Appearance
Microsoft 365 Setup
Junto connects to Microsoft 365 through the Microsoft Graph API, giving the AI agent access to users, groups, mail, calendar, SharePoint, Teams, devices, and security across your customer tenants.
For mailbox delegation (Full Access, Send As, Send on Behalf), see Exchange Online Delegation — this requires a separate authorization because Microsoft does not expose these operations through Graph.
Prerequisites
- A Microsoft 365 tenant with Global Administrator access
- The tenant must have the required licenses for the features you want to use
Connect via OAuth
- In Junto, go to the company's Integrations page.
- Find Microsoft 365 and click Connect.
- Authenticate with Global Administrator credentials for the customer's tenant.
- Review and accept the requested permissions.
- After authorization, you are redirected back to Junto with an active connection.
That's it — the connection is managed automatically from there.
What the AI Agent Can Do
Once connected, the AI agent can help manage your Microsoft 365 environment across the following areas:
- User management -- Look up users, create and update accounts, reset passwords, and manage licenses.
- Group management -- Browse groups, manage membership, and handle group-level licensing.
- Mail & mailbox -- View mailbox settings, configure out-of-office replies, and manage inbox rules.
- Calendar -- View and manage calendar events.
- SharePoint & OneDrive -- Browse sites and files, create folders, and manage sharing.
- Teams -- View teams, manage membership, create channels, and send messages.
- Devices -- View Intune-managed devices, trigger syncs, and retrieve BitLocker recovery keys.
- Security & identity -- View security alerts, risky users, secure score, and conditional access policies.
- Audit & reporting -- View sign-in logs, audit logs, and usage reports.
High-impact actions (account changes, password resets, device wipes, etc.) always require technician approval before the agent proceeds.
License Requirements
Some features require specific licenses in the customer's tenant:
| Feature | Required License |
|---|---|
| Sign-in logs, Audit logs | Azure AD Premium P1 or P2 |
| Identity Protection (risky users) | Azure AD Premium P2 |
| Conditional Access policies | Azure AD Premium P1 or P2 |
| Intune device management | Microsoft Intune or M365 E3/E5 |
| Teams features | Microsoft Teams license |
| BitLocker recovery keys | Azure AD Premium P1 or P2 |
| Message trace | Exchange Online |
Troubleshooting
- OAuth connection fails -- Ensure you are signing in as a Global Administrator of the customer's tenant, not your own.
- Missing data -- Some features require specific licenses. Check the license table above.
- Token expired -- The integration refreshes tokens automatically. If the connection shows "Token expired", disconnect and reconnect.