Skip to content

Microsoft 365 Setup

Junto connects to Microsoft 365 through the Microsoft Graph API, giving the AI agent access to users, groups, mail, calendar, SharePoint, Teams, devices, and security across your customer tenants.

For mailbox delegation (Full Access, Send As, Send on Behalf), see Exchange Online Delegation — this requires a separate authorization because Microsoft does not expose these operations through Graph.

Prerequisites

  • A Microsoft 365 tenant with Global Administrator access
  • The tenant must have the required licenses for the features you want to use

Connect via OAuth

  1. In Junto, go to the company's Integrations page.
  2. Find Microsoft 365 and click Connect.
  3. Authenticate with Global Administrator credentials for the customer's tenant.
  4. Review and accept the requested permissions.
  5. After authorization, you are redirected back to Junto with an active connection.

That's it — the connection is managed automatically from there.

What the AI Agent Can Do

Once connected, the AI agent can help manage your Microsoft 365 environment across the following areas:

  • User management -- Look up users, create and update accounts, reset passwords, and manage licenses.
  • Group management -- Browse groups, manage membership, and handle group-level licensing.
  • Mail & mailbox -- View mailbox settings, configure out-of-office replies, and manage inbox rules.
  • Calendar -- View and manage calendar events.
  • SharePoint & OneDrive -- Browse sites and files, create folders, and manage sharing.
  • Teams -- View teams, manage membership, create channels, and send messages.
  • Devices -- View Intune-managed devices, trigger syncs, and retrieve BitLocker recovery keys.
  • Security & identity -- View security alerts, risky users, secure score, and conditional access policies.
  • Audit & reporting -- View sign-in logs, audit logs, and usage reports.

High-impact actions (account changes, password resets, device wipes, etc.) always require technician approval before the agent proceeds.

License Requirements

Some features require specific licenses in the customer's tenant:

FeatureRequired License
Sign-in logs, Audit logsAzure AD Premium P1 or P2
Identity Protection (risky users)Azure AD Premium P2
Conditional Access policiesAzure AD Premium P1 or P2
Intune device managementMicrosoft Intune or M365 E3/E5
Teams featuresMicrosoft Teams license
BitLocker recovery keysAzure AD Premium P1 or P2
Message traceExchange Online

Troubleshooting

  • OAuth connection fails -- Ensure you are signing in as a Global Administrator of the customer's tenant, not your own.
  • Missing data -- Some features require specific licenses. Check the license table above.
  • Token expired -- The integration refreshes tokens automatically. If the connection shows "Token expired", disconnect and reconnect.