Guidance for Office 365 Admin connector

Read the following information for guidance and best practices when using the Office 365 Admin connector in your flows.

Authentication

Create a connection using an admin or user Office 365 Admin account. See Authorization.

Re-authorize a connection

If you’ve used your account to create a connection successfully, you should be able to use this account to create as many connections as you want and re-authorize the old connections as long as no configuration is changed by the admin.

Types of accounts

  • Office 365 admin account

  • Office 365 admin credentials

Supported scopes

The following OAuth scopes must be enabled in your Office 365 Admin connector environment:

  • email
  • openid
  • profile
  • offline_access
  • Directory.ReadWrite.All
  • Directory.AccessAsUser.All
  • Group.ReadWrite.All
  • User.ReadWrite.All
  • User.Invite.All
  • Calendars.ReadWrite
  • Calendars.ReadWrite.Shared
  • Contacts.ReadWrite.Shared
  • Files.ReadWrite.All
  • People.Read.All
  • AccessReview.ReadWrite.All
  • AccessReview.ReadWrite.Membership
  • Analytics.Read
  • AdministrativeUnit.ReadWrite.All
  • AppCatalog.ReadWrite.All
  • Bookings.ReadWrite.All
  • Chat.ReadWrite
  • PrivilegedAccess.ReadWrite.AzureAD
  • PrivilegedAccess.ReadWrite.AzureResources
  • EduAdministration.ReadWrite
  • Financials.ReadWrite.All
  • IdentityProvider.ReadWrite.All
  • IdentityRiskEvent.Read.All
  • IdentityRiskyUser.Read.All
  • DeviceManagementApps.ReadWrite.All
  • DeviceManagementConfiguration.ReadWrite.All
  • DeviceManagementManagedDevices.PrivilegedOperations.All
  • DeviceManagementManagedDevices.ReadWrite.All
  • DeviceManagementRBAC.ReadWrite.All
  • DeviceManagementServiceConfig.ReadWrite.All
  • Mail.Send.Shared
  • MailboxSettings.ReadWrite
  • Mail.ReadWrite.Shared
  • Member.Read.Hidden
  • Notes.ReadWrite.All
  • Notes.Create
  • Notifications.ReadWrite.CreatedByApp
  • OnPremisesPublishingProfiles.ReadWrite.All
  • Organization.ReadWrite.All Place.Read.All
  • ProgramControl.ReadWrite.All Reports.Read.All
  • RoleManagement.ReadWrite.Directory
  • SecurityEvents.ReadWrite.All
  • SecurityActions.ReadWrite.All
  • ThreatIndicators.ReadWrite.OwnedBy
  • Sites.FullControl.All
  • Tasks.ReadWrite
  • Tasks.ReadWrite.Shared
  • Agreement.ReadWrite.All
  • AgreementAcceptance.Read.All
  • Policy.Read.All
  • Policy.ReadWrite.TrustFramework
  • UserActivity.ReadWrite.CreatedByApp

Action card or event card-specific limitations

List Contact Folders

List contact folder returns a maximum of two levels of child folders. Use one of the following API call with Custom API action card to return folders.

Returns 1st level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders

Returns 1st and 2nd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders

Returns the 1st, 2nd and 3rd level contact folders from a folder:

/users/{{userPrincipalName}}/contactFolders/{{contactFolderId}}/childFolders?$expand=childFolders($expand=childFolders)

Related topics

Office 365 Admin connector

Elements of Workflows

Guidance for Office 365 Admin connector

Office 365 Admin Management API overview