Table of contents
WorkSights connects to your Microsoft 365 tenant through Microsoft’s secure OAuth consent process. The connection is configured once at the tenant level by an administrator. After it is approved, WorkSights can import users and process activity metadata from Outlook, Teams, SharePoint, and other Microsoft services that support audit logging. No passwords, inbox content, or file content ever pass through WorkSights.
This setup guide explains how the domain-level authorization works and what you can expect once the integration is active.
How the Microsoft 365 Connection Works
When your organization signs up with Microsoft 365, WorkSights identifies the tenant and prepares the permission request. A Microsoft tenant administrator must grant consent to activate the integration. This consent gives WorkSights secure, read-only access to directory information and audit event metadata.
Once consent is approved:
- WorkSights provisions your company workspace
- The user directory is imported
- The audit ingestion pipeline activates for supported Microsoft services
There is no additional configuration required unless your organization uses conditional access or restricted API controls.
Permissions Requested
WorkSights requests a small set of read-only permissions used for processing activity metadata. Microsoft surfaces these scopes during the consent screen. The permissions allow WorkSights to receive:
- Directory metadata to import and sync users
- Calendar event metadata
- Email metadata for outbound messages
- SharePoint and OneDrive activity metadata
- Teams activity metadata
- Audit signals for mailbox access, file interactions, and meeting participation
WorkSights never ingests message content, file content, attachments, or anything beyond metadata provided through the Microsoft audit and events APIs.
Activation Steps for Administrators
The Microsoft 365 connection is completed through WorkSights’s standard sign-up and admin-consent flow. The full step-by-step process is documented in Sign Up with Microsoft 365.
Once a tenant administrator approves the permissions, WorkSights activates the integration automatically and begins importing users and metadata.
Data Import and Historical Activity
After the integration is activated, WorkSights starts ingesting audit events from Microsoft.
During initial setup, WorkSights imports the most recent 8 days of Microsoft 365 activity. Companies requiring deeper historical visibility can enable extended history, allowing WorkSights to process up to one month of past events.
This process is automated, requires no configuration, and keeps the initial onboarding experience lightweight.
User Mapping
WorkSights relies on your Microsoft 365 directory to map users automatically. If a user exists in both environments, WorkSights links them by email address. New users added to the Microsoft directory will also be imported automatically.
If your organization uses aliases or shared mailboxes, these can be ignored or disabled inside WorkSights at any time.
Security and Revocation
WorkSights relies entirely on Microsoft’s OAuth framework and audit pipelines. All permissions are read-only. WorkSights cannot modify or delete anything inside your Microsoft tenant.
You can revoke access anytime in the Microsoft 365 Admin Center:
Enterprise Applications → WorkSights → Permissions
Revoking access stops all activity ingestion immediately.
Next Steps
For a platform-level explanation of Microsoft 365 activity in WorkSights, see Microsoft 365 Overview.
For audit log configuration requirements, see Microsoft 365 Audit Log Activation.