Integration
1. Navigate to **Settings** → **Integrations** → Click **Configure** against the source you wish to remove
2. Click **Delete Permanently**
3. Optionally, delete the app registration from Entra ID
## Troubleshooting
Common causes:
* Admin consent was not granted for all required permissions
* Sync has not completed yet for the relevant source type
**Solution**: Verify admin consent was granted in Entra ID, then check the sync status for each source type in **Settings** → **Integrations** → **Microsoft 365**.
The credentials may be incorrect or the client secret may have expired.
**Solution**:
1. Verify the **Tenant ID**, **Client ID**, and **Client Secret** are correct
2. Check if the client secret has expired in Entra ID
3. If expired, create a new client secret and update it in Omni via **Settings** → **Integrations** → **Microsoft 365**
API permissions may be missing or admin consent was not granted.
**Solution**: Go to your app registration in Entra ID, verify all required API permissions are added, and ensure **Grant admin consent** has been clicked and confirmed for each permission.
The connector uses application permissions. If a user's content is not appearing, the issue may be related to group membership sync.
**Solution**: Check group membership sync status and verify the user exists in the tenant. Ensure `User.Read.All` and `GroupMember.Read.All` permissions are granted.
## Security Considerations
* **Read-only access**: The connector only has read permissions
* **Application permissions**: Uses app-level access (not delegated), requiring admin consent
* **Group-based permissions**: Users only see content based on their Microsoft 365 group memberships
* **Secret rotation**: Monitor client secret expiry and rotate before it expires
* **Encrypted storage**: Credentials are encrypted at rest in Omni
## What's Next
Learn how to search across Microsoft 365 content
Ask questions about your documents and emails
Connect additional data sources