Connect & automate

5 min read

Note: The Outlook integration in the Automations Center is implemented differently from the one in Workflow Builder and Automation builder. This article covers only the Microsoft integrations available in Workflow Builder and Automation Builder.

Who can use this feature

Available on monday work management. Admin permissions required to connect Microsoft integrations.

When you connect Microsoft tools such as Outlook, Outlook Calendar, or Microsoft Teams to monday.com through Workflow Builder or the Automation Builder, you authorize a set of permissions that allow monday.com to act on your behalf. This article explains exactly which permissions are requested for each integration, what they allow monday.com to do, and how your Microsoft admin can review or manage them from the Microsoft Entra admin center.

Note: All permissions described in this article are delegated permissions, not application permissions. This means they operate on behalf of a signed-in user and require an active user session. monday.com does not use application-level permissions for these integrations.

Resources from Microsoft

Outlook Mail

Connecting Outlook Mail through Workflow Builder or the Automation Builder lets your workflows send emails, read emails, and listen for newly received messages on your behalf.

What you approve when connecting

When you connect your Outlook account, you grant monday.com the following delegated OAuth scopes:

Permission scope	What it enables
`Mail.Read`	Reads your email from Microsoft Exchange on your behalf, including listening for newly received messages to use as workflow triggers.
`Mail.Send`	Sends emails from your account as a workflow action.
`User.Read`	Reads basic identity information for the signed-in user.
`offline_access`	Maintains a refresh token so workflows can run without requiring you to re-authenticate each time.

Note: The Outlook Mail integration currently uses a legacy Azure app registration that is shared across multiple use cases. As a result, your Microsoft admin may see a longer list of permissions in the Azure app registration than are listed here. The additional scopes are not used by Workflow Builder or the Automation Builder for this integration. monday.com is in the process of migrating Outlook to a dedicated Azure app, though the timeline is not yet confirmed.

What your Microsoft admin can manage

If your organization requires Microsoft Entra admin oversight, your admin can review, restrict, or revoke the permissions granted to monday.com directly from the Microsoft Entra admin center. See the Managing permissions from the Microsoft Entra admin center section below for full details.

Outlook Calendar

Connecting Outlook Calendar allows your workflows to create, read, update, and delete calendar entries on your behalf.

What you approve when connecting

When you connect your Outlook Calendar account, you grant monday.com the following delegated OAuth scopes:

Permission scope	What it enables
`Calendars.ReadWrite`	Creates, reads, updates, and deletes calendar entries in your calendar on your behalf.
`User.Read`	Reads basic identity information for the signed-in user.
`offline_access`	Maintains a refresh token so workflows can run without requiring you to re-authenticate each time.

Note: The ability to listen for newly created calendar events is planned as a future capability and is not yet available.

What your Microsoft admin can manage

Your Microsoft Entra admin can review, restrict, or revoke the permissions granted to monday.com for Outlook Calendar from the Microsoft Entra admin center. See the Managing permissions from the Microsoft Entra admin center section below for full details.

Microsoft Teams

Connecting Microsoft Teams allows your workflows to send channel messages, send chat messages with a call-to-action, send activity feed notifications, and read messages.

What you approve when connecting

When you connect your Microsoft Teams account, you grant monday.com the following delegated OAuth scopes:

Permission scope	What it enables
`ChannelMessage.Send`	Sends messages to a Teams channel on your behalf.
`TeamsActivity.Send`	Sends activity feed notifications to Teams users.
`Chat.Read` / `Chat.ReadBasic` / `ChatMessage.Read`	Reads chat messages and basic chat metadata on your behalf.
`Channel.ReadBasic.All` / `ChannelMessage.Read.All`	Reads channel names, descriptions, and channel messages across Teams you are a member of.
`Team.ReadBasic.All`	Reads basic information about Teams you are a member of, such as names and descriptions.
`User.ReadBasic.All`	Reads basic profile information for other users, used to resolve recipients in workflow actions.
`offline_access`	Maintains a refresh token so workflows can run without requiring you to re-authenticate each time.

Tip: The Teams integration uses a newer, dedicated Azure app registration, so your Microsoft admin will see an updated list of permissions compared to the Outlook integration.

What your Microsoft admin can manage

Your Microsoft Entra admin can review, restrict, or revoke the permissions granted to monday.com for Microsoft Teams from the Microsoft Entra admin center. See the Managing permissions from the Microsoft Entra admin center section below for full details.

Managing permissions from the Microsoft Entra admin center

If your organization uses Microsoft Entra ID, your Microsoft admin can review, modify, and revoke the permissions granted to monday.com at any time. The steps below cover the key management tasks for the Workflow Builder and the Automation Builder integrations described in this article.

Reviewing granted permissions

1 Sign in to the Microsoft Entra admin center.

2 Navigate to Entra ID > Enterprise apps > All applications.

3 Search for the monday.com application. Note that the app name may vary depending on which integration was authorized.

4 Select the application, then go to Permissions to see all consented scopes.

Revoking or restricting permissions

Your Microsoft admin can revoke consent or restrict permissions at several levels:

Revoke admin consent

Under Enterprise apps > [App] > Permissions > Admin consent tab, select the permission, click the ... menu, and choose Revoke permission. User consent can be revoked via PowerShell or the Microsoft Graph API.

Remove the enterprise application

Deleting the enterprise application entry removes all granted permissions and blocks access until monday.com is re-authorized. Use this option only if you intend to fully disconnect the integration.

Restrict which users can consent

Admins can configure whether your team members are allowed to consent to third-party apps independently or whether admin approval is required before any connection is authorized.

Controlling app access with consent policies

Microsoft Entra ID allows your admin to define consent policies that control which permissions third-party apps can request without admin approval:

Admin consent workflow

Require admin approval for apps requesting certain permissions. Your team members submit a request, and an admin approves or denies it before the connection is established.

Permission classifications

Classify permissions as "low impact" to allow self-service consent for less sensitive scopes, while requiring admin approval for higher-impact permissions.

Auditing permission grants

To review which permissions have been granted and by whom:

1 In the Entra admin center, go to Identity > Monitoring & health > Audit logs.

2 Filter by Activity type: "Consent to application" or "Add delegated permission grant."

3 Review the log entries for details on who consented and which scopes were granted.

FAQs

Why does the Outlook app registration show more permissions than I expected?

The Outlook integration currently uses a legacy Azure app registration shared across multiple use cases. Your Microsoft admin may see additional scopes that are not used by Workflow Builder or the Automation Builder. monday.com is working to migrate Outlook to a dedicated Azure app, though the timeline is not yet confirmed.

Does monday.com use application-level permissions for Microsoft integrations?

No. All permissions used by Workflow Builder and the Automation Builder are delegated permissions, which means they operate on behalf of a signed-in user and require an active user session.

Can my Microsoft admin revoke permissions without disconnecting the integration?

Yes. Your admin can revoke specific permission scopes from the Microsoft Entra admin center under Enterprise apps without removing the entire application entry. Note that revoking scopes required for an active workflow may cause that workflow to stop functioning.

Does this article cover all Microsoft integrations in monday.com?

No. This article covers only the Outlook Mail, Outlook Calendar, and Microsoft Teams integrations available through Workflow Builder and the Automation Builder. Other Microsoft integrations, including legacy Automations Center integrations and service-related flows, are not covered here and may use different permissions. Contact your account team for details on those integrations.

Where can I find the recommended Outlook or Teams integration to use in monday.com?

Use either Workflow Builder or the Automation Builder to connect Microsoft integrations. These are the current, supported connection paths. Other Outlook integrations are considered legacy and are expected to be deprecated over time.

If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.