The Microsoft 365 Delegated Access integration is a Microsoft-sanctioned Enterprise app that allows users to grant Torq access to the resources that their own Microsoft 365 account can access.
The permissions required are limited but sufficient to handle common Microsoft 365 use cases.
This integration can be used with steps of the following Microsoft services, provided the integrated account has access to them:
Microsoft Excel
Microsoft OneDrive
Microsoft Outlook
Microsoft SharePoint
Create a Microsoft 365 integration for non-delegated access with more specificity in permissions, services, and scopes.
Use Microsoft 365 Steps with Delegated Access in Torq
Step One: Create a Microsoft 365 Delegated Access Steps Integration in Torq
Best practice is to provision a dedicated (service) account for Microsoft 365 delegated access rather than using a specific user's account. In this case, you must create the integration from incognito mode - or a browser where you are not logged into your personal Microsoft account - and enter the dedicated account's details.
Navigate to Integration: In Torq, go to Build > Integrations > Steps > Microsoft 365 Delegated Access, and click Add.
Name the Integration: Type a meaningful name for the integration instance. You cannot change this later.
Finalize: Click Add.
Accept Permissions: If you are using a dedicated account, you will be directed to log in now. If you are using an SSO account that you are already logged into, you may be redirected to a Microsoft permissions page that displays the access that will be granted to Torq.
Click Accept.
Admins in Microsoft can give consent on behalf of your organization.
If an admin has chosen this option, other users in the Torq workspace will still need to create their own integrations to generate a token, but they won't be redirected to a permissions page.
The following is a list of permissions granted to the integration:
offline_access
openid
emailprofile
User.Read
Files.ReadWrite.All
Mail.ReadWrite
Mail.Send
Calendars.ReadWrite
Contacts.ReadWrite
MailboxSettings.ReadWrite
Sites.ReadWrite.All
If you're asked to get admin approval when creating this integration, your organization may have restrictions on adding third-party apps. Ask your admin to check the Azure Active Directory (AAD) settings for the following, as this is needed to create the integration without admin approval.
Step Two: Use the Integration in Torq Steps
Once you've created a Microsoft 365 Delegated Access integration in Torq, you can use it in Microsoft 365 steps.
In parameters that request a Microsoft Access Token, provide:
{{$integrations.<your_delegated_integration_name>.access_token}}
Step Three: Reauthorize Your Integration
Occasionally, your token may go out of sync. If you notice step failures, go to Build > Integrations > Steps > Microsoft 365 Delegated Access, click on your integration, and click Reauthorize.
FAQs
Templates
Now that you've added the step integration check out these templates specially crafted by Torq's security experts. Visit Torq's template library for more.